64552 – Crash when viewing an slide containing an SVG with corrupt custom animation.

Bug 64552 - Crash when viewing an slide containing an SVG with corrupt custom animation.

Summary: Crash when viewing an slide containing an SVG with corrupt custom animation.

Status:	RESOLVED DUPLICATE of bug 64512

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Impress (show other bugs)
Version: (earliest affected)	4.0.3.3 release
Hardware:	All All

Importance:	medium critical
Assignee:	Not Assigned

URL:
Whiteboard:	bibisected40older
Keywords:	haveBacktrace, regression

Depends on:
Blocks:

Reported:	2013-05-13 15:56 UTC by Paul Chvostek
Modified:	2013-05-15 09:28 UTC (History)
CC List:	2 users (show)

See Also:
Crash report or crash signature:

Attachments
sample ODP file which causes Impress to crash (105.36 KB, application/vnd.oasis.opendocument.presentation) 2013-05-13 15:56 UTC, Paul Chvostek	Details
backtrace (104.31 KB, text/plain) 2013-05-13 16:21 UTC, Jorendc	Details
Bug 64552 - WinDbg session with FAILED_SOURCE_CODE (10.33 KB, text/plain) 2013-05-14 13:07 UTC, bfoman (inactive)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Chvostek 2013-05-13 15:56:18 UTC

Created attachment 79259 [details]
sample ODP file which causes Impress to crash

When viewing Slide 2 in the attached file, LibreOffice crashes.

Slide 2 contains a pair of SVG files with custom animation attached.  When creating the slide, everything appeared to work normally; the SVG imported properly, animations were attached, and playback worked fine.

Problems began after the presentation was saved and reloaded.  Initially, problems related to bug 64512 were noticed and reported (see https://bugs.freedesktop.org/show_bug.cgi?id=64512).  I replaced the animations, saved, exited LibreOffice and reloaded, at which point the crashing started.

I've tested this in 4.0.3.3 in Mac OSX and FreeBSD.

Comment 1 Paul Chvostek 2013-05-13 16:13:11 UTC

Upon further investigation (and help from lgodard in IRC), it seems that the crash happens ONLY when the "Custom Animations" accordion tab is opened.

That is ... you can OPEN the attached sample ODP file and navigate to slide 2, but as soon as you select the "Custom Animations" pullout, LibO will crash.

This seems even more to be related to bug 64512 now.

Comment 2 Laurent Godard 2013-05-13 16:17:58 UTC

today master backtrace

(gdb) bt
#0  0x00007fffceb16323 in sd::MotionPathTag::MotionPathTag (this=0x582e4e0, rPane=..., rView=..., pEffect=
  boost::shared_ptr {_vptr.CustomAnimationEffect = 0x7fffcf42e970, mnNodeType = 1, maPresetId = "ooo-motionpath-up", maPresetSubType = "", maProperty = "", mnPresetClass = 4, mfBegin = 0, mfDuration = 2, mfAbsoluteDuration = 2, mnGroupId = -1, mnIterateType = 0, mfIterateInterval = 0, mnParaDepth = -1, mbHasText = 0 '\000', mfAcceleration = 0.5, mfDecelerate = 0.5, mbAutoReverse = 0 '\000', mnTargetSubItem = 0, mnCommand = 0, mpEffectSequence = 0x582b360, maName = "", mxNode = uno::Reference to (animcore::AnimationNode *) 0x7fffc153b3b0, mxAudio = empty uno::Reference, maTarget = empty uno::Any, mbHasAfterEffect = 0 '\000', maDimColor = empty uno::Any, mbAfterEffectOnNextEffect = false})
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/motionpathtag.cxx:369
#1  0x00007fffceafceeb in sd::updateMotionPathImpl (rPane=..., rView=..., aIter=..., aEnd=..., rOldTags=..., rNewTags=...)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/CustomAnimationPane.cxx:962
#2  0x00007fffceafd151 in sd::CustomAnimationPane::updateMotionPathTags (this=0x586d5c0)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/CustomAnimationPane.cxx:992
#3  0x00007fffceafcbd6 in sd::CustomAnimationPane::updateControls (this=0x586d5c0)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/CustomAnimationPane.cxx:931
#4  0x00007fffceb01a7d in sd::CustomAnimationPane::onChangeCurrentPage (this=0x586d5c0)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/CustomAnimationPane.cxx:1756
#5  0x00007fffceaf7bdc in sd::CustomAnimationPane::CustomAnimationPane (this=0x586d5c0, pParent=0x4eae070, rBase=..., rMinSize=Size = {...})
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/CustomAnimationPane.cxx:235
#6  0x00007fffceb054ce in sd::createCustomAnimationPanel (pParent=0x42e1d30, rBase=...)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/animations/CustomAnimationPane.cxx:2462
#7  0x00007fffced08d45 in sd::toolpanel::controls::CustomAnimationPanel::CustomAnimationPanel (this=0x4eb7800, i_rParentWindow=..., i_rPanelViewShell=...)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/toolpanel/controls/CustomAnimationPanel.cxx:42
#8  0x00007fffced091ad in sd::toolpanel::RootControlFactoryWithArg<sd::toolpanel::controls::CustomAnimationPanel, sd::toolpanel::ToolPanelViewShell>::InternalCreateControl (
    this=0x5699da0, i_rParent=...) at /home/atester/libreoffice/build/git/master/core/sd/source/ui/inc/taskpane/TaskPaneControlFactory.hxx:76
#9  0x00007fffcecf2750 in sd::toolpanel::ControlFactory::CreateControl (this=0x5699da0, i_rParent=...)
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/toolpanel/TaskPaneControlFactory.cxx:43
#10 0x00007fffced02304 in sd::toolpanel::ToolPanelViewShell::CreatePanelUIElement (this=0x430e0f0, i_rDocFrame=uno::Reference to (framework::Frame *) 0x7fffd2badc70, 
    i_rPanelResourceURL="private:resource/toolpanel/DrawingFramework/CustomAnimations")
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/toolpanel/ToolPanelViewShell.cxx:714
#11 0x00007fffcecfdb6b in sd::toolpanel::ToolPanelFactory::createUIElement (this=0x7fffd088a118, 
    i_rResourceURL="private:resource/toolpanel/DrawingFramework/CustomAnimations", i_rArgs=uno::Sequence of length 2 = {...})
    at /home/atester/libreoffice/build/git/master/core/sd/source/ui/toolpanel/ToolPanelFactory.cxx:205
#12 0x00007fffdd87303a in framework::UIElementFactoryManager::createUIElement (this=0x7fffd1c7fa90, 
    ResourceURL="private:resource/toolpanel/DrawingFramework/CustomAnimations", Args=uno::Sequence of length 2 = {...})
    at /home/atester/libreoffice/build/git/master/core/framework/source/uifactory/uielementfactorymanager.cxx:443
#13 0x00007ffff51e5b0b in sfx2::CustomToolPanel::impl_ensureToolPanelWindow (this=0x43b85a0, i_rPanelParentWindow=...)
    at /home/atester/libreoffice/build/git/master/core/sfx2/source/dialog/taskpane.cxx:370
#14 0x00007ffff51e65fd in sfx2::CustomToolPanel::Activate (this=0x43b85a0, i_rParentWindow=...)
    at /home/atester/libreoffice/build/git/master/core/sfx2/source/dialog/taskpane.cxx:420
#15 0x00007ffff46c6a91 in svt::ToolPanelDeck_Impl::ActivePanelChanged (this=0x42e1d20, i_rOldActive=boost::optional 2, i_rNewActive=boost::optional 3)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/toolpaneldeck.cxx:322
#16 0x00007ffff46b8665 in svt::PanelDeckListeners::ActivePanelChanged (this=0x4f40d28, i_rOldActive=boost::optional 2, i_rNewActive=boost::optional 3)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/paneldecklisteners.cxx:77
#17 0x00007ffff46c401e in svt::ToolPanelCollection::ActivatePanel (this=0x42e1ef0, i_rPanel=boost::optional 3)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/toolpanelcollection.cxx:87
#18 0x00007ffff46c6164 in svt::ToolPanelDeck_Impl::ActivatePanel (this=0x42e1d20, i_rPanel=boost::optional 3)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/toolpaneldeck.cxx:192
#19 0x00007ffff46c6fff in svt::ToolPanelDeck::ActivatePanel (this=0x50129a8, i_rPanel=boost::optional 3)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/toolpaneldeck.cxx:400
#20 0x00007ffff46b5b01 in svt::DrawerDeckLayouter::OnWindowEvent (this=0x4254760, i_pEvent=0x7fffffffca90)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/drawerlayouter.cxx:275
#21 0x00007ffff46b587f in svt::DrawerDeckLayouter::LinkStubOnWindowEvent (pThis=0x4254760, pCaller=0x7fffffffca90)
    at /home/atester/libreoffice/build/git/master/core/svtools/source/toolpanel/drawerlayouter.cxx:240
#22 0x00007ffff27d9d0e in Link::Call (this=0x420e8c0, pCaller=0x7fffffffca90) at /home/atester/libreoffice/build/git/master/core/include/tools/link.hxx:123
#23 0x00007ffff27f948f in VclEventListeners::Call (this=0x50c2e60, pEvent=0x7fffffffca90)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/app/vclevent.cxx:67
#24 0x00007ffff2c6c59b in Window::CallEventListeners (this=0x1413720, nEvent=1017, pData=0x7fffffffce10)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/window/window.cxx:5274
#25 0x00007ffff2c6c4fb in Window::ImplCallEventListeners (this=0x1413720, nEvent=1017, pData=0x7fffffffce10)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/window/window.cxx:5257
#26 0x00007ffff2c6b816 in Window::ImplNotifyKeyMouseCommandEventListeners (this=0x1413720, rNEvt=...)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/window/window.cxx:5038
#27 0x00007ffff2c84476 in ImplHandleMouseEvent (pWindow=0x1425fe0, nSVEvent=2, bMouseLeave=0 '\000', nX=865, nY=528, nMsgTime=19262407, nCode=1, nMode=3)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/window/winproc.cxx:809
#28 0x00007ffff2c8a2cf in ImplHandleSalMouseButtonUp (pWindow=0x1425fe0, pEvent=0x7fffffffd1a0)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/window/winproc.cxx:2076
#29 0x00007ffff2c89286 in ImplWindowFrameProc (pWindow=0x1425fe0, nEvent=4, pEvent=0x7fffffffd1a0)
    at /home/atester/libreoffice/build/git/master/core/vcl/source/window/winproc.cxx:2448
#30 0x00007fffe6d09ee5 in SalFrame::CallCallback (this=0x3f55180, nEvent=4, pEvent=0x7fffffffd1a0)
    at /home/atester/libreoffice/build/git/master/core/vcl/inc/salframe.hxx:243
#31 0x00007fffe6d065ae in GtkSalFrame::signalButton (pEvent=0x7fffd802e1c0, frame=0x3f55180)
    at /home/atester/libreoffice/build/git/master/core/vcl/unx/gtk/window/gtksalframe.cxx:2985
#32 0x00007fffe6769099 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#33 0x00007fffef1876e0 in g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#34 0x00007fffef198750 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#35 0x00007fffef1a02db in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#36 0x00007fffef1a0852 in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#37 0x00007fffe688093e in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#38 0x00007fffe6767434 in gtk_propagate_event () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#39 0x00007fffe676778b in gtk_main_do_event () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#40 0x00007fffe63d47ac in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#41 0x00007fffeeec8355 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007fffeeec8688 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007fffeeec8744 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007fffe6cdc28e in GtkData::Yield (this=0x611990, bWait=true, bHandleAllCurrentEvents=false)
    at /home/atester/libreoffice/build/git/master/core/vcl/unx/gtk/app/gtkdata.cxx:579

Comment 3 Jorendc 2013-05-13 16:21:02 UTC

I also can verify this behavior using Linux Mint 14 x64 with LibreOffice Version: 4.1.0.0.alpha1+ Build ID: e9e1d7fc4de8fc44adf35fe302c75591b3c5bc1

I'll attach my backtrace too.

Kind regards,
Joren

Comment 4 Jorendc 2013-05-13 16:21:56 UTC

Created attachment 79260 [details]
backtrace

Comment 5 Gerry 2013-05-13 19:52:52 UTC

No crash in LibreOffice Version 3.6.2.2 on Ubuntu 12.10. This bug seems to be a regression.

Comment 6 bfoman (inactive) 2013-05-14 13:07:58 UTC

Created attachment 79300 [details]
Bug 64552 - WinDbg session with FAILED_SOURCE_CODE

Confirmed with:
LO 4.0.2.2
Build ID: own W7 debug build
Windows 7 Professional SP1 64 bit

Attached full WinDbg session with FAILED_SOURCE_CODE.

Comment 7 Thorsten Behrens (allotropia) 2013-05-15 09:28:19 UTC

This is a secondary issue, the real bug is 64512.

*** This bug has been marked as a duplicate of bug 64512 ***