Steps to Reproduce: 1. start LibO-Dev 2. Open a help, Menu - Help - LibreOfficeDev Help F1 3. Closed LibO-Dev window 4. Crash a LibO-Dev Appear error dialog LibreofficeDev 5.0 - Fatal Error Unknown SEH Exception daily/master/Win-x86@62-merge-TDF/2015-05-13_01.52.36 Version: 5.0.0.0.alpha1+ Build ID: 5b3a30f40a7ce476922649b734f6ede1c2fdef4b TinderBox: Win-x86@62-merge-TDF, Branch:MASTER, Time: 2015-05-13_01:52:36 Locale: ja-JP (ja_JP)
Have seen the same crash today with my own build of LO 5.0.0.0.alpha1 under Ubuntu 15.04 x86-64. Best regards. JBF
Created attachment 115621 [details] bt with debug symbols On pc Debian x86-64 with master sources updated yesterday, I could reproduce this.
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff1ebbbd3 in vcl::Window::ImplGrabFocus (this=0x0, nFlags=0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/mouse.cxx:201 201 if( !mpWindowImpl || mpWindowImpl->mbInDispose ) (gdb) bt #0 0x00007ffff1ebbbd3 in vcl::Window::ImplGrabFocus (this=0x0, nFlags=0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/mouse.cxx:201 #1 0x00007ffff1f3d4d5 in vcl::Window::GrabFocus (this=0x0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/window.cxx:3140 #2 0x00007ffff1ebc7f4 in vcl::Window::ImplGrabFocus (this=0x462eb70, nFlags=0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/mouse.cxx:387 #3 0x00007ffff1f3d4d5 in vcl::Window::GrabFocus (this=0x462eb70) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/window.cxx:3140 #4 0x00007ffff1f30d41 in vcl::Window::dispose (this=0x467bb80) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/window.cxx:453 #5 0x00007ffff465c5ec in SfxHelpTextWindow_Impl::dispose() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libsfxlo.so #6 0x00007ffff2039218 in OutputDevice::disposeOnce (this=0x467bb80) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/outdev/outdev.cxx:203 #7 0x00007ffff465f79b in SfxHelpWindow_Impl::dispose() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libsfxlo.so #8 0x00007ffff2039218 in OutputDevice::disposeOnce (this=0x462eb70) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/outdev/outdev.cxx:203 #9 0x00007ffff3450dbe in VCLXWindow::dispose() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libtklo.so #10 0x00007fffd71e3315 in (anonymous namespace)::Frame::setComponent(com::sun::star::uno::Reference<com::sun::star::awt::XWindow> const&, com::sun::star::uno::Reference<com::sun::star::frame::XController> const&) () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/../program/libfwklo.so #11 0x00007fffd71e1c2d in (anonymous namespace)::Frame::close(unsigned char) () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/../program/libfwklo.so #12 0x00007fffd713758f in framework::CloseDispatcher::implts_closeFrame() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/../program/libfwklo.so #13 0x00007fffd713a79f in framework::CloseDispatcher::impl_asyncCallback(void*) () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/../program/libfwklo.so #14 0x00007ffff1df3e6f in Link<void*, long>::Call (this=0x44c8038, data=0x0) at /home/philippe/src/git-repo/libreoffice/core/include/tools/link.hxx:126 #15 0x00007ffff2255e12 in vcl::EventPoster::DoEvent_Impl (this=0x44c8030, pEvent=0x0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/helper/evntpost.cxx:53 #16 0x00007ffff2255ddd in vcl::EventPoster::LinkStubDoEvent_Impl (instance=0x44c8030, data=0x0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/helper/evntpost.cxx:49 #17 0x00007ffff1df3e6f in Link<void*, long>::Call (this=0x42c9800, data=0x0) at /home/philippe/src/git-repo/libreoffice/core/include/tools/link.hxx:126 #18 0x00007ffff1f4e588 in ImplHandleUserEvent (pSVEvent=0x4028210) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/winproc.cxx:2030 #19 0x00007ffff1f4fac4 in ImplWindowFrameProc (_pWindow=0x3bfd860, nEvent=22, pEvent=0x4028210) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/winproc.cxx:2586 #20 0x00007ffff231bfa6 in SalFrame::CallCallback (this=0x3bfe170, nEvent=22, pEvent=0x4028210) at /home/philippe/src/git-repo/libreoffice/core/vcl/inc/salframe.hxx:244 #21 0x00007ffff231bc5d in SalGenericDisplay::DispatchInternalEvent (this=0xfb04a0) at /home/philippe/src/git-repo/libreoffice/core/vcl/generic/app/gendisp.cxx:90 #22 0x00007fffe3556b2d in GtkData::userEventFn (data=0x607290) at /home/philippe/src/git-repo/libreoffice/core/vcl/unx/gtk/app/gtkdata.cxx:945 #23 0x00007fffe3556b86 in call_userEventFn (data=0x607290) at /home/philippe/src/git-repo/libreoffice/core/vcl/unx/gtk/app/gtkdata.cxx:955 #24 0x00007fffe2dd1ce5 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #25 0x00007fffe2dd2048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #26 0x00007fffe2dd20ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #27 0x00007fffe35559eb in GtkData::Yield (this=0x607290, bWait=true, bHandleAllCurrentEvents=false) at /home/philippe/src/git-repo/libreoffice/core/vcl/unx/gtk/app/gtkdata.cxx:580 #28 0x00007fffe3558716 in GtkInstance::Yield (this=0x607200, bWait=true, bHandleAllCurrentEvents=false) at /home/philippe/src/git-repo/libreoffice/core/vcl/unx/gtk/app/gtkinst.cxx:394 #29 0x00007ffff227e34e in ImplYield (i_bWait=true, i_bAllEvents=false) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/app/svapp.cxx:353 #30 0x00007ffff227ad15 in Application::Yield () at /home/philippe/src/git-repo/libreoffice/core/vcl/source/app/svapp.cxx:382 #31 0x00007ffff227acc3 in Application::Execute () at /home/philippe/src/git-repo/libreoffice/core/vcl/source/app/svapp.cxx:336 #32 0x00007ffff78cb559 in desktop::Desktop::Main() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libsofficeapp.so
*** Bug 91308 has been marked as a duplicate of this bug. ***
Preceding all ptr->GrabFocus() by if (ptr) "improves" the situation soffice.bin: /home/philippe/src/git-repo/libreoffice/core/include/vcl/outdev.hxx:283: void OutputDevice::release() const: Assertion `mnRefCnt>0' failed. #3 0x00007ffff7512c32 in __GI___assert_fail (assertion=0x7ffff2461aac "mnRefCnt>0", file=0x7ffff2461a68 "/home/philippe/src/git-repo/libreoffice/core/include/vcl/outdev.hxx", line=283, function=0x7ffff2462f60 <OutputDevice::release() const::__PRETTY_FUNCTION__> "void OutputDevice::release() const") at assert.c:101 #4 0x00007ffff1dde756 in OutputDevice::release (this=0x3bc26e0) at /home/philippe/src/git-repo/libreoffice/core/include/vcl/outdev.hxx:283 #5 0x00007ffff1dded7d in rtl::Reference<vcl::Window>::~Reference (this=0x3bc31e8, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/include/rtl/ref.hxx:81 #6 0x00007ffff1dde972 in VclPtr<vcl::Window>::~VclPtr (this=0x3bc31e8, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/include/vcl/vclptr.hxx:83 #7 0x00007ffff1e16977 in VclBuilder::~VclBuilder (this=0x3bc3140, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/builder.cxx:526 #8 0x00007ffff1e5b030 in VclBuilderContainer::~VclBuilderContainer (this=0x3bc2900, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/dialog.cxx:1132 #9 0x00007ffff464c175 in SfxHelpIndexWindow_Impl::~SfxHelpIndexWindow_Impl() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libsfxlo.so #10 0x00007ffff464c269 in SfxHelpIndexWindow_Impl::~SfxHelpIndexWindow_Impl() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libsfxlo.so #11 0x00007ffff1dde795 in OutputDevice::release (this=0x3bc26e0) at /home/philippe/src/git-repo/libreoffice/core/include/vcl/outdev.hxx:285 #12 0x00007ffff1dded7d in rtl::Reference<vcl::Window>::~Reference (this=0x42e4200, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/include/rtl/ref.hxx:81 #13 0x00007ffff1dde972 in VclPtr<vcl::Window>::~VclPtr (this=0x42e4200, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/include/vcl/vclptr.hxx:83 #14 0x00007ffff1eec7c0 in ImplSplitItem::~ImplSplitItem (this=0x42e4198, __in_chrg=<optimized out>) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/splitwin.cxx:41 #15 0x00007ffff1ee1711 in ImplDeleteSet (pSet=0x42d7d90) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/splitwin.cxx:398 #16 0x00007ffff1ee1659 in ImplDeleteSet (pSet=0x3b9e0c0) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/splitwin.cxx:389 #17 0x00007ffff1ee5785 in SplitWindow::dispose (this=0x3bc1b30) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/window/splitwin.cxx:1360 #18 0x00007ffff2039218 in OutputDevice::disposeOnce (this=0x3bc1b30) at /home/philippe/src/git-repo/libreoffice/core/vcl/source/outdev/outdev.cxx:203 #19 0x00007ffff3450dbe in VCLXWindow::dispose() () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/libtklo.so #20 0x00007fffd71e3315 in (anonymous namespace)::Frame::setComponent(com::sun::star::uno::Reference<com::sun::star::awt::XWindow> const&, com::sun::star::uno::Reference<com::sun::star::frame::XController> const&) () from /home/philippe/src/git-repo/libreoffice/core/instdir/program/../program/libfwklo.so
Michael Meeks committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=a76dcdfaa6c6d2b1d73fb1c96fe38dd7e452f48a tdf#91259 - fix help browser focus issue post dispose. It will be available in 5.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
An ill-advised memcpy in SplitWin appears to clobbers things and bust the reference counting - or at least makes it too hard to track; will re-work that to a vector or somewhat and re-run the analytics =) ImplSplitItem* pNewItems = new ImplSplitItem[pSet->mnItems+1]; if ( nPos ) memcpy( pNewItems, pSet->mpItems, sizeof( ImplSplitItem )*nPos ); if ( nPos < pSet->mnItems ) memcpy( pNewItems+nPos+1, pSet->mpItems+nPos, sizeof( ImplSplitItem )*(pSet->mnItems-nPos) );
Mmeeks, should be fixed by https://gerrit.libreoffice.org/15756
Philippe Jung committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=91b181467f8fe5f7bf325e3bb82aead7eadc6ad9 tdf#91259 Crash when closing Help It will be available in 5.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
With Michael patch + my patch, the help no longer crash on my recent build. To be verified. I mark this resolved, fixed
Verified fixed in Version: 5.0.0.0.alpha1+ Build ID: e1f576d9c83f239e1c05ebcd04fa97038942e4d5 built at home under Ubuntu 15.04 x86-64 Thank you very much. Best regards. JBF
Michael Meeks committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=60fb87cf6cfcbdb1a7ece00e8a2e9d1112903ed0 Revert "tdf#91259 Crash when closing Help" It will be available in 5.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
(In reply to Commit Notification from comment #12) > Michael Meeks committed a patch related to this issue. > It has been pushed to "master": > > http://cgit.freedesktop.org/libreoffice/core/commit/ > ?id=60fb87cf6cfcbdb1a7ece00e8a2e9d1112903ed0 > > Revert "tdf#91259 Crash when closing Help" The crash is back for Version: 5.0.0.0.alpha1+ Build ID: 530ebcac2d8c7d32165a439d9779fec2a24c7ae6 Is it linked to this commit revert? Best regards. JBF
Philippe Jung committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9451097a9d20f8a522d587271d57efee1fc5566d tdf#91259 Crash when closing Help It will be available in 5.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Yep - related to the revert I expect =) re-closing.
(In reply to Michael Meeks from comment #15) > Yep - related to the revert I expect =) re-closing. Thank you. Re-verified :-) Best regards. JBF
Cannot reproduce with Version: 5.0.0.0.alpha1+ / Windows7(x64) daily/master/Win-x86@62-merge-TDF/2015-05-20_09.42.31 Version: 5.0.0.0.alpha1+ Build ID: 55828bef6926a0eec446ca0b8503f656cc5c4a7f TinderBox: Win-x86@62-merge-TDF, Branch:MASTER, Time: 2015-05-20_09:42:31 Locale: ja-JP (ja_JP) Thanks for fixing this.