Bug 86316 - VIEWING: crash upon zoom-out
Summary: VIEWING: crash upon zoom-out
Status: VERIFIED DUPLICATE of bug 86298
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
4.4.0.0.alpha0+ Master
Hardware: x86-64 (AMD64) Linux (All)
: high major
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisected, haveBacktrace, regression
Depends on:
Blocks:
 
Reported: 2014-11-15 18:42 UTC by Terrence Enger
Modified: 2015-12-15 11:03 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments
terminal output (1.12 KB, text/plain)
2014-11-15 18:46 UTC, Terrence Enger
Details
gdb with backtrace (8.74 KB, text/plain)
2014-11-15 18:48 UTC, Terrence Enger
Details
bt with debug symbols (4.78 KB, text/plain)
2014-11-16 12:57 UTC, Julien Nabet
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Terrence Enger 2014-11-15 18:42:49 UTC
STR

(1) Run LibreOffice with command line parameter --writer.  The program
    displays Writer window "Untitled 1".  The ruler to the left of the
    document area extends to about 17.5 cm at the bottom of the
    screen.

(2) In the zoom control in the status bar, click zoom-out three times.
    The ruler at the left of the document area extends to about 24.5
    cm at the bottom.

(3) In the zoom control in the status bar, click zoom-out.  The
    program crashes.  Last message in terminal is:
        *** Error in `/nb/downloads_libreoffice64/lo-daily_20141114/opt/program/soffice.bin': free(): invalid size: 0x00000000017d88c0 ***


Note:

(a) The crash happens with the zoom-out which would display the whole
    page in the document area.  The particular measurements in the STR
    depend of course upon my screen.

(b) If you start with zoom-in's, you need that many more zoom-out's to
    make the crash.

(c) When I edit an old .odt file, I can zoom out without problem.  If
    I save that document and reopen it, zoom-out again crashes.
    However, it is definitely not the case that that every document
    saved from daily dbgutil version 2014-05-21 is immune from a crash
    upon first open in version 2014-11-14.

(d) The soon-to-be attached terminal output and backtrace are from the
    simple steps I described above.  A longer scenario (I was *of
    course* trying to reproduce another bug report) resulted in a
    segmentation fault.

(e) I used a new user profile before starting the bibisect.  Al
    subsequent tests use that same user profile.


Working in the daily dbgutil bibisect repository, I see from `git bisect good`:

    cd6c6021225319b4d7d7b33adaa350a12a226a3b is the first bad commit
    commit cd6c6021225319b4d7d7b33adaa350a12a226a3b
    Author: Miklos Vajna <vmiklos@collabora.co.uk>
    Date:   Wed Nov 12 08:03:10 2014 +0100

        2014-11-12: source-hash-b021b5983c62e266b82d9f0c5c6d8d8900553827

    :100644 100644 328b1eedf71e385fee7a913708773dcf13c7d94f dcc75432e3974770feca197d4972b1b72338447a M	build-info.txt
    :040000 040000 117820a00fe14b46932031a958efe4cde36301fc 3e2505cab7ccb580c553376745e428764eb8ef77 M	opt
and from `git bisect log`:

    # bad: [6abb28d2f25dbbcb503e5c42fb25f2ef6701ab6c] 2014-11-15: source-hash-ef2ed50231fd946c1f374ffbce28ebb98eda56c5
    # good: [b3130c846de5cf1b4be48b48dfc780bb369549fa] 2014-05-21
    git bisect start 'origin/master' 'oldest'
    # good: [01a231ecccc1ea6df8c0232a2671315260c0155f] 2014-08-18
    git bisect good 01a231ecccc1ea6df8c0232a2671315260c0155f
    # good: [cf50d232874c65c9a0a89bf90ac77b9e72b8d57d] 2014-10-01
    git bisect good cf50d232874c65c9a0a89bf90ac77b9e72b8d57d
    # good: [2d43f54e05c1343f6c7aea15ca14caba15b77587] 2014-10-23: source-hash-72f368f6bfedb680ffcbd1c7fe28e8fc6d19ad2b
    git bisect good 2d43f54e05c1343f6c7aea15ca14caba15b77587
    # good: [55b9e9c3f5adeb3aaba6f08e7b619552c03453a0] 2014-11-03: source-hash-d9473f25380c627966b4406cc4cdfaafcf44bc37
    git bisect good 55b9e9c3f5adeb3aaba6f08e7b619552c03453a0
    # good: [fb2200d4aa0c8484adf33ed02440e09e0fe9eae8] 2014-11-09: source-hash-a305869e99a73626534a921c36eb352cd74582a5
    git bisect good fb2200d4aa0c8484adf33ed02440e09e0fe9eae8
    # bad: [cd6c6021225319b4d7d7b33adaa350a12a226a3b] 2014-11-12: source-hash-b021b5983c62e266b82d9f0c5c6d8d8900553827
    git bisect bad cd6c6021225319b4d7d7b33adaa350a12a226a3b
    # good: [bd8045be31444bcfb5dd1f005e2c4aa8f0a311be] 2014-11-11: source-hash-b7c4c78a097f76314982d8c1a9f2e58df95080a1
    git bisect good bd8045be31444bcfb5dd1f005e2c4aa8f0a311be
    # first bad commit: [cd6c6021225319b4d7d7b33adaa350a12a226a3b] 2014-11-12: source-hash-b021b5983c62e266b82d9f0c5c6d8d8900553827
Comment 1 Terrence Enger 2014-11-15 18:46:23 UTC
Created attachment 109530 [details]
terminal output

The last two lines from the program were:

warn:legacy.osl:5768:1:sw/source/core/txtnode/txtedt.cxx:718: SwScanner: EmptyString
*** Error in `/nb/downloads_libreoffice64/lo-daily_20141114/opt/program/soffice.bin': free(): invalid size: 0x00000000017d88c0 ***
Comment 2 Terrence Enger 2014-11-15 18:48:11 UTC
Created attachment 109531 [details]
gdb with backtrace
Comment 3 Terrence Enger 2014-11-15 19:57:33 UTC
The crash is also present in

    Version: 4.4.0.0.alpha2+
    Build ID: ef2ed50231fd946c1f374ffbce28ebb98eda56c5
    TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2014-11-15_01:48:42

but it seems to be absent in

    Version: 4.4.0.0.alpha2+
    Build ID: b021b5983c62e266b82d9f0c5c6d8d8900553827
    TinderBox: Win-x86@39, Branch:master, Time: 2014-11-12_01:10:08
Comment 4 Jean-Baptiste Faure 2014-11-15 20:32:42 UTC
Crash reproducible for me with my own build of Version: 4.4.0.0.alpha2+
Build ID: 6b30907a926890f835c094a5afdf4c0e6d8a1d19 under Ubuntu 14.10 x86-64.

Status set to NEW.

Best regards. JBF
Comment 5 Julien Nabet 2014-11-16 12:57:43 UTC
Created attachment 109551 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated yesterday, I could reproduce this.

I attached a bt with symbols.
Comment 6 Michael Stahl (CIB) 2014-11-19 14:37:21 UTC
was fixed by commit f857358d83e7c105271eb0e2c43f0b036f14f284

*** This bug has been marked as a duplicate of bug 86298 ***
Comment 7 Julien Nabet 2014-11-19 21:35:08 UTC
Thank you Michael!
Comment 8 Robinson Tryon (qubit) 2015-12-15 11:03:28 UTC Comment hidden (obsolete)