Bug 841092

Summary: [abrt][a11y] libreoffice-core-3.4.5.2-15.fc16: ImpEditEngine::RecalcTextPortion->GetObject(65535) killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Steve Yoon <syoon>
Component: libreofficeAssignee: Caolan McNamara <caolanm>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:0ff54fa1500112a5c160481ae6dc38127bcd4f87
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-11 11:29:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dso_list
none
File: smolt_data
none
File: maps
none
File: backtrace none

Description Steve Yoon 2012-07-18 06:51:48 UTC 
libreport version: 2.0.10
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --impress file:///home/syoon/%EB%B0%94%ED%83%95%ED%99%94%EB%A9%B4/RedHat/%EB%B3%B4%EA%B3%A0/FY13%20Account%20Plan/FY13H2%20OEM%20ISV%20Plan.odp --splash-pipe=7
comment:        Crashed after push Ctr-Z
crash_function: GetObject
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.3.8-1.fc16.x86_64
pid:            30703
pwd:            /home/syoon
time:           2012년 07월 18일 (수) 오전 10시 33분 29초
uid:            1000
username:       syoon
xsession_errors: 

backtrace:      Text file, 70004 bytes
dso_list:       Text file, 28934 bytes
maps:           Text file, 107911 bytes
smolt_data:     Binary file, 3225 bytes

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=syoon.sel.redhat.com
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=30687
:GPG_AGENT_INFO=/tmp/keyring-gKPfjY/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=nautilus-1893-syoon.sel.redhat.com-libreoffice-66_TIME605839567
:HISTSIZE=1000
:XDG_SESSION_COOKIE=e984f97fbc89a62d986f97bf0000000e-1341964053.798262-315509856
:OLDPWD=/usr/lib64/libreoffice/program
:GNOME_KEYRING_CONTROL=/tmp/keyring-gKPfjY
:IMSETTINGS_MODULE=IBus
:USER=syoon
:DESKTOP_AUTOSTART_ID=10c380d071a743d9613419640556400900000017050021
:SSH_AUTH_SOCK=/tmp/keyring-gKPfjY/ssh
:USERNAME=syoon
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1705,unix/unix:/tmp/.ICE-unix/1705
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-impress.desktop
:MAIL=/var/spool/mail/syoon
:PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/syoon/.local/bin:/home/syoon/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=ibus
:PWD=/home/syoon
:XMODIFIERS=@im=ibus
:GNOME_KEYRING_PID=1697
:LANG=ko_KR.utf8
:GDM_LANG=ko_KR.utf8
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/syoon
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=syoon
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-5U9ow5ch4p,guid=00141c31adbc37d6dac149f7000000b1
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/syoon
:DISPLAY=:0.0
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-syoon-967kqs/database
:LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64

var_log_messages:
:Jul 16 13:41:37 syoon kernel: [449572.967226] soffice.bin[26429]: segfault at 7fd9b2073000 ip 00000034fc8868d2 sp 00007fff268abde0 error 7 in libsvllx.so[34fc800000+109000]
:Jul 16 13:41:42 syoon abrt[31127]: Saved core dump of pid 26429 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-16-13:41:37-26429 (309260288 bytes)
:Jul 16 14:03:58 syoon kernel: [450913.087260] soffice.bin[32002]: segfault at 7fff8 ip 00007f50ff9bb5b9 sp 00007fff6c94a6b0 error 4 in libeditenglx.so[7f50ff8b4000+209000]
:Jul 16 14:04:02 syoon abrt[32125]: Saved core dump of pid 32002 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-16-14:03:58-32002 (237711360 bytes)
:Jul 18 10:33:29 syoon kernel: [610997.394185] soffice.bin[30703]: segfault at 7fff8 ip 00007fd2a2b8f5b9 sp 00007fff05cbfd70 error 4 in libeditenglx.so[7fd2a2a88000+209000]
:Jul 18 10:33:37 syoon abrt[6244]: Saved core dump of pid 30703 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-18-10:33:29-30703 (282902528 bytes)
Comment 1 Steve Yoon 2012-07-18 06:51:53 UTC 
Created attachment 598795 [details]
File: dso_list
Comment 2 Steve Yoon 2012-07-18 06:51:55 UTC 
Created attachment 598796 [details]
File: smolt_data
Comment 3 Steve Yoon 2012-07-18 06:51:58 UTC 
Created attachment 598797 [details]
File: maps
Comment 4 Steve Yoon 2012-07-18 06:52:00 UTC 
Created attachment 598798 [details]
File: backtrace
Comment 5 Caolan McNamara 2012-08-22 13:40:13 UTC 
Looks like this is triggered by having accessibility enabled. Are you able to reproduce this crash and give a step-by-step route to reproducing ?

I can assume that the number of text portions was 0 somehow, leading to wraparound with nLastPortion = Count() - 1; and I could hackaround that to avoid the immediate crash, but far better would be knowing how it got that way in the first place.
Comment 6 Caolan McNamara 2012-09-11 11:29:18 UTC 
Can't reproduce or see how it could come about. I committed http://cgit.freedesktop.org/libreoffice/core/commit/?id=4f177fbbab1619b9a2f9afa04d882c5fd415fcc0 upstream to abort right at the point where the initial problem gets detected and survive in NDEBUG mode