Bug 672818

Summary: [abrt] SwTxtNode::GetTxtAttrForCharAt killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Eudemus <eudemus>
Component: openoffice.orgAssignee: Caolan McNamara <caolanm>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: caolanm, dtardon
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:487083fe2ceb4c888671f34f087590ba7fe138ef
Fixed In Version: libreoffice-3.3.1.2-3.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-09 03:15:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Eudemus 2011-01-26 14:20:56 UTC 
abrt version: 1.1.14
architecture: i686
cmdline: /usr/lib/openoffice.org3/program/swriter.bin -writer file:///home/jamie/.cache/evolution/tmp/evolution-jamie-pOkjBX/Returns%20form.doc
component: openoffice.org
crash_function: poll
executable: /usr/lib/openoffice.org3/program/swriter.bin
kernel: 2.6.35.10-74.fc14.i686
package: openoffice.org-writer-1:3.3.0-19.2.fc14
rating: 4
reason: Process /usr/lib/openoffice.org3/program/swriter.bin was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1296047579
uid: 1000

backtrace
-----
[New Thread 5506]
[New Thread 2481]
[New Thread 2483]
[New Thread 2484]
[New Thread 2485]
[New Thread 2489]
[New Thread 5358]
[New Thread 5359]
[New Thread 5360]
[New Thread 2480]
warning: "/var/cache/abrt-di/usr/lib/debug/.build-id/fa/f2166d96718ed30945cfe3336a540b2352974e.debug": separate debug info file has no debug info
warning: "/var/cache/abrt-di/usr/lib/debug/.build-id/84/dba4630c436dc62241a8deae49e5c49a09f94b.debug": separate debug info file has no debug info
Core was generated by `/usr/lib/openoffice.org3/program/swriter.bin -writer file:///home/jamie/.cache/'.
Program terminated with signal 11, Segmentation fault.
#0  SwTxtNode::GetTxtAttrForCharAt (this=0x0, nIndex=65535, nWhich=RES_TXTATR_BEGIN) at /usr/src/debug/OOO330_m19/sw/source/core/txtnode/ndtxt.cxx:5091
5091	/usr/src/debug/OOO330_m19/sw/source/core/txtnode/ndtxt.cxx: No such file or directory.
	in /usr/src/debug/OOO330_m19/sw/source/core/txtnode/ndtxt.cxx

Thread 10 (Thread 2480):
#0  0x008b7416 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00a0eb06 in poll () from /lib/libc.so.6

Timeout exceeded: 60 second, killing gdb
Debuginfo absent: 696c53dec94174b9576589f9ad17d68cf108290d

How to reproduce
-----
1. Typing a document in OpenOffice Writer
2. Insert citation using Zotero (multiple sources)
3. This can't be the full cause, because sometimes this works unproblematically.
Comment 1 Eudemus 2011-01-26 14:20:59 UTC 
Created attachment 475398 [details]
File: backtrace
Comment 2 Caolan McNamara 2011-02-16 16:34:08 UTC 
This one slipped between the cracks. I guess its a bit late to ask if you are able to reproduce this ?
Comment 3 David Tardon 2011-02-21 08:34:57 UTC 
Given the value of the nWhich argument (RES_TXTATR_BEGIN == RES_TXTATTR_REFMARK), this SwTxtNode::GetTxtAttrForCharAt could only have been called from two places: SwXReferenceMark::Impl::InsertRefMark in sw/source/core/unocore/unorefmk.cxx and SwHistorySetRefMark::SetInDoc in sw/source/core/undo/rolbck.cxx . That said, I do not see any obvious problem either in that code (well, rPam.GetPoint()->nContent.GetIndex() - 1 looks a bit dubious, but it is not the cause of this crash...) or in zotero code (https://www.zotero.org/svn/integration/xpcom/OpenOffice/trunk/build/src/org/zotero/integration/ooo/).
Comment 4 Caolan McNamara 2011-03-02 12:52:51 UTC 
Because this=0x0 is what gdb claims, and SwHistorySetRefMark::SetInDoc protects against a NULL SwTxtNode that would suggest that one is ruled out.

We could try a bandaid at the other location
Comment 5 Caolan McNamara 2011-03-02 13:05:06 UTC 
added in bandaid, will be in >= 3.3.0-20.3
Comment 6 Fedora Update System 2011-03-03 17:19:45 UTC 
Package libreoffice-3.3.1.2-3.fc15:
* should fix your issue,
* was pushed to the Fedora 15 updates-testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-3.3.1.2-3.fc15'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/libreoffice-3.3.1.2-3.fc15
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2011-03-04 09:53:33 UTC 
libreoffice-3.3.1.2-3.fc15 has been pushed to the Fedora 15 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libreoffice'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/libreoffice-3.3.1.2-3.fc15
Comment 8 Fedora Update System 2011-03-09 03:14:58 UTC 
libreoffice-3.3.1.2-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.