Bug 818557

Summary: [abrt] libreoffice-writer-3.3.4.1-2.fc15: SwCrsrShell::GetCrsr: Process /usr/lib64/libreoffice/program/swriter.bin was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Slawomir Czarko <slawomir.czarko>
Component: libreofficeAssignee: Caolan McNamara <caolanm>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:d5a26b9a9d4ebbb2ae738d9394c01b0718a7df93
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-09 10:41:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dso_list
none
File: maps
none
File: backtrace
none
File which causes the crash (zipped) none

Description Slawomir Czarko 2012-05-03 11:03:01 UTC 
abrt version: 2.0.3
architecture:   x86_64
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/swriter.bin -writer
component:      libreoffice
crash_function: SwCrsrShell::GetCrsr
executable:     /usr/lib64/libreoffice/program/swriter.bin
kernel:         2.6.42.12-1.fc15.x86_64
os_release:     Fedora release 15 (Lovelock)
package:        libreoffice-writer-3.3.4.1-2.fc15
reason:         Process /usr/lib64/libreoffice/program/swriter.bin was killed by signal 11 (SIGSEGV)
time:           Thu May  3 12:24:21 2012
uid:            2026
username:       slawomir
xsession_errors: 

backtrace:      Text file, 115462 bytes
dso_list:       Text file, 21443 bytes
maps:           Text file, 78638 bytes

comment:
:I have a document which when opened triggers this question:
:The template '...' on which this document is based, has been modified. Do you want to update style based formatting according to the modified template?
:
:[Update Styles] [Keep Old Styles] [Help]
:
:There are 4 different scenarios:
:1 - select [Update Styles] and then try opening Page Preview without saving the document first - LibreOffice Writer crashes.
:2 - select [Update Styles] and then try opening Page Preview after saving the document first - LibreOffice Writer crashes.
:3 - select [Keep Old Styles] and then try opening Page Preview - LibreOffice Writer doesn't crash.
:4 - select [Update Styles], save document, close it, open it again and then try opening Page Preview - LibreOffice Writer doesn't crash.
:
:It is reproducible 100% with this document.
:
:Backtrace is from scenario 1.

environ:
:ORBIT_SOCKETDIR=/tmp/orbit-slawomir
:XDG_SESSION_ID=1
:HOSTNAME=gaia.garous.net
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=28888
:GPG_AGENT_INFO=/tmp/keyring-WJ1Js3/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=gnome-shell-2229-gaia.garous.net-libreoffice-9_TIME14503105
:HISTSIZE=1000
:XDG_SESSION_COOKIE=416f84d9c1904d76a962a6160000000c-1336026473.983445-1548027741
:GJS_DEBUG_OUTPUT=stderr
:OLDPWD=/usr/lib64/libreoffice/program
:GNOME_KEYRING_CONTROL=/tmp/keyring-WJ1Js3
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=slawomir
:LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64
:CCACHE_DIR=/sandbox/slawomir/ccache
:SSH_AUTH_SOCK=/tmp/keyring-WJ1Js3/ssh
:USERNAME=slawomir
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/2009,unix/unix:/tmp/.ICE-unix/2009
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop
:MAIL=/var/spool/mail/slawomir
:PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/slawomir/.local/bin:/home/slawomir/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/slawomir
:XMODIFIERS=@im=none
:KDE_IS_PRELINKED=1
:GNOME_KEYRING_PID=2001
:LANG=en_US.UTF-8
:MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles
:GDM_LANG=
:LOADEDMODULES=
:KDEDIRS=/usr
:NO_DISTCC=1
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/slawomir
:SHLVL=2
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=slawomir
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-1P5UT87toW,guid=bda8e2ed59543ef19f2efa5500000147
:MODULESHOME=/usr/share/Modules
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/slawomir
:DISPLAY=:0
:G_BROKEN_FILENAMES=1
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-slawomir-yRg1UG/database
:'module=() {  eval `/usr/bin/modulecmd bash $*`\n}'
:_=/usr/lib64/libreoffice/program/swriter.bin

var_log_messages:
:May  3 12:23:43 gaia kernel: [14476.775248] swriter.bin[25294]: segfault at 50 ip 000000313ead60f8 sp 00007fff9c5c1e80 error 6 in libsfxlx.so[313e800000+41f000]
:May  3 12:23:44 gaia abrt[28306]: saved core dump of pid 25294 (/usr/lib64/libreoffice/program/swriter.bin) to /var/spool/abrt/ccpp-2012-05-03-12:23:43-25294.new/coredump (143822848 bytes)
:May  3 12:24:21 gaia kernel: [14514.823139] swriter.bin[28903]: segfault at 1a8 ip 0000003142d30fa9 sp 00007fff867e0710 error 4 in libswlx.so[3142a00000+b4d000]
:May  3 12:24:22 gaia abrt[29147]: saved core dump of pid 28903 (/usr/lib64/libreoffice/program/swriter.bin) to /var/spool/abrt/ccpp-2012-05-03-12:24:21-28903.new/coredump (117469184 bytes)
Comment 1 Slawomir Czarko 2012-05-03 11:03:07 UTC 
Created attachment 581827 [details]
File: dso_list
Comment 2 Slawomir Czarko 2012-05-03 11:03:09 UTC 
Created attachment 581828 [details]
File: maps
Comment 3 Slawomir Czarko 2012-05-03 11:03:11 UTC 
Created attachment 581829 [details]
File: backtrace
Comment 4 Caolan McNamara 2012-05-04 15:44:25 UTC 
SwCrsrShell::GetCrsr (this=0x0) is the clear immediate reason for the crash

but that's from SwEditShell::GetScriptType where... FOREACHPAM_START(this), so this must be 0 there as well, which comes from

SwTextShell::GetState ... 

SwWrtShell &rSh = GetShell();
rSh.GetScriptType()

so the problem doesn't seem to be obviously local to the backtrace.

caolanm->Slawomir
Are you able to provide the document which reproduces the crash ?
Comment 5 Slawomir Czarko 2012-05-07 09:26:02 UTC 
Created attachment 582588 [details]
File which causes the crash (zipped)
Comment 6 Caolan McNamara 2012-05-08 15:24:53 UTC 
reproducible
Comment 7 Caolan McNamara 2012-05-09 10:39:49 UTC 
http://cgit.freedesktop.org/libreoffice/core/commit/?id=a1d265be484f1c70f57ab3de9b2d8c27d2fd3aa4 seems to help
Comment 8 Caolan McNamara 2012-05-09 10:41:17 UTC 
I'm a bit to chicken to backport this fix to f15, f16, f17 & rawhide seeing as its all a bit tricky. Will leave it for upstream master and see if it works out in the longer term
Comment 9 Michael Stahl 2013-01-16 19:57:14 UTC 
good idea not to backport this, the fix caused upstream regression 58893.

i'm hoping that beacee6fad46aa2c8fc813bb0150e5c7a5175b26
is a better fix for this, though don't really know either...