Bug 805743

Summary: [abrt][a11y] libreoffice-core-3.5.1.2-1.fc17: AccessibleViewForwarder::AccessibleViewForwarder killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Michal Ambroz <rebus>
Component: libreofficeAssignee: Caolan McNamara <caolanm>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 17CC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:93808b2c4041a5326a7a20046d1abc4b6f3d4a1a
Fixed In Version: libreoffice-3.5.3.2-3.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-26 07:15:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dso_list
none
File: maps
none
File: backtrace none

Description Michal Ambroz 2012-03-22 01:10:54 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --draw --splash-pipe=6
crash_function: std::vector<SdrPaintWindow*, std::allocator<SdrPaintWindow*> >::size
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.3.0-1.fc17.x86_64
pid:            16895
pwd:            /home/mambroz
reason:         Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time:           Thu 22 Mar 2012 01:37:43 AM CET
uid:            1000
username:       mambroz

backtrace:      Text file, 43957 bytes
dso_list:       Text file, 21044 bytes
maps:           Text file, 96031 bytes

comment:
:1) Edit image in draw.
:2) export it to wmf
:3) import wmf to impress
:4) click back to draw

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=3
:HOSTNAME=mixer.localdomain
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=16880
:GPG_AGENT_INFO=/tmp/keyring-0KsaOY/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=gnome-shell-16399-mixer.localdomain-libreoffice-0_TIME23270559
:HISTSIZE=10000
:GJS_DEBUG_OUTPUT=stderr
:G_MESSAGES_DEBUG=all
:OLDPWD=/usr/lib64/libreoffice/program
:QTDIR=/usr/lib64/qt-3.3
:GNOME_KEYRING_CONTROL=/tmp/keyring-0KsaOY
:QTINC=/usr/lib64/qt-3.3/include
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=mambroz
:SSH_AUTH_SOCK=/tmp/keyring-0KsaOY/ssh
:USERNAME=mambroz
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1659,unix/unix:/tmp/.ICE-unix/1659
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-draw.desktop
:MAIL=/var/spool/mail/mambroz
:PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/mambroz/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/mambroz
:XMODIFIERS=@im=none
:KDE_IS_PRELINKED=1
:GNOME_KEYRING_PID=1657
:LANG=en_US.UTF-8
:KDEDIRS=/usr
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:XDG_SEAT=seat0
:HOME=/home/mambroz
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=mambroz
:QTLIB=/usr/lib64/qt-3.3/lib
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Q7uKbioaA8,guid=d3f84712bfef3b75a64f7ca00000082c
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/mambroz
:DISPLAY=:0
:XAUTHORITY=/var/run/gdm/auth-for-mambroz-DigYNU/database
:LD_LIBRARY_PATH=/usr/java/jre1.6.0_31/lib/amd64/client:/usr/java/jre1.6.0_31/lib/amd64/server:/usr/java/jre1.6.0_31/lib/amd64/native_threads:/usr/java/jre1.6.0_31/lib/amd64

var_log_messages:
:Mar 22 01:33:25 mixer kernel: [23256.385025] soffice.bin[14784]: segfault at 0 ip 00000038d833b3c0 sp 00007fffb5fcb4d8 error 4 in libc-2.15.so[38d8200000+1ac000]
:Mar 22 01:33:27 mixer abrt[16825]: Saved core dump of pid 14784 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-03-22-01:33:25-14784 (159457280 bytes)
:Mar 22 01:37:43 mixer kernel: [23514.362987] soffice.bin[16895]: segfault at 80 ip 00007effe549dc4c sp 00007fff47c31590 error 4 in libsdlo.so[7effe51f8000+83a000]
:Mar 22 01:37:44 mixer abrt[17045]: Saved core dump of pid 16895 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-03-22-01:37:43-16895 (132120576 bytes)
Comment 1 Michal Ambroz 2012-03-22 01:10:59 UTC 
Created attachment 571893 [details]
File: dso_list
Comment 2 Michal Ambroz 2012-03-22 01:11:04 UTC 
Created attachment 571894 [details]
File: maps
Comment 3 Michal Ambroz 2012-03-22 01:11:06 UTC 
Created attachment 571895 [details]
File: backtrace
Comment 4 David Tardon 2012-03-22 08:02:40 UTC 
The sd a11y stuff evidently expects that a sd::ViewShell has a valid sd::View . Unfortunately, that is not the case here. sd::OutlineViewShell's constructor first calls ViewShell::doShow(), which triggers this crash, and only _after_ that calls Construct(), which initializes ViewShell::mpView .
Comment 5 Caolan McNamara 2012-03-22 12:47:27 UTC 
As punishment for diagnosing it, you get to keep it :-)
Comment 6 Michal Ambroz 2012-04-01 20:21:18 UTC 
1) Start libreoffice Impress
2) in new presentation click "Otline" tab.

crash in 100% cases.


backtrace_rating: 4
Package: libreoffice-core-3.5.1.2-1.fc17
OS Release: Fedora release 17 Alpha (Beefy Miracle)
Comment 7 Michal Ambroz 2012-04-01 20:25:53 UTC 
1) open libre office
2) start new presentation (Impress)
3) click to handout tab	
crashes in 100% cases


backtrace_rating: 4
Package: libreoffice-core-3.5.2.1-1.fc17
OS Release: Fedora release 17 Alpha (Beefy Miracle)
Comment 8 Michal Ambroz 2012-04-01 20:30:17 UTC 
Increasing the severity as the Impress tool from libreoffice becomes quite useless because of this bug. 

It seems that due to this bug it is not possible to switch to any other view than the default one.
Comment 9 Michal Ambroz 2012-04-01 21:20:44 UTC 
switch view in libreoffice

backtrace_rating: 4
Package: libreoffice-core-3.5.2.1-1.fc17
OS Release: Fedora release 17 Alpha (Beefy Miracle)
Comment 10 Michal Ambroz 2012-04-17 00:44:10 UTC 
Retested now with the libreoffice-impress-3.5.2.1-6.fc17.x86_64 .
Issue persists.

1) open libre office
2) start new presentation (Impress)
3) click to Outline, Notes or Handout tab 
crashes in 100% cases
Comment 11 David Tardon 2012-05-09 04:46:01 UTC 
*** Bug 819156 has been marked as a duplicate of this bug. ***
Comment 12 Caolan McNamara 2012-05-09 11:23:24 UTC 
oh wait, *I* broke that http://cgit.freedesktop.org/libreoffice/core/commit/?id=ec240eafe9b25620383aa54015f5c55e0f64227a

well for limited amounts of "broke" where broke is made it crash in an understandable way instead of a bizarre ad-hoc way :-)
Comment 13 Caolan McNamara 2012-05-09 11:59:57 UTC 
hopefully fixed with http://cgit.freedesktop.org/libreoffice/core/commit/?id=4ae4c57caab02c5d8fe91cd9956fabba6bd3dc1e will be in >= 3.5.3.2-3.fc17
Comment 14 Fedora Update System 2012-05-09 19:15:41 UTC 
libreoffice-3.5.3.2-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libreoffice-3.5.3.2-3.fc17
Comment 15 Fedora Update System 2012-05-10 20:41:40 UTC 
Package libreoffice-3.5.3.2-3.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-3.5.3.2-3.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7635/libreoffice-3.5.3.2-3.fc17
then log in and leave karma (feedback).
Comment 16 Michal Ambroz 2012-05-13 13:07:49 UTC 
Openoffice -> Presentation -> Outline tab
Crash 100%


backtrace_rating: 4
Package: libreoffice-core-3.5.2.1-6.fc17
OS Release: Fedora release 17 Alpha (Beefy Miracle)
Comment 17 Michal Ambroz 2012-05-13 13:22:35 UTC 
Seems to be fixed in libreoffice-3.5.3.2-3.fc17
Comment 18 Fedora Update System 2012-05-26 07:15:17 UTC 
libreoffice-3.5.3.2-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.