Bug 758860

Summary: [abrt] libreoffice-core-3.4.4.2-3.fc16: BigPtrArray::Index2Block: (search/replace empty paragraphs?) (SIGSEGV)
Product: [Fedora] Fedora Reporter: M. A. MacLain <mgml>
Component: libreofficeAssignee: Michael Stahl <mstahl>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: caolanm, dtardon, erack, john.mellor, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:52824d6ce33bf922fc4a589cce098a26d61e02e7
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-09 19:20:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dso_list
none
File: maps
none
File: backtrace
none
A test document that crashes none

Description M. A. MacLain 2011-11-30 20:37:11 UTC 
libreport version: 2.0.7
abrt_version:   2.0.6
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer --splash-pipe=7
comment:        Deleating empty lines with Seach and Replace using regular expressions. This has happened a few times
crash_function: BigPtrArray::Index2Block
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.1.2-1.fc16.x86_64
pid:            11881
pwd:            /home/ml
reason:         Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time:           Wed 30 Nov 2011 01:59:02 PM EST
uid:            1000
username:       ml

backtrace:      Text file, 49921 bytes
dso_list:       Text file, 22121 bytes
maps:           Text file, 87963 bytes

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=P5K
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=11869
:GPG_AGENT_INFO=/tmp/keyring-hASZdX/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=gnome-shell-1491-P5K-libreoffice-3_TIME10699484
:HISTSIZE=1000
:XDG_SESSION_COOKIE=1befefacb2e4c85aaef5079f0000000b-1322667158.785461-1075763628
:GJS_DEBUG_OUTPUT=stderr
:OLDPWD=/usr/lib64/libreoffice/program
:QTDIR=/usr/lib64/qt-3.3
:GNOME_KEYRING_CONTROL=/tmp/keyring-hASZdX
:QTINC=/usr/lib64/qt-3.3/include
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=ml
:SSH_AUTH_SOCK=/tmp/keyring-hASZdX/ssh
:USERNAME=ml
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1270,unix/unix:/tmp/.ICE-unix/1270
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop
:MAIL=/var/spool/mail/ml
:PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/ml/.local/bin:/home/ml/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/ml
:XMODIFIERS=@im=none
:KDE_IS_PRELINKED=1
:GNOME_KEYRING_PID=1263
:LANG=en_US.UTF-8
:KDEDIRS=/usr
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/ml
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=ml
:QTLIB=/usr/lib64/qt-3.3/lib
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-9ZQiM0wsoa,guid=95b3fe334f85144d6009ba1f0000005d
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/ml
:DISPLAY=:0
:XAUTHORITY=/var/run/gdm/auth-for-ml-kCsNmI/database
:LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64

var_log_messages:
:Nov 28 14:42:26 P5K kernel: [19266.663524] soffice.bin[7780]: segfault at 11 ip 0000003406c09da4 sp 00007ffffc4eff80 error 4 in libpthread-2.14.90.so[3406c00000+17000]
:Nov 29 12:34:19 P5K kernel: [ 4871.830603] soffice.bin[3470]: segfault at 11 ip 0000003406c09da4 sp 00007fff3d83b5a0 error 4 in libpthread-2.14.90.so[3406c00000+17000]
:Nov 29 23:43:31 P5K kernel: [ 4403.333257] soffice.bin[2072]: segfault at 11 ip 0000003406c09da4 sp 00007fffa59f8f00 error 4 in libpthread-2.14.90.so[3406c00000+17000]
:Nov 30 13:59:02 P5K kernel: [12476.873129] soffice.bin[11881]: segfault at 26 ip 00007fe0095d38cb sp 00007fffa079ad38 error 4 in libswlx.so[7fe0092c8000+bd1000]
:Nov 30 13:59:03 P5K abrt[12848]: Saved core dump of pid 11881 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2011-11-30-13:59:02-11881 (107229184 bytes)
Comment 1 M. A. MacLain 2011-11-30 20:37:14 UTC 
Created attachment 538793 [details]
File: dso_list
Comment 2 M. A. MacLain 2011-11-30 20:37:17 UTC 
Created attachment 538794 [details]
File: maps
Comment 3 M. A. MacLain 2011-11-30 20:37:19 UTC 
Created attachment 538795 [details]
File: backtrace
Comment 4 Caolan McNamara 2011-12-01 13:24:11 UTC 
Yucky, can you reproduce this ?, if so was it a specific document and a specific search/replace. Can you share those with us.
Comment 5 Michael Stahl 2011-12-01 16:41:34 UTC 
crash on search & replace of empty paragraph is already fixed in LO master.
perhaps we should backport the fix.
Comment 6 M. A. MacLain 2011-12-04 03:35:41 UTC 
Caolan thanks for your interest. I have been away.  It looks like, according to M. Stahl, the problem has been fixed.  I had crashes in more than one document while removing empty paragraphs.

Happy Holidays.
Comment 7 Caolan McNamara 2011-12-06 09:53:11 UTC 
caolanm->mstahl: You think it is that empty paragraph search/replace ? If you think its worth backporting, and safe, go for it, otherwise, closed->upstream
Comment 8 M. A. MacLain 2011-12-06 17:58:05 UTC 
Created attachment 541501 [details]
A test document that crashes

I don't believe the version I have (libreoffice-writer-3.4.4.2-3.fc16.x86_64) has been patched. I still have crashes.   

Attached a sample file to illustrate  crashes while removing empty paragraphs. 

Preserve the original file for reference.  Use a copy for testing.

Thanks.

M.
Comment 9 Michael Stahl 2011-12-09 19:20:25 UTC 
the fix is now in the upstream 3.4 release branch and should be in 3.4.5
which is just a couple weeks away.
seeing as this isn't a regression i guess we can wait a bit
and then update packages to 3.4.5 release.
Comment 10 John Mellor 2012-10-06 00:11:37 UTC 
According to abrt, the Fedora-17 libre-office update today has this problem while attempting to open a docx file.  Please re-open as newly-broken.
Comment 11 John Mellor 2012-10-07 15:15:19 UTC 
New bug https://bugzilla.redhat.com/show_bug.cgi?id=863810 created, since abrt is misrepresenting the problem as this bug.