Running the slide-show; interestingly we continue to paint the (no longer visible) main-window [ which seems particularly pointless ] - but anyhow - it triggers an interesting crash: (gdb) bt #0 0x00007ffff745b187 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff745c538 in __GI_abort () at abort.c:78 #2 0x00007ffff7454126 in __assert_fail_base (fmt=0x7ffff7589858 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7fffefe24608 "mnWidth == maTexture.GetWidth() && mnHeight == maTexture.GetHeight()", file=file@entry=0x7fffefe24400 "/data/opt/libreoffice/master/vcl/opengl/salbmp.cxx", line=line@entry=552, function=function@entry=0x7fffefe25560 <OpenGLSalBitmap::ReadTexture()::__PRETTY_FUNCTION__> "bool OpenGLSalBitmap::ReadTexture()") at assert.c:92 #3 0x00007ffff74541d2 in __GI___assert_fail (assertion=0x7fffefe24608 "mnWidth == maTexture.GetWidth() && mnHeight == maTexture.GetHeight()", file=0x7fffefe24400 "/data/opt/libreoffice/master/vcl/opengl/salbmp.cxx", line=552, function=0x7fffefe25560 <OpenGLSalBitmap::ReadTexture()::__PRETTY_FUNCTION__> "bool OpenGLSalBitmap::ReadTexture()") at assert.c:101 #4 0x00007fffef5b1b68 in OpenGLSalBitmap::ReadTexture() (this=0x3029bd0) at /data/opt/libreoffice/master/vcl/opengl/salbmp.cxx:551 #5 0x00007fffef5b2bac in OpenGLSalBitmap::AcquireBuffer(BitmapAccessMode) (this=0x3029bd0, nMode=BITMAP_READ_ACCESS) at /data/opt/libreoffice/master/vcl/opengl/salbmp.cxx:754 #6 0x00007fffef5b4ab3 in SalBitmap::updateChecksum() const (this=0x3029bd0) at /data/opt/libreoffice/master/vcl/inc/salbmp.hxx:103 #7 0x00007fffef5b2a61 in OpenGLSalBitmap::updateChecksum() const (this=0x3029bd0) at /data/opt/libreoffice/master/vcl/opengl/salbmp.cxx:730 #8 0x00007fffef9d2b63 in SalBitmap::GetChecksum(unsigned long&) const (this=0x3029bd0, rChecksum=@0x7fffffffbf98: 140737213028057) at /data/opt/libreoffice/master/vcl/inc/salbmp.hxx:79 #9 0x00007fffef9d2a57 in ImpBitmap::ImplGetChecksum() const (this=0x3020ee0) at /data/opt/libreoffice/master/vcl/source/gdi/impbmp.cxx:99 #10 0x00007fffef95d167 in Bitmap::GetChecksum() const (this=0x3033880) at /data/opt/libreoffice/master/vcl/source/gdi/bitmap.cxx:293 #11 0x00007fffef96761c in BitmapEx::GetChecksum() const (this=0x3033880) at /data/opt/libreoffice/master/vcl/source/gdi/bitmapex.cxx:311 #12 0x00007fffefb4ef9d in Image::Draw(OutputDevice*, Point const&, DrawImageFlags, Size const*) (this=0x2fd2ab0, pOutDev=0x2fa62c0, rPos=Point = {...}, nStyle=DrawImageFlags::Disable, pSize=0x0) at /data/opt/libreoffice/master/vcl/source/image/Image.cxx:241 #13 0x00007fffef8fd17e in OutputDevice::DrawImage(Point const&, Size const&, Image const&, DrawImageFlags) (this=0x2fa62c0, rPos=Point = {...}, rSize=Size = {...}, rImage=..., nStyle=DrawImageFlags::Disable) at /data/opt/libreoffice/master/vcl/source/outdev/bitmap.cxx:1325 #14 0x00007fffef8fd09c in OutputDevice::DrawImage(Point const&, Image const&, DrawImageFlags) (this=0x2fa62c0, rPos=Point = {...}, rImage=..., nStyle=DrawImageFlags::Disable) at /data/opt/libreoffice/master/vcl/source/outdev/bitmap.cxx:1309 #15 0x00007fffef7709f2 in ToolBox::ImplDrawItem(OutputDevice&, unsigned short, unsigned short, bool, bool) (this=0x2fa62c0, rRenderContext=..., nPos=44, nHighlight=0, bPaint=false, bLayout=false) at /data/opt/libreoffice/master/vcl/source/window/toolbox.cxx:3211 Comparing the salbmp data to the maTexture inside that bitmap: (gdb) p maTexture $1 = (OpenGLTexture) {_vptr.OpenGLTexture = 0x7ffff04e6750 <vtable for OpenGLTexture+16>, maRect = Rectangle = {left = 0, top = 0, right = 67, bottom = 53}, mpImpl = 0x2148190, mnSlotNumber = -1} (gdb) p *this $2 = (OpenGLSalBitmap) {<SalBitmap> = {_vptr.SalBitmap = 0x7ffff04e5fb0 <vtable for OpenGLSalBitmap+16>, mnChecksum = 0, mbChecksumValid = false}, maTexture = {_vptr.OpenGLTexture = 0x7ffff04e6750 <vtable for OpenGLTexture+16>, maRect = Rectangle = {left = 0, top = 0, right = 67, bottom = 53}, mpImpl = 0x2148190, mnSlotNumber = -1}, mbDirtyTexture = false, maPalette = {mpBitmapColor = 0x0, mnCount = 0}, mpUserBuffer = std::shared_ptr (count 1, weak 0) 0x3dc2f40 "", mnBits = 24, mnBytesPerRow = 96, mnWidth = 32, mnHeight = 25, mnBufWidth = 68, mnBufHeight = 54, maPendingOps = std::__debug::deque with 0 elements} (gdb) p *maTexture->mpImpl $3 = {mnRefCount = 1, mnTexture = 174, mnWidth = 68, mnHeight = 54, mnFilter = 9728, mnOptStencil = 0, mpSlotReferences = std::unique_ptr<std::__debug::vector<int, std::allocator<int> >> containing 0x0, mnFreeSlots = -1} We get a mis-match in size which causes the readtexture to over-write its buffer and corrupt memory; nasty ...
mnBits = 24, mnBytesPerRow = 96, mnWidth = 32, mnHeight = 25, mnBufWidth = 68, mnBufHeight = 54, Seems extraordinary; investigating mnBufWidth vs. mnWidth more carefully ...
With some hardware watch-point chasing - I found the cause; in fact mnBufWidth is set initially correct and never reset. Unfortunately the OpenGLSalBitmap is subsequently scaled (either up or down) and its width is written but not the (pointless duplicate) in mnBufWidth: bool OpenGLSalBitmap::ImplScaleConvolution( ... mnWidth = nNewWidth; mnHeight = nNewHeight; Which is a downer as they say ...
*** Bug 97699 has been marked as a duplicate of this bug. ***
Michael Meeks committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=13667e6576e3e5bc5b133764f77d71cef6c4687a tdf#97700 - vcl: opengl - add asserts for horrible size mismatch. It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Meeks committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=fea95da81260bc7eabe7ece595829009b2db3e62 tdf#97700 - vcl: opengl - fix memory corrupting size mis-match. It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Fixed - back-ports for 5.1.0 RC1 in gerrit -hopefully- this nails a whole class of memory corruption problems around scaled images =) in particular images that are enlarged and then checksummed / CPU manipulated would have caused different kinds of memory corruption ...
Michael Meeks committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9c091100e2e4d604efbf5414663e8174ad18ea60&h=libreoffice-5-1 tdf#97700 - vcl: opengl - fix memory corrupting size mis-match. It will be available in 5.1.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Meeks committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=84ef3ad4b9c12ae1410a1a2f7e0557c432852675&h=libreoffice-5-1 tdf#97700 - vcl: opengl - add asserts for horrible size mismatch. It will be available in 5.1.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 98129 has been marked as a duplicate of this bug. ***