Ubuntu
libreoffice package

[Upstream] soffice.bin crashed with SIGSEGV in Window::GetCursor()

Bug #941033 reported by quantenemitter
36
This bug affects 4 people
Affects Status Importance Assigned to Milestone
LibreOffice
Fix Released
Critical
libreoffice (Ubuntu)
Fix Released
Medium
Björn Michaelsen

Bug Description

1) lsb_release -rd
Description: Ubuntu precise (development branch)
Release: 12.04

2) apt-cache policy libreoffice-writer
libreoffice-writer:
  Installed: 1:3.5.0-1ubuntu4
  Candidate: 1:3.5.0-1ubuntu4
  Version table:
 *** 1:3.5.0-1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status

3) What is expected to happen in a blank Writer document with View -> Toolbars -> Drawing checked is click Text icon, and create a Text box in the top right of the page (beteen the header and the body) and it does not crash.

4) What happens is it crashes consistently. A video of this may be found at: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/941033/+attachment/2788200/+files/libreoffice-crash.ogv

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: libreoffice-core 1:3.5.0-1ubuntu4
ProcVersionSignature: Ubuntu 3.2.0-17.27-generic 3.2.6
Uname: Linux 3.2.0-17-generic i686
ApportVersion: 1.93-0ubuntu2
Architecture: i386
CrashCounter: 1
Date: Sat Feb 25 14:38:00 2012
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
ExecutableTimestamp: 1330135917
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
LocalLibraries: /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libdle.so.1 /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libsx.so /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/dudenkorrektor.uno.so /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libdpf.so.2
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin --writer /home/thomas/Schule/0_Mathe/M6/6.3_Flaechen-_und_Rauminhalt/6.3.2_Volumen/Arbeitsblaetter/AB_Einheitenvergleich.odt --splash-pipe=6
ProcCwd: /home/thomas
SegvAnalysis:
 Segfault happened at: 0x1dae324 <_ZNK6Window9GetCursorEv+4>: mov 0xf4(%eax),%eax
 PC (0x01dae324) ok
 source "0xf4(%eax)" (0x408500f4) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 Window::GetCursor() const () from /usr/lib/libreoffice/program/libvcllo.so
 ?? () from /usr/lib/libreoffice/program/../program/libsvxcorelo.so
 Timer::Timeout() () from /usr/lib/libreoffice/program/libvcllo.so
 Timer::ImplTimerCallbackProc() () from /usr/lib/libreoffice/program/libvcllo.so
 ?? () from /usr/lib/libreoffice/program/libvclplug_gtklo.so
Title: soffice.bin crashed with SIGSEGV in Window::GetCursor()
UpgradeStatus: Upgraded to precise on 2012-02-23 (2 days ago)
UserGroups: adm admin audio cdrom dialout dip fax floppy fuse lp lpadmin netdev plugdev powerdev sambashare tape vboxusers video

See original description
Revision history for this message
quantenemitter (quantenemitter) wrote :
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 Window::GetCursor (this=0x40850000) at /build/buildd/libreoffice-3.5.0/vcl/source/window/window2.cxx:1698
 sdr::overlay::OverlayManagerBuffered::ImpBufferTimerHandler (this=0x90805b0) at /build/buildd/libreoffice-3.5.0/svx/source/sdr/overlay/overlaymanagerbuffered.cxx:387
 Call (pCaller=0x908081c, this=0x908082c) at /build/buildd/libreoffice-3.5.0/solver/unxlngi6.pro/inc/tools/link.hxx:140
 Timer::Timeout (this=0x908081c) at /build/buildd/libreoffice-3.5.0/vcl/source/app/timer.cxx:256
 Timer::ImplTimerCallbackProc () at /build/buildd/libreoffice-3.5.0/vcl/source/app/timer.cxx:144

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in libreoffice (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
quantenemitter (quantenemitter)
description: updated
Revision history for this message
penalvch (penalvch) wrote : Re: soffice.bin crashed with SIGSEGV in Window::GetCursor()

quantenemitter, thank you for reporting this bug and helping make Ubuntu better. Could you please provide a recording of what you did specifically that caused the crash via the package recordmydesktop?

Changed in libreoffice (Ubuntu):
status: New → Incomplete
Revision history for this message
quantenemitter (quantenemitter) wrote :

Watch the video. As soon as libreoffice disappears, it has crashed. The only thing I did was using the mouse. I din't press any key.

Revision history for this message
penalvch (penalvch) wrote :

quantenemitter, the issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at http://wiki.documentfoundation.org/BugReport . If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.

description: updated
description: updated
Changed in libreoffice (Ubuntu):
status: Incomplete → Triaged
Changed in df-libreoffice:
status: New → Incomplete
quantenemitter (quantenemitter)
description: updated
Revision history for this message
In , Quantenemitter-w (quantenemitter-w) wrote :

1) lsb_release -rd
Description: Ubuntu precise (development branch)
Release: 12.04

2) apt-cache policy libreoffice-writer
libreoffice-writer:
  Installed: 1:3.5.0-1ubuntu4
  Candidate: 1:3.5.0-1ubuntu4
  Version table:
 *** 1:3.5.0-1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status
[Comment: Build-ID: 350m1(Build:13)]

3) What is expected to happen in a blank Writer document with View -> Toolbars -> Drawing checked is click Text icon, and create a Text box in the top right of the page (beteen the header and the body) and it does not crash.

4) What happens is it crashes consistently. A video of this may be found at: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/941033/+attachment/2788200/+files/libreoffice-crash.ogv

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: libreoffice-core 1:3.5.0-1ubuntu4
ProcVersionSignature: Ubuntu 3.2.0-17.27-generic 3.2.6
Uname: Linux 3.2.0-17-generic i686
ApportVersion: 1.93-0ubuntu2
Architecture: i386
CrashCounter: 1
Date: Sat Feb 25 14:38:00 2012
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
ExecutableTimestamp: 1330135917
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
LocalLibraries: /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libdle.so.1 /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libsx.so /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/dudenkorrektor.uno.so /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libdpf.so.2
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin --writer /home/thomas/Schule/0_Mathe/M6/6.3_Flaechen-_und_Rauminhalt/6.3.2_Volumen/Arbeitsblaetter/AB_Einheitenvergleich.odt --splash-pipe=6
ProcCwd: /home/thomas
SegvAnalysis:
 Segfault happened at: 0x1dae324 <_ZNK6Window9GetCursorEv+4>: mov 0xf4(%eax),%eax
 PC (0x01dae324) ok
 source "0xf4(%eax)" (0x408500f4) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 Window::GetCursor() const () from /usr/lib/libreoffice/program/libvcllo.so
 ?? () from /usr/lib/libreoffice/program/../program/libsvxcorelo.so
 Timer::Timeout() () from /usr/lib/libreoffice/program/libvcllo.so
 Timer::ImplTimerCallbackProc() () from /usr/lib/libreoffice/program/libvcllo.so
 ?? () from /usr/lib/libreoffice/program/libvclplug_gtklo.so
Title: soffice.bin crashed with SIGSEGV in Window::GetCursor()
UpgradeStatus: Upgraded to precise on 2012-02-23 (2 days ago)
UserGroups: adm admin audio cdrom dialout dip fax floppy fuse lp lpadmin netdev plugdev powerdev sambashare tape vboxusers video

Revision history for this message
In , Quantenemitter-w (quantenemitter-w) wrote :

Also see: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/941033/

Revision history for this message
quantenemitter (quantenemitter) wrote :

Upstream bug: https://www.libreoffice.org/bugzilla/show_bug.cgi?id=46728

Changed in df-libreoffice:
importance: Undecided → Unknown
status: Incomplete → Unknown
penalvch (penalvch)
summary: - soffice.bin crashed with SIGSEGV in Window::GetCursor()
+ [Upstream] soffice.bin crashed with SIGSEGV in Window::GetCursor()
Revision history for this message
In , Dezsiszabi (dezsiszabi) wrote :

Created attachment 58205
Possible fix

Hi!

This seems to solve it, or maybe it's just less frequent...
Anyway, it is a step closer to the final solution.

made changes in svx/source/sdr/overlay/overlaymanagerbuffered.cxx in
IMPL_LINK(OverlayManagerBuffered, ImpBufferTimerHandler, AutoTimer*, /*pTimer*/)

Szabolcs

Revision history for this message
In , Caolanm (caolanm) wrote :

Created attachment 58243
valgrind log

adding a valgrind log to show that the this of the handler is deleted before the end of the method

Revision history for this message
In , Libreoffice-bugs (libreoffice-bugs) wrote :

Caolan McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=131e5d35a4edb9f8875a197e8e0382c168834f70

Resolves: fdo#46728 reference count the overlay managers

Revision history for this message
In , Libreoffice-bugs (libreoffice-bugs) wrote :

Caolan McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=badbf0c9259a6ff3928958332532c5a9ed8c5774

Related: fdo#46728 it would help to initialize the reference count I suppose

Bug Watch Updater (bug-watch-updater)
Changed in df-libreoffice:
importance: Unknown → Critical
status: Unknown → Fix Released
Revision history for this message
In , Quantenemitter-w (quantenemitter-w) wrote :

I love you, guys! :)

Revision history for this message
In , Libreoffice-bugs (libreoffice-bugs) wrote :

Caolan McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-3-5":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=849fc81ababc87ccc2a13091d3eed33b9151a845&g=libreoffice-3-5

Resolves: fdo#46728 reference count the overlay managers

It will be available in LibreOffice 3.5.2.

Revision history for this message
In , Libreoffice-bugs (libreoffice-bugs) wrote :

Caolan McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-3-5":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=a270cc4547c813ace05792d114998ee1199c30ff&g=libreoffice-3-5

Related: fdo#46728 it would help to initialize the reference count I suppose

It will be available in LibreOffice 3.5.2.

Björn Michaelsen (bjoern-michaelsen)
tags: added: fixed-in-upstream-3.5.2
Björn Michaelsen (bjoern-michaelsen)
Changed in libreoffice (Ubuntu):
assignee: nobody → Björn Michaelsen (bjoern-michaelsen)
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.