Bug 198603

Summary: OpeOffice.org crashes: use of C-Style casts in C++ on multiple-inherited objects
Product: [Fedora] Fedora Reporter: Simon Meaden <simonmeaden>
Component: gccAssignee: Jakub Jelinek <jakub>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: caolanm, jakub
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-12 14:01:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
simple testcase none

Description Simon Meaden 2006-07-12 08:59:07 UTC 
I reported this to the openoffice issue tracker as Issue 67224 and they said to
pass it on to you.

When saving an empty Draw file to Star Office Draw (version 3,4 & 5) OO crashes
with the following report. Probably not of major importance as few will be
saving to these formats.

Regards
Simon Meaden

REPORT:

Video Driver is probably: radeon
Desktop is: GNOME
libgcj version is: libgcj-4.1.1-1.fc5
kernel is: Linux 2.6.17-1.2145_FC5smp #1 SMP Sat Jul 1 13:19:14 EDT 2006 i686
i686 i386
OpenOffice.org core rpm version is: openoffice.org-core-2.0.2-5.16.2
accessibility is: false
...start sestatus details ...
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 20
Policy from config file:        targeted
...end sestatus details ...
0x445e2660: /usr/lib/openoffice.org2.0/program/libuno_sal.so.3 + 0x1e660
0x445e2ea0: /usr/lib/openoffice.org2.0/program/libuno_sal.so.3 + 0x1eea0
0x43ed0420:  + 0x420 (__kernel_sigreturn + 0x0)
0x1717fd7: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x8cfd7
0x1715395: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x8a395
0x1716b5c: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x8bb5c
0x1719223: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x8e223
0x171709c: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x8c09c
0x17172be: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x8c2be
0x44eb77b2: /usr/lib/openoffice.org2.0/program/libsvl680li.so + 0x747b2
(SfxItemSet::Put(SfxPoolItem const&, unsigned short) + 0x19c)
0x17007ec: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0x757ec
0x174bc34: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0xc0c34
0x447efe30: /usr/lib/openoffice.org2.0/program/libcomphelp4gcc3.so + 0x77e30
(comphelper::PropertySetHelper::setPropertyValue(rtl::OUString const&,
com::sun::star::uno::Any const&) + 0x62)
0x174a19d: /usr/lib/openoffice.org2.0/program/libbf_sd680li.so + 0xbf19d
0x203b29a: /usr/lib/openoffice.org2.0/program/libbf_xo680li.so + 0x21b29a
(binfilter::SdXMLImport::SetConfigurationSettings(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) + 0xf6)
0x1f7cc99: /usr/lib/openoffice.org2.0/program/libbf_xo680li.so + 0x15cc99
(binfilter::XMLDocumentSettingsContext::EndElement() + 0x139)
0x1f71b32: /usr/lib/openoffice.org2.0/program/libbf_xo680li.so + 0x151b32
(binfilter::SvXMLImport::endElement(rtl::OUString const&) + 0x3e)
0x717c5ae: /usr/lib/openoffice.org2.0/program/libxof680li.so + 0x2b5ae
0x7179ea0: /usr/lib/openoffice.org2.0/program/libxof680li.so + 0x28ea0
0x44f57031: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x61031
(SvXMLExport::EndElement(rtl::OUString const&, unsigned char) + 0x55)
0x44f57105: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x61105
(SvXMLElementExport::~SvXMLElementExport() + 0x2f)
0x44f58069: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x62069
0x44f5cc9c: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x66c9c
(SvXMLExport::exportDoc(xmloff::token::XMLTokenEnum) + 0x6f4)
0x44f56829: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x60829
(SvXMLExport::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) + 0xc1)
0x242ebfb: /usr/lib/openoffice.org2.0/program/libbf_migratefilter680li.so +
0x8bfb
(binfilter::bf_MigrateFilter::exportImpl(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) + 0x7d1)
0x242f1de: /usr/lib/openoffice.org2.0/program/libbf_migratefilter680li.so +
0x91de
(binfilter::bf_MigrateFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) + 0xb6)
0x45bac714: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x133714
(SfxObjectShell::ExportTo(SfxMedium&) + 0x59c)
0x45bad60a: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x13460a
0x45baddb9: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x134db9
0x45bae2d7: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1352d7
0x45bb6626: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x13d626
0x45bd3d27: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x15ad27
0x45bd6e18: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x15de18
(SfxBaseModel::storeAsURL(rtl::OUString const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) + 0xc0)
0x45bead73: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x171d73
0x45bb4d83: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x13bd83
0x45bb6316: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x13d316
0x45c27cfc: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1aecfc
0x45c26969: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1ad969
0x45c26cc7: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1adcc7
(SfxDispatcher::_Execute(SfxShell&, SfxSlot const&, SfxRequest&, unsigned short)
+ 0x12f)
0x45c2e8c4: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1b58c4
0x45c1d442: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1a4442
0x45c1dea7: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x1a4ea7
0x461274f5: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xb64f5
0x46127580: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xb6580
0x44c5c316: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x83316
0x44d63b2e: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x18ab2e
(Menu::Select() + 0x3e)
0x44d5f93f: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x18693f
0x44d5f952: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x186952
0x44c5c316: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x83316
0x44daa18e: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x1d118e
0x6896f8: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x1e6f8
0x6abf0c: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x40f0c
(SalDisplay::DispatchInternalEvent() + 0x64)
0x81eedc: /usr/lib/openoffice.org2.0/program/libvclplug_gtk680li.so + 0x14edc
0x5fc7a1: /usr/lib/libglib-2.0.so.0 + 0x237a1
0x5fe15d: /usr/lib/libglib-2.0.so.0 + 0x2515d (g_main_context_dispatch + 0x16d)
0x6013ef: /usr/lib/libglib-2.0.so.0 + 0x283ef
0x601955: /usr/lib/libglib-2.0.so.0 + 0x28955 (g_main_context_iteration + 0x65)
0x81deb3: /usr/lib/openoffice.org2.0/program/libvclplug_gtk680li.so + 0x13eb3
0x6ae1a9: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x431a9
(X11SalInstance::Yield(unsigned char) + 0x27)
0x44c63b8a: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x8ab8a
(Application::Yield() + 0x48)
0x44c63c0e: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x8ac0e
(Application::Execute() + 0x26)
0x45a032d3: /usr/lib/openoffice.org2.0/program/libsoffice.so + 0x262d3
(desktop::Desktop::Main() + 0x15af)
0x44c67a36: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x8ea36
0x44c67ae9: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x8eae9
(SVMain() + 0x2b)
0x459fd1b3: /usr/lib/openoffice.org2.0/program/libsoffice.so + 0x201b3 (sal_main
+ 0x57)
0x459fd1ff: /usr/lib/openoffice.org2.0/program/libsoffice.so + 0x201ff (main + 0x27)
0x43f03724: /lib/libc.so.6 + 0x15724 (__libc_start_main + 0xdc)
0x80484d1: /usr/lib/openoffice.org2.0/program/swriter.bin + 0x4d1
Comment 1 Caolan McNamara 2006-07-12 11:14:14 UTC 
I see this, but it makes no sense :-(

break main
run -draw
break sd_optsitem.cxx:190
cont

use save as and StarDraw 3 as format.

#2  0x036e010d in binfilter::SdOptionsPrint::IsDraw (this=0xbf9d0cd0)
    at ../inc/optsitem.hxx:619
619             BOOL    IsDraw() const { Init(); return (BOOL) bDraw; }
#1  0x036dda58 in binfilter::SdOptionsGeneric::Init (this=0xbf9d0cd0)
    at
/usr/src/redhat/BUILD/OOB680_m5/binfilter/bf_sd/source/ui/app/sd_optsitem.cxx:140
140     /*N*/           const Sequence< OUString >      aNames( GetPropertyNames(...

So IsDraw calls Init which calls GetPropertyNames, now GetPropertyNames is a
pure virtual method of SdOptionsGeneric, and SdOptionsPrint derives from
SdOptionsGeneric. So SdOptionsPrint::GetPropertyNames should get called when
this is a SdOptionsPrint.

Adding a few 
printf("... %p ... %p",this, dynamic_cast<SdOptionsPrint*>(this)); 

to those methods and I get this...

SdOptionsPrint::IsDraw: 0xbff12a00 is really SdOptionsPrint ? 0xbff12a00
SdOptionsGeneric::Init: 0xbff12a00 is really SdOptionsPrint ? (nil)

what the hell !?

caolanm->jakub: Any hints as to what could be behind this horror ?
Comment 2 Caolan McNamara 2006-07-12 12:13:33 UTC 
ah, it's a whacked cast on a multiple inherited object, something like
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22132
Comment 3 Caolan McNamara 2006-07-12 12:32:08 UTC 
Created attachment 132296 [details]
simple testcase

testcase for the problem
Comment 4 Caolan McNamara 2006-07-12 12:36:37 UTC 
So if I have a multiple-inherited const object and cast it using c-style casts
to one of it's base classes then the result is different if I am casting away
constness vs not casting away constness.

caolanm->jakub: I can of course work around this instance in OOo, but there are
undoubtedly others. Sounds a bit like
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22132
Comment 5 Jakub Jelinek 2006-07-12 14:01:50 UTC 
Tracking upstream.