Bug 758968

Summary: [abrt] libreoffice-core-3.4.4.2-3.fc16: SwTxtFrm::HideAndShowObjects: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Jerry James <loganjerry>
Component: libreofficeAssignee: Michael Stahl <mstahl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: caolanm, dtardon, erack, ltinkl, mstahl, s.ali.najafian, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:196a8aebf100390a178e0419c53c8f03b0e07114
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-08 14:22:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dso_list
none
File: build_ids
none
File: backtrace
none
File: maps none

Description Jerry James 2011-12-01 05:15:25 UTC 
libreport version: 2.0.7
abrt_version:   2.0.6
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer --splash-pipe=7
comment:        I was editing a large document, with 1 photo and some caption text on each page.  I had just inserted a new photo and caption near the beginning of the document when openoffice crashed.
crash_function: SwTxtFrm::HideAndShowObjects
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.1.2-1.fc16.x86_64
pid:            2924
pwd:            /home/jamesjer
reason:         Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time:           Wed 30 Nov 2011 09:46:06 PM MST
uid:            1000
username:       jamesjer
xsession_errors: 

backtrace:      Text file, 78398 bytes
build_ids:      Text file, 8446 bytes
dso_list:       Text file, 22547 bytes
maps:           Text file, 110036 bytes

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=3
:HOSTNAME=localhost.localdomain
:BSTINPUTS=/home/jamesjer/TeX/bst:
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=2912
:GPG_AGENT_INFO=/tmp/keyring-FcaBT7/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=gnome-shell-1629-localhost.localdomain-libreoffice-3_TIME10555476
:HISTSIZE=1000
:XDG_SESSION_COOKIE=078aa0f29ac65b4151256f120000000b-1322706255.941176-346180132
:GJS_DEBUG_OUTPUT=stderr
:OLDPWD=/usr/lib64/libreoffice/program
:GNOME_KEYRING_CONTROL=/tmp/keyring-FcaBT7
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=jamesjer
:SSH_AUTH_SOCK=/tmp/keyring-FcaBT7/ssh
:USERNAME=jamesjer
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1414,unix/unix:/tmp/.ICE-unix/1414
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop
:MAIL=/var/spool/mail/jamesjer
:PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/jamesjer/.local/bin:/home/jamesjer/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/jamesjer
:XMODIFIERS=@im=none
:GNOME_KEYRING_PID=1406
:LANG=en_US.UTF-8
:GDMSESSION=gnome
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HISTCONTROL=ignoredups
:TEXINPUTS=/home/jamesjer/TeX:
:HOME=/home/jamesjer
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=jamesjer
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-dwMAY5NZXu,guid=3602792700d6f0c7a1628ab100000b83
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/jamesjer
:DISPLAY=:0
:XAUTHORITY=/var/run/gdm/auth-for-jamesjer-jGxtnd/database
:LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64

var_log_messages:
:Nov 30 21:46:06 localhost kernel: [11457.440754] soffice.bin[2924]: segfault at 68 ip 00007fcddd733a41 sp 00007ffffe1fba10 error 4 in libswlx.so[7fcddd173000+bd1000]
:Nov 30 21:46:09 localhost abrt[3006]: Saved core dump of pid 2924 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2011-11-30-21:46:06-2924 (178085888 bytes)
Comment 1 Jerry James 2011-12-01 05:15:29 UTC 
Created attachment 538924 [details]
File: dso_list
Comment 2 Jerry James 2011-12-01 05:15:31 UTC 
Created attachment 538925 [details]
File: build_ids
Comment 3 Jerry James 2011-12-01 05:15:32 UTC 
Created attachment 538926 [details]
File: backtrace
Comment 4 Jerry James 2011-12-01 05:15:34 UTC 
Created attachment 538927 [details]
File: maps
Comment 5 soa 2011-12-01 06:01:51 UTC 
Package: libreoffice-core-3.4.3.2-11.fc16
Architecture: i686
OS Release: Fedora release 16 (Verne)

Comment
-----
when scrolling between pages with pictures!
Comment 6 soa 2011-12-01 06:04:56 UTC 
Package: libreoffice-core-3.4.3.2-11.fc16
Architecture: i686
OS Release: Fedora release 16 (Verne)

Comment
-----
when scrolling between pages with pictures!
Comment 7 Caolan McNamara 2011-12-01 13:21:36 UTC 
    if ( IsFollow() )
    {
655:        FindMaster()->HideAndShowObjects();
    }

caolanm->soa/jerry: anyone got a document which reproduces this problem so we can have a go at a proper fix ?

caolanm->mstahl: in the meantime, bt says that "FindMaster" is null here, hence the crash. Hack it to not crash anyway with a null check ?
Comment 8 Jerry James 2011-12-05 04:26:09 UTC 
Sorry, the document I was editing has sensitive contents.  I really can't share it.  It's interesting that we were both editing documents with pictures, though.
Comment 9 Michael Stahl 2012-02-12 22:02:57 UTC 
this *could* be caused by the horribly broken commit that introduced
SwFlowFrm::pPrecede (cc3d0d182cafef9649e45f4657233ac2221fdd0a)
which i have just been fixing... but hard to tell without reproducer.
Comment 10 Jerry James 2012-02-13 15:43:43 UTC 
I'm happy to try out a potential fix.  Or I could try swapping out the sensitive contents in my document for non-sensitive contents.  I'll be pretty busy for the next couple of days, but perhaps Wednesday I could try doing that.
Comment 11 Michael Stahl 2012-02-15 14:46:48 UTC 
i'll just claim this is a duplicate of fdo#41712.

i've pushed the fix for this to Fedora f16, so it should be
in the next f16 update 3.4.5.2-6; if the problem still
occurs in that version please re-open.
Comment 12 Michael Stahl 2012-02-15 14:52:43 UTC 
err too many bugzilla fields
Comment 13 Caolan McNamara 2012-06-08 14:22:48 UTC 
this got pushed as a F-16 update