Bug 86552 - Segmentation fault when I press Ctrl-Z
Summary: Segmentation fault when I press Ctrl-Z
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: BASIC (show other bugs)
Version:
(earliest affected)
4.4.0.0.beta1
Hardware: x86-64 (AMD64) Linux (All)
: highest critical
Assignee: Caolán McNamara
QA Contact:
URL:
Whiteboard: target:4.5.0 target:4.4.0.2
Keywords: bisected, regression
Depends on:
Blocks: mab4.4
  Show dependency treegraph
 
Reported: 2014-11-22 02:48 UTC by TANAKA Hidemune
Modified: 2015-12-16 01:32 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description TANAKA Hidemune 2014-11-22 02:48:01 UTC
In the macro editor of Draw
Ctrl-A, Ctrl-X, Ctrl-Z
It was segmentation fault occurs After running the above.


[My Macros & Dialogs] standard
Module1
Ctrl-A,Ctrl-X,Ctrl-Z

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff10c669d in rtl::OUString::isEmpty (this=0x7fffd826d840) at /home/buildslave/source/libo-core/include/rtl/ustring.hxx:406
406	/home/buildslave/source/libo-core/include/rtl/ustring.hxx: No such file or directory.
(gdb) bt
#0  0x00007ffff10c669d in rtl::OUString::isEmpty (this=0x7fffd826d840) at /home/buildslave/source/libo-core/include/rtl/ustring.hxx:406
#1  0x00007ffff1366285 in TextEngine::ImpGetRightToLeft (this=0x7fffd825c650, nPara=3, nPos=177, pStart=0x0, pEnd=0x0)
    at /home/buildslave/source/libo-core/vcl/source/edit/texteng.cxx:2968
#2  0x00007ffff1363370 in TextEngine::CreateLines (this=0x7fffd825c650, nPara=3)
    at /home/buildslave/source/libo-core/vcl/source/edit/texteng.cxx:2293
#3  0x00007ffff135f8f5 in TextEngine::FormatDoc (this=0x7fffd825c650) at /home/buildslave/source/libo-core/vcl/source/edit/texteng.cxx:1568
#4  0x00007ffff135f26b in TextEngine::FormatAndUpdate (this=0x7fffd825c650, pCurView=0x7fffd8333ac0)
    at /home/buildslave/source/libo-core/vcl/source/edit/texteng.cxx:1467
#5  0x00007ffff1374544 in TextUndoManager::UndoRedoEnd (this=0x3d16ff0) at /home/buildslave/source/libo-core/vcl/source/edit/textundo.cxx:124
#6  0x00007ffff137439a in TextUndoManager::Undo (this=0x3d16ff0) at /home/buildslave/source/libo-core/vcl/source/edit/textundo.cxx:87
#7  0x00007ffff45c29e9 in SfxViewFrame::ExecHistory_Impl (this=0x7fffd82700b0, rReq=...)
    at /home/buildslave/source/libo-core/sfx2/source/view/viewfrm.cxx:945
#8  0x00007ffff45be41d in SfxStubSfxViewFrameExecHistory_Impl (pShell=0x7fffd82700b0, rReq=...)
    at /home/buildslave/tinderboxbuild/workdir/SdiTarget/sfx2/sdi/sfxslots.hxx:688
#9  0x00007ffff42794aa in SfxShell::CallExec (this=0x7fffd82700b0, 
    pFunc=0x7ffff45be3fa <SfxStubSfxViewFrameExecHistory_Impl(SfxShell*, SfxRequest&)>, rReq=...)
    at /home/buildslave/source/libo-core/include/sfx2/shell.hxx:209
#10 0x00007ffff42a09f5 in SfxShell::ExecuteSlot (this=0x7fffd82700b0, rReq=..., pIF=0x3bc3fa0)
    at /home/buildslave/source/libo-core/sfx2/source/control/shell.cxx:453
#11 0x00007fffc5a7740e in basctl::Shell::ExecuteCurrent (this=0x7fffd82781c0, rReq=...)
    at /home/buildslave/source/libo-core/basctl/source/basicide/basides1.cxx:193
#12 0x00007fffc5a84261 in SfxStubbasctl_ShellExecuteCurrent (pShell=0x7fffd82781c0, rReq=...)
    at /home/buildslave/tinderboxbuild/workdir/SdiTarget/basctl/sdi/basslots.hxx:153
#13 0x00007ffff42794aa in SfxShell::CallExec (this=0x7fffd82781c0, 
    pFunc=0x7fffc5a8423e <SfxStubbasctl_ShellExecuteCurrent(SfxShell*, SfxRequest&)>, rReq=...)
    at /home/buildslave/source/libo-core/include/sfx2/shell.hxx:209
#14 0x00007ffff4270bf7 in SfxDispatcher::Call_Impl (this=0x7fffd826f180, rShell=..., rSlot=..., rReq=..., bRecord=true)
    at /home/buildslave/source/libo-core/sfx2/source/control/dispatch.cxx:260
#15 0x00007ffff4273a95 in SfxDispatcher::_Execute (this=0x7fffd826f180, rShell=..., rSlot=..., rReq=..., eCallMode=RECORD)
    at /home/buildslave/source/libo-core/sfx2/source/control/dispatch.cxx:862
#16 0x00007ffff42609d2 in SfxBindings::Execute_Impl (this=0x7fffd82705e0, aReq=..., pSlot=0x7fffc5e23f30, pShell=0x7fffd82781c0)
    at /home/buildslave/source/libo-core/sfx2/source/control/bindings.cxx:1204
#17 0x00007ffff42de1b3 in SfxDispatchController_Impl::dispatch (this=0x3ff2f00, aURL=..., aArgs=..., rListener=...)
    at /home/buildslave/source/libo-core/sfx2/source/control/unoctitm.cxx:851
#18 0x00007ffff42dbf05 in SfxOfficeDispatch::dispatch (this=0x7fffc5e48908, aURL=..., aArgs=...)
    at /home/buildslave/source/libo-core/sfx2/source/control/unoctitm.cxx:365
#19 0x00007ffff348e1f7 in svt::AsyncAccelExec::impl_ts_asyncCallback (this=0x3fe81b0)
---Type <return> to continue, or q <return> to quit---
    at /home/buildslave/source/libo-core/svtools/source/misc/acceleratorexecute.cxx:475
#20 0x00007ffff348e17f in svt::AsyncAccelExec::LinkStubimpl_ts_asyncCallback (pThis=0x3fe81b0, pCaller=0x0)
    at /home/buildslave/source/libo-core/svtools/source/misc/acceleratorexecute.cxx:468
#21 0x00007ffff10cbfd2 in Link::Call (this=0x3fe81b8, pCaller=0x0) at /home/buildslave/source/libo-core/include/tools/link.hxx:139
#22 0x00007ffff1608aab in vcl::EventPoster::DoEvent_Impl (this=0x3fe81b0, pEvent=0x0)
    at /home/buildslave/source/libo-core/vcl/source/helper/evntpost.cxx:53
#23 0x00007ffff1608a67 in vcl::EventPoster::LinkStubDoEvent_Impl (pThis=0x3fe81b0, pCaller=0x0)
    at /home/buildslave/source/libo-core/vcl/source/helper/evntpost.cxx:49
#24 0x00007ffff10cbfd2 in Link::Call (this=0x4739a20, pCaller=0x0) at /home/buildslave/source/libo-core/include/tools/link.hxx:139
#25 0x00007ffff1268f80 in ImplHandleUserEvent (pSVEvent=0x46ef6c0) at /home/buildslave/source/libo-core/vcl/source/window/winproc.cxx:1920
#26 0x00007ffff126a42b in ImplWindowFrameProc (pWindow=0x3bc6300, nEvent=22, pEvent=0x46ef6c0)
    at /home/buildslave/source/libo-core/vcl/source/window/winproc.cxx:2491
#27 0x00007ffff16f1a3d in SalFrame::CallCallback (this=0x3bc6c70, nEvent=22, pEvent=0x46ef6c0)
    at /home/buildslave/source/libo-core/vcl/inc/salframe.hxx:242
#28 0x00007ffff16f1572 in SalGenericDisplay::DispatchInternalEvent (this=0xf6b2f0)
    at /home/buildslave/source/libo-core/vcl/generic/app/gendisp.cxx:90
#29 0x00007fffe3f44a0d in GtkData::userEventFn (data=0x618bb0) at /home/buildslave/source/libo-core/vcl/unx/gtk/app/gtkdata.cxx:935
#30 0x00007fffe3f44a68 in call_userEventFn (data=0x618bb0) at /home/buildslave/source/libo-core/vcl/unx/gtk/app/gtkdata.cxx:945
#31 0x00007fffeca01355 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#32 0x00007fffeca01688 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#33 0x00007fffeca01744 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#34 0x00007fffe3f43997 in GtkData::Yield (this=0x618bb0, bWait=true, bHandleAllCurrentEvents=false)
    at /home/buildslave/source/libo-core/vcl/unx/gtk/app/gtkdata.cxx:575
#35 0x00007fffe3f478bc in GtkInstance::Yield (this=0x618b00, bWait=true, bHandleAllCurrentEvents=false)
    at /home/buildslave/source/libo-core/vcl/unx/gtk/app/gtkinst.cxx:420
#36 0x00007ffff163c01e in ImplYield (i_bWait=true, i_bAllEvents=false) at /home/buildslave/source/libo-core/vcl/source/app/svapp.cxx:360
#37 0x00007ffff1638a73 in Application::Yield () at /home/buildslave/source/libo-core/vcl/source/app/svapp.cxx:392
#38 0x00007ffff1638a21 in Application::Execute () at /home/buildslave/source/libo-core/vcl/source/app/svapp.cxx:341
#39 0x00007ffff785bfc4 in desktop::Desktop::Main (this=0x7fffffffdfe0) at /home/buildslave/source/libo-core/desktop/source/app/app.cxx:1638
#40 0x00007ffff164015a in ImplSVMain () at /home/buildslave/source/libo-core/vcl/source/app/svmain.cxx:160
#41 0x00007ffff1640250 in SVMain () at /home/buildslave/source/libo-core/vcl/source/app/svmain.cxx:193
#42 0x00007ffff789ff6d in soffice_main () at /home/buildslave/source/libo-core/desktop/source/app/sofficemain.cxx:93
#43 0x00000000004009b7 in sal_main () at /home/buildslave/source/libo-core/desktop/source/app/main.c:48
#44 0x000000000040099d in main (argc=1, argv=0x7fffffffe2c8) at /home/buildslave/source/libo-core/desktop/source/app/main.c:47
(gdb)
Comment 1 Naruhiko Ogasawara 2014-11-22 03:07:59 UTC
I can reproduce that bug with Version: 4.4.0.0.beta1 Build ID: 9af3d21234aa89dac653c0bd76648188cdeb683e.
But I can't see this issue with Version: 4.4.0.0.alpha1+ Build ID: b800d0b6ad74ce4a9adb23b865dd174d1eefa47b (latest of 44alpha2only bibisect repo).
Comment 2 Robinson Tryon (qubit) 2014-11-23 12:06:51 UTC
(In reply to TANAKA Hidemune from comment #0)
> In the macro editor of Draw
> Ctrl-A, Ctrl-X, Ctrl-Z
> It was segmentation fault occurs After running the above.

CONFIRMED with LO 4.4.0.0.beta1 + Ubuntu 14.04

Just
1) Open a new Draw document
2) Tools -> Macros -> Organize Macros -> LibreOffice Basic
3) Click 'Edit' button
4) Ctrl-A, Ctrl-X, Ctrl-Z

And Boom! LibreOffice crashes.

Status -> NEW
I'll prioritize that as High/Critical, as it crashes consistently, but Macro editing isn't a very common activity for users.

> But I can't see this issue with Version: 4.4.0.0.alpha1+ Build ID:
> b800d0b6ad74ce4a9adb23b865dd174d1eefa47b (latest of 44alpha2only bibisect
> repo).

Hmm, so probably a regression. We'll be updating the bibisect repository to include the period from the alpha1 - beta1 very shortly.
Comment 3 Robinson Tryon (qubit) 2014-11-23 12:10:59 UTC
(In reply to Robinson Tryon (qubit) from comment #2)
> > But I can't see this issue with Version: 4.4.0.0.alpha1+ Build ID:
> > b800d0b6ad74ce4a9adb23b865dd174d1eefa47b (latest of 44alpha2only bibisect
> > repo).
> 
> Hmm, so probably a regression. We'll be updating the bibisect repository to
> include the period from the alpha1 - beta1 very shortly.

NOREPRO with 4.4.0.0.alpha2 + Ubuntu 14.04, so definitely a regression.
Comment 4 Robinson Tryon (qubit) 2014-11-23 12:15:23 UTC
(In reply to Robinson Tryon (qubit) from comment #2)
> Just
> 1) Open a new Draw document
> 2) Tools -> Macros -> Organize Macros -> LibreOffice Basic
> 3) Click 'Edit' button
> 4) Ctrl-A, Ctrl-X, Ctrl-Z
> 
> And Boom! LibreOffice crashes.

Same crashing behavior when editing Macros in Writer (and probably other Components).
Comment 5 Robinson Tryon (qubit) 2014-11-27 16:02:35 UTC
(Use correct version in Version Field)
Comment 6 Matthew Francis 2014-11-28 09:26:02 UTC
Git bisect points at this commit:

commit 63d8977f9fb0618d36dc8e0ee2f8068b1af92fe6
Author: Michaël Lefèvre <lefevre00@yahoo.fr>
Date:   Sat Nov 15 11:41:49 2014 +0100

    fdo#75757 remove inheritance from std::vector
    
    For TextDoc, also removing ToolsList



Also setting component to BASIC as this isn't related to drawing - the BASIC IDE behaves the same wherever it's opened from
Comment 7 Luke 2014-12-16 05:25:45 UTC
Michaël Lefèvre
Could you please look into this regression? Thanks!
Comment 8 Michaël Lefèvre 2014-12-17 21:20:47 UTC
(In reply to Luke from comment #7)
> Michaël Lefèvre
> Could you please look into this regression? Thanks!

Yes I will, but not before december 20th.
You could revert my commit if we need to fix it ASAP. It's just code cleaning, not really a feature.
Comment 9 Björn Michaelsen 2014-12-18 10:22:04 UTC
(This is an automated message.)

Setting priority to highest as this is a MAB. This is part of an effort to make the importance of MAB reflected in priority too.
Comment 10 Caolán McNamara 2014-12-18 17:39:12 UTC
it'll be this problem here

TextNode*           GetNode(sal_uInt16 pos)       { return &maTextNodes[pos]; }

where that returned Node belongs to maTextNodes and will be deleted along with it, but the undo code tries to get maTextNodes to *release* that node and pass ownership to it and will manage it itself, which can't work the way the code is right now.
Comment 11 Commit Notification 2014-12-19 09:49:30 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=68d87e98951ae3ed5f7b863954667bfdd9805985

Resolves: fdo#86552 undo want to take ownership of nodes, but can't

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 12 Commit Notification 2014-12-19 09:50:52 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-4-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d584db0f8972fe7d4593b3f1538a967798e0f0d5&h=libreoffice-4-4

Resolves: fdo#86552 undo want to take ownership of nodes, but can't

It will be available in 4.4.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 13 Robinson Tryon (qubit) 2015-12-15 22:34:10 UTC
Migrating Whiteboard tags to Keywords: (regression)
[NinjaEdit]