soffice.bin crashed with SIGSEGV in ImplServerFontEntry::HandleFontOptions()

Bug #766153 reported by Alex Arkov on 2011-04-19
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libreoffice (Fedora)
Fix Released
Undecided
libreoffice (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: libreoffice

libreoffice Calc 3.3 is crashed

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: libreoffice-core 1:3.3.2-1ubuntu3
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
CrashCounter: 1
Date: Tue Apr 19 18:27:03 2011
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin -calc -splash-pipe=5
ProcEnviron:
 LANGUAGE=en_GB:en
 LANG=ru_RU.utf8
 LC_MESSAGES=en_GB.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f74404d0ada <_ZN19ImplServerFontEntry17HandleFontOptionsEv+58>: mov 0x28(%rax),%rax
 PC (0x7f74404d0ada) ok
 source "0x28(%rax)" (0x00000028) not located in a known VMA region (needed readable region)!
 destination "%rax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 ImplServerFontEntry::HandleFontOptions() () from /usr/lib/libreoffice/basis3.3/program/libvclplug_genlx.so
 X11SalGraphics::setFont(ImplFontSelectData const*, int) () from /usr/lib/libreoffice/basis3.3/program/libvclplug_genlx.so
 X11SalGraphics::SetFont(ImplFontSelectData*, int) () from /usr/lib/libreoffice/basis3.3/program/libvclplug_genlx.so
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
Title: soffice.bin crashed with SIGSEGV in ImplServerFontEntry::HandleFontOptions()
UpgradeStatus: Upgraded to natty on 2011-04-15 (3 days ago)
UserGroups: adm admin audio cdrom dialout dip fax floppy fuse lpadmin netdev plugdev sambashare tape vboxusers video

Alex Arkov (a-alark) wrote :

libreport version: 2.0.7
abrt_version: 2.0.6
backtrace_rating: 4
cmdline: /usr/lib64/libreoffice/program/soffice.bin --impress IV054/CRYPTO0901.ppt IV054/CRYPTO0902.ppt IV054/CRYPTO0903.ppt IV054/CRYPTO0904.ppt IV054/CRYPTO0905.ppt IV054/CRYPTO0906.ppt IV054/CRYPTO0907.ppt IV054/CRYPTO0908.ppt IV054/CRYPTO0909.ppt IV054/CRYPTO0910.ppt IV054/CRYPTO0911a.ppt IV054/CRYPTO0912.ppt IV054/CRYPTO0914.ppt --splash-pipe=7
comment: Specified 13 ppt files to open on the command line
crash_function: X11SalGraphics::setFont
executable: /usr/lib64/libreoffice/program/soffice.bin
kernel: 3.1.4-1.fc16.x86_64
pid: 10780
pwd: /home/mitr/rh/prednasky
reason: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time: St 7. prosinec 2011, 15:46:10 CET
uid: 1000
username: mitr

backtrace: Text file, 94296 bytes
dso_list: Text file, 22127 bytes
environ: Text file, 3181 bytes
maps: Text file, 83821 bytes

var_log_messages:
:Dec 7 15:46:10 kulicka kernel: [17401.297261] soffice.bin[10780]: segfault at 10 ip 00007f1edb47a37b sp 00007fff28162a40 error 4 in libvclplug_genlx.so[7f1edb3ee000+d6000]
:Dec 7 15:46:15 kulicka abrt[10843]: Saved core dump of pid 10780 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2011-12-07-15:46:10-10780 (275402752 bytes)

Created attachment 541989
File: dso_list

Created attachment 541990
File: environ

Created attachment 541991
File: backtrace

Created attachment 541992
File: maps

Package: libreoffice-core-3.4.4.2-3.fc16
Architecture: x86_64
OS Release: Fedora release 16 (Verne)

Comment
-----
?????????????????

If you can reproduce it, please attach a reproducer. Looks like the kind of thing that needs a good valgrinding

Created attachment 542027
The relevant files

In two tries, ooimpress didn't crash again just by running it with the above command line.

However, in both cases it crashed using this procedure:
1. Focus the main slide pane.
2. Hold down Page Down until the last slide is displayed or the program crashes
3. If it didn't crash, close the current file using Ctrl-W and go to 1.

The behavior is somewhat random (once it crashed on the first file, once it crashed on the 2nd or third), but it crashes often enough.

*** Bug 761089 has been marked as a duplicate of this bug. ***

refuses to crash for me. will try valgrind

Apparently a deleted font is getting handed back out from the font cache, annoying

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libreoffice (Ubuntu):
status: New → Confirmed

Fixed upstream by Caolán McNamara <email address hidden> with:
http://cgit.freedesktop.org/libreoffice/core/commit/?id=39cbce553da1834f78b77f48b2f1be9578d6cc05
in >=3.4.5.

Changed in libreoffice (Ubuntu):
milestone: none → ubuntu-12.04
status: Confirmed → Triaged
status: Triaged → Fix Committed

libreoffice-3.4.4.2-6.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/libreoffice-3.4.4.2-6.fc16

Package libreoffice-3.4.4.2-6.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-3.4.4.2-6.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-17186/libreoffice-3.4.4.2-6.fc16
then log in and leave karma (feedback).

libreoffice-3.4.4.2-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.

*** Bug 756107 has been marked as a duplicate of this bug. ***

fix released with 3.5.0 beta in precise.

Changed in libreoffice (Ubuntu):
status: Fix Committed → Fix Released
Changed in libreoffice (Fedora):
importance: Unknown → Undecided
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.