Bug 162935

Summary: ooimpress-creating presentation using wizard crashes in M_reclaim_block
Product: [Fedora] Fedora Reporter: Sammy <umar>
Component: openoffice.orgAssignee: Caolan McNamara <caolanm>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bkoz, jakub, zaitcev
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-14 11:44:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
got a workaround anyway
none
reproducable testcase none

Description Sammy 2005-07-11 18:25:18 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux; X11; en_US) KHTML/3.4.2 (like Gecko)

Description of problem:
If you start ooimpress and try to create a "empty presentation" using allways the defaults  
at the end when you say Create. it crashes.  
  
If you start an old presentation and choose New from the File menu and create one  
that way it works.  
 
crash log is attached. 

Version-Release number of selected component (if applicable):
openoffice.org-core-1.9.116-1.2.0.fc5

How reproducible:
Always

Steps to Reproduce:
1. start ooimpress 
2. create an empty presentation using the wizard 
3. 
   

Additional info:
Comment 1 Sammy 2005-07-11 18:29:04 UTC 
$ ooimpress

---start copy and paste here---
0x8a4c46: /usr/lib/openoffice.org2.0/program/libuno_sal.so.3 + 0x1dc46
0x8a5494: /usr/lib/openoffice.org2.0/program/libuno_sal.so.3 + 0x1e494
0x2b6420:  + 0x420 (__kernel_sigreturn + 0x0)
0x24a508c: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x3108c
0x24a50b8: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x310b8
0x24a51d2: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x311d2
0x24a5219: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x31219
0x24a523f: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x3123f
0x249d743: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x29743
0x249acad: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x26cad
0x24926ad: /usr/lib/openoffice.org2.0/program/libsdui680li.so + 0x1e6ad
0xb520ae07: /usr/lib/openoffice.org2.0/program/libsd680li.so + 0x13be07
0xb5208b1a: /usr/lib/openoffice.org2.0/program/libsd680li.so + 0x139b1a
0x3ef0bb6: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x19dbb6
0x3ef65d7: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1a35d7
(SfxShell::ExecuteSlot(SfxRequest&, SfxInterface const*) + 0x91)
0xb530fe42: /usr/lib/openoffice.org2.0/program/libsd680li.so + 0x240e42
0x5b5497a: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0x9297a
0x3dfbda6: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0xa8da6
0x3df3390: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0xa0390
0x3ef0bb6: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x19dbb6
0x3ef65d7: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1a35d7
(SfxShell::ExecuteSlot(SfxRequest&, SfxInterface const*) + 0x91)
0x3ec00fa: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x16d0fa
0x5bb685c: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xf485c
0x5bb7013: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xf5013
0x5bb760a: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xf560a
0x5af6aa7: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0x34aa7
0x8073bc4: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x2bbc4
(desktop::DispatchWatcher::executeDispatchRequests(std::vector<desktop::DispatchWatcher::DispatchRequest,
std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&) + 0xf6a)
0x806d4b9: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x254b9
(desktop::OfficeIPCThread::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&)
+ 0x123)
0x8062c3f: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x1ac3f
(desktop::Desktop::OpenDefault() + 0x25f)
0x8063cf8: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x1bcf8
(desktop::Desktop::OpenClients() + 0x43c)
0x8067b23: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x1fb23
(desktop::Desktop::OpenClients_Impl(void*) + 0x25)
0xaf3736: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x7a736
0xc6bcd3: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x1f2cd3
0x60960f4: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x1f0f4
0x60be543: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x47543
(SalDisplay::DispatchInternalEvent() + 0xad)
0x66110b7: /usr/lib/openoffice.org2.0/program/libvclplug_gtk680li.so + 0xb0b7
0x6493de0: /usr/lib/libglib-2.0.so.0 + 0x26de0
0x6491b7e: /usr/lib/libglib-2.0.so.0 + 0x24b7e (g_main_context_dispatch + 0x1dc)
0x6494b86: /usr/lib/libglib-2.0.so.0 + 0x27b86
0x6495068: /usr/lib/libglib-2.0.so.0 + 0x28068 (g_main_context_iteration + 0x66)
0x6610ce9: /usr/lib/openoffice.org2.0/program/libvclplug_gtk680li.so + 0xace9
0x60c1871: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x4a871
(X11SalInstance::Yield(unsigned char) + 0x29)
0xaf9acc: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x80acc
(Application::Yield() + 0x50)
0xaf9b0a: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x80b0a
(Application::Execute() + 0x26)
0x806790d: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x1f90d
(desktop::Desktop::Main() + 0x14a1)
0xaff201: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x86201 (SVMain()
+ 0x45)
0x80625eb: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x1a5eb (sal_main +
0x47)
0x6271f2f: /lib/libc.so.6 + 0x14f2f (__libc_start_main + 0xdf)
0x8062521: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x1a521
(Window::RequestHelp(HelpEvent const&) + 0x31)
---end copy and paste here---
paste the above into your bug report
Comment 2 Caolan McNamara 2005-07-12 07:15:08 UTC 
*** Bug 162959 has been marked as a duplicate of this bug. ***
Comment 3 Caolan McNamara 2005-07-12 13:06:07 UTC 
caolanm->jakub: it's a crash in the dtor of a vector, I'd suspect programmer
error, but for the life of me it looks like perfectly fine code. Any known
errors in libstdc++ allocators/deallocators ?

#0  0x00d98dab in __gnu_cxx::__pool<true>::_M_reclaim_block ()
   from /usr/lib/libstdc++.so.6
#1  0x02f34841 in __gnu_cxx::__mt_alloc<sd::TemplateEntry*,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true> >::deallocate
(this=0x36b4b40,
    __p=0x36b9da8, __n=2)
    at
/usr/lib/gcc/i386-redhat-linux/4.0.1/../../../../include/c++/4.0.1/ext/mt_allocator.h:746
#2  0x02f3487b in std::_Vector_base<sd::TemplateEntry*,
std::allocator<sd::TemplateEntry*> >::_M_deallocate (this=0x36b4b40,
__p=0x36b9da8, __n=2)
    at
/usr/lib/gcc/i386-redhat-linux/4.0.1/../../../../include/c++/4.0.1/bits/stl_vector.h:123
#3  0x02f348c5 in ~_Vector_base (this=0x36b4b40)
    at
/usr/lib/gcc/i386-redhat-linux/4.0.1/../../../../include/c++/4.0.1/bits/stl_vector.h:109
#4  0x02f3495f in ~vector (this=0x36b4b40)
    at
/usr/lib/gcc/i386-redhat-linux/4.0.1/../../../../include/c++/4.0.1/bits/stl_vector.h:273
#5  0x02f34985 in ~TemplateDir (this=0x36b4b38)
    at ../inc/TemplateScanner.hxx:119
#6  0x02f258ec in ~AssistentDlgImpl (this=0x2e624e8)
    at /usr/src/redhat/BUILD/SRC680_m116/sd/source/ui/dlg/dlgass.cxx:806
#7  0x02f21c80 in ~AssistentDlg (this=0x2e55768)
    at /usr/src/redhat/BUILD/SRC680_m116/sd/source/ui/dlg/dlgass.cxx:1996
#8  0x02f1872d in ~AbstractAssistentDlg_Impl (this=0x2373438)
    at /usr/src/redhat/BUILD/SRC680_m116/sd/source/ui/dlg/sddlgfact.cxx:130
#9  0xb48a159b in SdModule::Execute (this=0x2e24248, rReq=@0xbf8ce740)
    at /usr/src/redhat/BUILD/SRC680_m116/sd/source/ui/app/sdmod1.cxx:459
#10 0xb489f2ae in SfxStubSdModuleExecute (pShell=0x2e24248, rReq=@0xbf8ce740)
    at ../../../unxlngi6.pro/inc/sdslots.hxx:659
#11 0x029c4bb6 in SfxShell::CallExec (this=0x2e24248,
    pFunc=0xb489f294 <SfxStubSdModuleExecute(SfxShell*, SfxRequest&)>,
    rReq=@0xbf8ce740) at ../../inc/shell.hxx:258
#12 0x029ca5d7 in SfxShell::ExecuteSlot (this=0x2e24248, rReq=@0xbf8ce740,
    pIF=0x0)
    at /usr/src/redhat/BUILD/SRC680_m116/sfx2/source/control/shell.cxx:1231
#13 0xb49ad466 in SdUnoModule::dispatchWithNotification (this=0x2e32510,
    aURL=@0xbf8ce7b0, aArgs=@0xbf8ce808, xListener=@0x8)
    at /usr/src/redhat/BUILD/SRC680_m116/sd/source/ui/unoidl/unomodule.cxx:124
#14 0x0312197a in framework::DispatchHelper::executeDispatch (this=0x2df7940,
    xDispatchProvider=@0xbf8cebc4, sURL=@0xbf8cebc0,
    sTargetFrameName=@0xbf8cec34, nSearchFlags=0, lArguments=@0xbf8cebd0)
    at
/usr/src/redhat/BUILD/SRC680_m116/framework/source/services/dispatchhelper.cxx:232
#15 0x028cfda6 in SfxApplication::OfaExec_Impl (this=0x1880e20,
    rReq=@0xbf8cede0)
    at /usr/src/redhat/BUILD/SRC680_m116/sfx2/source/appl/appserv.cxx:1188
Comment 4 Caolan McNamara 2005-07-12 13:09:20 UTC 
valgrind

==32594==
==32594== Thread 1:
==32594== Invalid read of size 2
==32594==    at 0xB88DAB: __gnu_cxx::__pool<true>::_M_reclaim_block(char*,
unsigned) (in /usr/lib/libstdc++.so.6.0.5)
==32594==    by 0x23DAA840: __gnu_cxx::__mt_alloc<sd::TemplateEntry*,
__gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true>
>::deallocate(sd::TemplateEntry**, unsigned) (mt_allocator.h:746)
==32594==    by 0x23DAA87A: std::_Vector_base<sd::TemplateEntry*,
std::allocator<sd::TemplateEntry*> >::_M_deallocate(sd::TemplateEntry**,
unsigned) (stl_vector.h:123)
==32594==    by 0x23DAA8C4: std::_Vector_base<sd::TemplateEntry*,
std::allocator<sd::TemplateEntry*> >::~_Vector_base() (stl_vector.h:109)
==32594==    by 0x23DAA95E: std::vector<sd::TemplateEntry*,
std::allocator<sd::TemplateEntry*> >::~vector() (stl_vector.h:273)
==32594==    by 0x23DAA984: sd::TemplateDir::~TemplateDir()
(TemplateScanner.hxx:119)
==32594==    by 0x23D9B8EB: AssistentDlgImpl::~AssistentDlgImpl() (dlgass.cxx:806)
==32594==    by 0x23D97C7F: AssistentDlg::~AssistentDlg() (dlgass.cxx:1996)
==32594==    by 0x23D8E72C:
AbstractAssistentDlg_Impl::~AbstractAssistentDlg_Impl() (sddlgfact.cxx:130)
==32594==    by 0x229CB59A: SdModule::Execute(SfxRequest&) (sdmod1.cxx:459)
==32594==    by 0x229C92AD: SfxStubSdModuleExecute(SfxShell*, SfxRequest&)
(sdslots.hxx:659)
==32594==    by 0x207ABBB5: SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&),
SfxRequest&) (shell.hxx:258)
==32594==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
Comment 5 Jakub Jelinek 2005-07-12 13:15:56 UTC 
The only known bug (at least to me) of the mt allocator is a crash when
you dlclose libstdc++ and afterwards terminate some thread.  You can install
gcc-debuginfo to see where in _M_reclaim_block this is crashing.  Either it could
be a memory management bug in the application (as soon as control structures
of the allocator are overwritten, it is likely the allocator will be upset about
that), or it can be a mt allocator bug.
Comment 6 Caolan McNamara 2005-07-12 13:27:50 UTC 
Created attachment 116653 [details]
got a workaround anyway

hmm, half an half-assed workaround anyway... logically the same but doesn't
crash.

The initial vector is new'ed from a different shared lib to which it's deleted,
maybe that's relevent
Comment 7 Jakub Jelinek 2005-07-12 14:19:29 UTC 
new'ing in one DSO and deleting in another one certainly should work just fine
and I don't see how mt allocator would care about that, unless the libraries
are using a different allocator.
What library is the allocation happening in and what library frees it?
Do those libraries have any _Z*N9__gnu_cxx20__common_pool_policy* symbols
hidden via a version script?
Comment 8 Caolan McNamara 2005-07-13 19:00:39 UTC 
yeah, but without using them, or with disabling the visibility suppose it still
fails. It's a headscratcher, the only thing is that I only recently began using
the g++ stl instead of OOo's stlport copy like everyone else does. I think I'll
revert to stlport for a while and dig into this seperately from the user problem.
Comment 9 Caolan McNamara 2005-07-14 09:25:12 UTC 
Created attachment 116739 [details]
reproducable testcase

seems to be because of the visibility stuff, have a small test case attached
here.

->jakub: should my testcase run ?
Comment 10 Caolan McNamara 2005-07-14 11:44:10 UTC 
workaround in OOo 1.9.117-1, testcase submitted as
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22482 for the usual humiliation
where the obvious will be pointed out to me :-)