Ubuntu
libreoffice package

  1. Bug #854626
  2. Comment #11

Comment 11 for bug 854626

Revision history for this message
In , Michael Meeks (michael-meeks) wrote :

The code nearest to the crash, seems to have been there since 2000 ...

Program received signal SIGSEGV, Segmentation fault.
0xae62db28 in SwTxtFrm::IsLocked (this=0x0) at /data/opt/libreoffice/libreoffice-3-4/clone/writer/sw/source/core/inc/txtfrm.hxx:383
383 inline sal_Bool IsLocked() const { return bLocked; }
(gdb) bt
#0 0xae62db28 in SwTxtFrm::IsLocked (this=0x0) at /data/opt/libreoffice/libreoffice-3-4/clone/writer/sw/source/core/inc/txtfrm.hxx:383
#1 0xae65d68b in SwFtnBossFrm::RemoveFtn (this=0xac6c0168, pRef=0xac5e1b44, pAttr=0x8ae3f40, bPrep=1 '\001')
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/ftnfrm.cxx:1906
#2 0xae7a9dad in SwTxtFtn::DelFrms (this=0x8ae3f40, pSib=0xac5e1ab4)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/txtnode/atrftn.cxx:381
#3 0xae6b0ad6 in SwCntntFrm::~SwCntntFrm (this=0xac5e1ab4, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/ssfrm.cxx:492
#4 0xae78628a in SwTxtFrm::~SwTxtFrm (this=0xac5e1ab4, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/text/txtfrm.cxx:404
#5 0xae7862e5 in SwTxtFrm::~SwTxtFrm (this=0xac5e1ab4, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/text/txtfrm.cxx:408
#6 0xae6b11b3 in SwLayoutFrm::~SwLayoutFrm (this=0xac6c20c8, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/ssfrm.cxx:607
#7 0xae685ff8 in SwBodyFrm::~SwBodyFrm (this=0xac6c20c8, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/clone/writer/sw/source/core/inc/bodyfrm.hxx:37
#8 0xae686039 in SwBodyFrm::~SwBodyFrm (this=0xac6c20c8, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/clone/writer/sw/source/core/inc/bodyfrm.hxx:37
#9 0xae6b11b3 in SwLayoutFrm::~SwLayoutFrm (this=0xac6c00f0, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/ssfrm.cxx:607
#10 0xae62f590 in SwFtnBossFrm::~SwFtnBossFrm (this=0xac6c00f0, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/clone/writer/sw/source/core/inc/ftnboss.hxx:57
#11 0xae67fc06 in SwPageFrm::~SwPageFrm (this=0xac6c00f0, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/pagechg.cxx:278
#12 0xae67fc61 in SwPageFrm::~SwPageFrm (this=0xac6c00f0, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/pagechg.cxx:318
#13 0xae6b11b3 in SwLayoutFrm::~SwLayoutFrm (this=0x8b42e40, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/ssfrm.cxx:607
#14 0xae679dca in SwRootFrm::~SwRootFrm (this=0x8b42e40, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/newfrm.cxx:606
#15 0xae679e3b in SwRootFrm::~SwRootFrm (this=0x8b42e40, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/layout/newfrm.cxx:624
#16 0xae9622b5 in boost::checked_delete<SwRootFrm> (x=0x8b42e40)
    at /data/opt/libreoffice/libreoffice-3-4/solver/340/unxlngi6.pro/inc/boost/checked_delete.hpp:34
#17 0xae962e24 in boost::detail::sp_counted_impl_p<SwRootFrm>::dispose (this=0x8b42ef8)
    at /data/opt/libreoffice/libreoffice-3-4/solver/340/unxlngi6.pro/inc/boost/smart_ptr/detail/sp_counted_impl.hpp:78
#18 0xae3ef73a in boost::detail::sp_counted_base::release (this=0x8b42ef8)
    at /data/opt/libreoffice/libreoffice-3-4/solver/340/unxlngi6.pro/inc/boost/smart_ptr/detail/sp_counted_base_gcc_x86.hpp:145
#19 0xae3ef79e in boost::detail::shared_count::~shared_count (this=0x8b3fb80, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/solver/340/unxlngi6.pro/inc/boost/smart_ptr/detail/shared_count.hpp:217
#20 0xae961c12 in boost::shared_ptr<SwRootFrm>::~shared_ptr (this=0x8b3fb7c, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/solver/340/unxlngi6.pro/inc/boost/smart_ptr/shared_ptr.hpp:169
#21 0xae961941 in ViewShell::~ViewShell (this=0x8b3fb28, __in_chrg=<value optimized out>)
---Type <return> to continue, or q <return> to quit---
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/view/vnew.cxx:275
#22 0xae3fe322 in SwCrsrShell::~SwCrsrShell (this=0x8b3fb28, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/crsr/crsrsh.cxx:2600
#23 0xae5acd59 in SwEditShell::~SwEditShell (this=0x8b3fb28, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/edit/edws.cxx:66
#24 0xae600530 in SwFEShell::~SwFEShell (this=0x8b3fb28, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/core/frmedt/fews.cxx:704
#25 0xaec87482 in SwWrtShell::~SwWrtShell (this=0x8b3fb28, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/ui/wrtsh/wrtsh1.cxx:1759
#26 0xaec87513 in SwWrtShell::~SwWrtShell (this=0x8b3fb28, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/ui/wrtsh/wrtsh1.cxx:1767
#27 0xaebd2a71 in SwView::~SwView (this=0x8b57908, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/ui/uiview/view.cxx:1073
#28 0xaebd2e03 in SwView::~SwView (this=0x8b57908, __in_chrg=<value optimized out>)
    at /data/opt/libreoffice/libreoffice-3-4/sw/source/ui/uiview/view.cxx:1088
#29 0xb77f52cf in ?? () from /data/opt/TTInstall/program/../basis-link/program/libsfxli.so
#30 0xb77f5f94 in SfxViewFrame::~SfxViewFrame() () from /data/opt/TTInstall/program/../basis-link/program/libsfxli.so
#31 0xb77f60d8 in SfxViewFrame::~SfxViewFrame() () from /data/opt/TTInstall/program/../basis-link/program/libsfxli.so
#32 0xb77f5e8d in SfxViewFrame::Close() () from /data/opt/TTInstall/program/../basis-link/program/libsfxli.so
#33 0xb77dfeb2 in ?? () from /data/opt/TTInstall/program/../basis-link/program/libsfxli.so
#34 0xb77efa0f in SfxBaseController::dispose() () from /data/opt/TTInstall/program/../basis-link/program/libsfxli.so

I suppose it may be related to the re-factor of the layout fun that we merged in m104:

commit bee0ab39bd38fc866e4e7149b9ac59b6a0209b63
Author: Mathias Bauer <email address hidden>
Date: Fri Dec 17 09:02:23 2010 +0100

    CWS swlayoutrefactoring: #i115510#: first step to clean up the SwClient mess

Which at least changed FindMaster's function.

Unfortunately, reproducing it is not so easy as it was at first for me. Perhaps it relies on the layout code being in a given state when we exit.

The banal patch:

--- a/sw/source/core/layout/ftnfrm.cxx
+++ b/sw/source/core/layout/ftnfrm.cxx
@@ -1897,7 +1897,7 @@ void SwFtnBossFrm::RemoveFtn( const SwCntntFrm *pRef, const SwTxtFtn *pAttr,
         {
             OSL_ENSURE( pRef->IsTxtFrm(), "NoTxtFrm has Footnote?" );
             SwTxtFrm* pMaster = (SwTxtFrm*)pRef->FindMaster();
- if( !pMaster->IsLocked() )
+ if( pMaster && !pMaster->IsLocked() )
                 pMaster->Prepare( PREP_FTN_GONE );
         }
     }

Might fix the symptom, if not the underlying problem, but lots of other FindMaster results are used unchecked. Thoughts appreciated.