Created attachment 124568 [details] windbg32 backtrace Hi Steps to reproduce: 1. File> New> Presentation 2. Insert> Media> Photo Album> Add, Select one (or more) pictures then 3. Click Insert Slides 4. File Save 5. File Close => Crash Platform: windows 7/64 & Version: 5.1.2.2 Build ID: d3bf12ecb743fc0d20e0be0c58ca359301eb705f Threads CPU : 2; Version de l'OS :Windows 6.1; UI Render : par défaut; Locale : fr-FR (fr_FR) Also reproduced on windows 7/64 & Version: 5.2.0.0.alpha1 (x64) Build ID: 902b28a39528b6c92602e9b521a1d0861be1caf9 Threads CPU : 2; Version de l'OS :Windows 6.1; UI Render : par défaut; Locale : fr-FR (fr_FR) I attach windbg backtraces May be related to Bug 64654 but differences: crash does not occur on insertion of pictures but when you close the file. And It is not related to large number of images. Regards Pierre-Yves
Created attachment 124569 [details] windbg64 backtrace
Created attachment 124576 [details] typescript of run with --valgrind The following points may be of interest line what ---- ---------------------------- 124 start 330 conditional jump or move depends on uninitialized value 382 ditto 434 Syscall param writev(vector[...]) points to uninitialized byte(s) 485 Address 0x2b4d6330 is 13,840 bytes inside a block of size 16,384 alloc'd 506 Conditional jump or move depends on uninitialized value 558 ditto 610 ditto 729 Invalid read 882 ditto 1035 Jump to invalid address 0x0 1088 Process terminating. And there are, of course, warnings from soffice scattered throughout the typescript. This typescript is collected from commit 20f23c1a, pulled 2016-04-21, configured ... CC=ccache /usr/bin/gcc CXX=ccache /usr/bin/g++ --enable-option-checking=fatal --enable-dbgutil --enable-debug --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src built and running on debian-stretch.
Setting O/S = All, status = NEW, and adding whiteboard haveValgrind.
Adding keywords bisected and (even though it violates https://wiki.documentfoundation.org/QA/BugTriage#Keywords) regression. For my test, I ... (*) ran Impress from the command line just from laziness; and (*) also opened Writer document "Untitled 2" each time, because I have seen some other versions which crashed upon File > Close without a core file. Working in the 50max bibisect repository, I see from `git bisect good` (newline added) ... 248df28fabac92991af20d5a48481c54b7d134ef is the first bad commit commit 248df28fabac92991af20d5a48481c54b7d134ef Author: Matthew Francis <mjay.francis@gmail.com> Date: Wed May 27 19:46:17 2015 +0800 source-hash-070141b854c7731aa44ccf6ce446802ad8653697 commit 070141b854c7731aa44ccf6ce446802ad8653697 Author: Rishabh Kumar <kris.kr296@gmail.com> AuthorDate: Tue Feb 17 15:40:25 2015 +0530 Commit: Caolán McNamara <caolanm@redhat.com> CommitDate: Tue Mar 3 10:44:23 2015 +0000 tdf#64573: Add captions to Photo Album Creates a rectangular text area with following attributes- Color-Black Transparency-20% Alignment-Bottom Default Text-Click to add Title Change-Id: Ifb75c57fd19d41635fd4e397cbfe2b8a65975eb6 Reviewed-on: https://gerrit.libreoffice.org/14517 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com> :040000 040000 bc5523196cad20ca6e37552370eec8cab7819b5d ae7591d829cfc762aaf06204821e3868c54a4972 M opt and from `git bisect log` (newlines added) ... # bad: [dda106fd616b7c0b8dc2370f6f1184501b01a49e] source-hash-0db96caf0fcce09b87621c11b584a6d81cc7df86 # good: [5b9dd620df316345477f0b6e6c9ed8ada7b6c091] source-hash-2851ce5afd0f37764cbbc2c2a9a63c7adc844311 git bisect start 'latest' 'oldest' # good: [0c30a2c797b249d0cd804cb71554946e2276b557] source-hash-45aaec8206182c16025cbcb20651ddbdf558b95d git bisect good 0c30a2c797b249d0cd804cb71554946e2276b557 # bad: [2ce02b2ce56f12b9fcb9efbd380596975a3a5686] source-hash-17d714eef491bda2512ba8012e5b3067ca19a5be git bisect bad 2ce02b2ce56f12b9fcb9efbd380596975a3a5686 # bad: [e4deb8a42948865b7b23d447c1547033cb54535b] source-hash-ce46c98dbeb3364684843daa5b269c74fce2af64 git bisect bad e4deb8a42948865b7b23d447c1547033cb54535b # bad: [15e8b5cc6b4784fecd63b2a5a04ac086b3e9fc01] source-hash-26b500afcaed704db7a300836f466517c309ee77 git bisect bad 15e8b5cc6b4784fecd63b2a5a04ac086b3e9fc01 # bad: [534715525a93b0d7d56ba123d253c927cccf0afe] source-hash-40c9a46b78b8919aae82dd9b94774d63bb9cb4e6 git bisect bad 534715525a93b0d7d56ba123d253c927cccf0afe # good: [c255ade961c9628f72d2fbca268fdf3a4e5f60c2] source-hash-4bdbea5447f36beb9cc33df173a89a49a9918290 git bisect good c255ade961c9628f72d2fbca268fdf3a4e5f60c2 # bad: [2b4739cd51404149b1279b86643f1fee719de667] source-hash-8ee20e2691aa6f67c67d40c61a8cd1569458b5a8 git bisect bad 2b4739cd51404149b1279b86643f1fee719de667 # bad: [7718aa1e7df77b45a78cf92475ccb7d9bd45440e] source-hash-a1778a4b4551102d6319a77238196a6822b84187 git bisect bad 7718aa1e7df77b45a78cf92475ccb7d9bd45440e # bad: [9fb9ef8d466723a706bd331ba13852ef898ada45] source-hash-1855ffeb9108d443deb1d0b6806a18908a5935b1 git bisect bad 9fb9ef8d466723a706bd331ba13852ef898ada45 # bad: [7188344046be8d24264e40563cd8bce28a96130b] source-hash-2b347972fcd8317ab7596e59136e9879dda0b369 git bisect bad 7188344046be8d24264e40563cd8bce28a96130b # bad: [dea9b21aa54ead5ead74bd1e68aeeb2a200396f4] source-hash-f6977bb87a2eb962e433f85d2e317b8f932f5251 git bisect bad dea9b21aa54ead5ead74bd1e68aeeb2a200396f4 # bad: [248df28fabac92991af20d5a48481c54b7d134ef] source-hash-070141b854c7731aa44ccf6ce446802ad8653697 git bisect bad 248df28fabac92991af20d5a48481c54b7d134ef # good: [ee0e0b3903f6594df6e15e660206e0f34a5c756c] source-hash-82d573e8bf97193c032ca9631d33fa39bbd12638 git bisect good ee0e0b3903f6594df6e15e660206e0f34a5c756c # first bad commit: [248df28fabac92991af20d5a48481c54b7d134ef] source-hash-070141b854c7731aa44ccf6ce446802ad8653697
Created attachment 124580 [details] backtrace full on Linux I am adding keyword haveBacktrace. This was collected with the LibreOffice described in comment 3.
I noticed this log on console: warn:legacy.tools:14119:1:svx/source/svdraw/svdpage.cxx:335: ZObjekt already has the status Inserted. Putting a break there,, I retrieved 2 bts First one: #0 SdrObjList::NbcInsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615) at /home/julien/lo/libreoffice/svx/source/svdraw/svdpage.cxx:335 #1 0x00002aaad3c3c79a in SdPage::NbcInsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615, pReason=0x0) at /home/julien/lo/libreoffice/sd/source/core/sdpage.cxx:1648 #2 0x00002aaab0af8a9b in SdrObjList::InsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615, pReason=0x0) at /home/julien/lo/libreoffice/svx/source/svdraw/svdpage.cxx:372 #3 0x00002aaab0dc1844 in FmFormPage::InsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615, pReason=0x0) at /home/julien/lo/libreoffice/svx/source/form/fmpage.cxx:136 #4 0x00002aaad3c35ebd in SdPage::CreatePresObj (this=0x8ac0aa0, eObjKind=PRESOBJ_TITLE, bVertical=false, rRect=Rectangle = {...}) at /home/julien/lo/libreoffice/sd/source/core/sdpage.cxx:408 #5 0x00002aaaf8b850ef in sd::SdPhotoAlbumDialog::createCaption (this=0x8a92380, aPageSize=...) at /home/julien/lo/libreoffice/sd/source/ui/dlg/PhotoAlbumDialog.cxx:682 Second one: #0 SdrObjList::NbcInsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615) at /home/julien/lo/libreoffice/svx/source/svdraw/svdpage.cxx:335 #1 0x00002aaad3c3c79a in SdPage::NbcInsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615, pReason=0x0) at /home/julien/lo/libreoffice/sd/source/core/sdpage.cxx:1648 #2 0x00002aaab0af8a9b in SdrObjList::InsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615, pReason=0x0) at /home/julien/lo/libreoffice/svx/source/svdraw/svdpage.cxx:372 #3 0x00002aaab0dc1844 in FmFormPage::InsertObject (this=0x8ac0aa0, pObj=0x8ab5e10, nPos=18446744073709551615, pReason=0x0) at /home/julien/lo/libreoffice/svx/source/form/fmpage.cxx:136 #4 0x00002aaaf8b85290 in sd::SdPhotoAlbumDialog::createCaption (this=0x8a92380, aPageSize=...) at /home/julien/lo/libreoffice/sd/source/ui/dlg/PhotoAlbumDialog.cxx:689 So the problem is the same object is indeed inserted twice: 671 void SdPhotoAlbumDialog::createCaption(const awt::Size& aPageSize ) 672 { ... 682 SdrObject* pSdrObj = pSlide->CreatePresObj(PRESOBJ_TITLE,false,rRect); ... 689 pSlide->InsertObject(pSdrObj); 690 } See http://opengrok.libreoffice.org/xref/core/sd/source/ui/dlg/PhotoAlbumDialog.cxx#671
Gerrit review for master sources here: https://gerrit.libreoffice.org/#/c/24327/
*** Bug 99462 has been marked as a duplicate of this bug. ***
Julien Nabet committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=618e7622d08b20f6ea5f38144b61a187aced86af tdf#99450/tdf#99462: fix insert twice the same object in Photo album It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thank you, Julien. The crash is gone in commit 618e762, fetched 2016-04-24 12:00 UTC. I setting bug status RESOLVED FIXED, leaving it for pierre-yves to set VERIFIED when he sees good results.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-5-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2aa8be5936cab3fa2a0d895b414cd0dc9dc3f319&h=libreoffice-5-0 tdf#99450/tdf#99462: fix insert twice the same object in Photo album It will be available in 5.0.7. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ad9e36fe992868c9a5bf2b457f55b93f44843447&h=libreoffice-5-1 tdf#99450/tdf#99462: fix insert twice the same object in Photo album It will be available in 5.1.4. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-5-0-6": http://cgit.freedesktop.org/libreoffice/core/commit/?id=8dbca99ed148158924a5e4e29e43e87062f030b1&h=libreoffice-5-0-6 tdf#99450/tdf#99462: fix insert twice the same object in Photo album It will be available in 5.0.6. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Unfortunately conflichted with https://bugs.documentfoundation.org/show_bug.cgi?id=64654 where I was at fixing this, patch on gerrit (https://gerrit.libreoffice.org/#/c/24429/). It's more than the Insert, it also creates one SdrModel per inserted slide that gets not deleted, that's the reason LO permanently uses one full CPU after using the PhotoAlbum.
Hi (In reply to Commit Notification from comment #12) > Julien Nabet committed a patch related to this issue. VERIFIED on windows 7/64 & Version: 5.1.4.2 Build ID: f99d75f39f1c57ebdd7ffc5f42867c12031db97a CPU Threads: 2; OS Version: Windows 6.1; UI Render: default; Locale: fr-FR (fr_FR) Thank you :) Regards