Bug 890080

Summary: [abrt] libreoffice-core-3.5.7.2-7.fc17: dereference NULL pSwView in SwXTextDocument::getRendererCount
Product: [Fedora] Fedora Reporter: David Ford <dford>
Component: libreofficeAssignee: Michael Stahl <mstahl>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:327dcd563f63f46ac10d507b899afe0171444b3c
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-02 04:37:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: core_backtrace
none
File: environ
none
File: backtrace
none
File: limits
none
File: smolt_data
none
File: cgroup
none
File: executable
none
File: maps
none
File: dso_list
none
File: proc_pid_status
none
File: open_fds
none
File: var_log_messages none

Description David Ford 2012-12-25 01:53:22 UTC 
Version-Release number of selected component:
libreoffice-core-3.5.7.2-7.fc17

Additional info:
libreport version: 2.0.18
abrt_version:   2.0.18
backtrace_rating: 3
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer --splash-pipe=6
crash_function: os::die
kernel:         3.6.10-2.fc17.x86_64

truncated backtrace:
:Thread no. 1 (10 frames)
: #2 os::die at /usr/src/debug/java-1.7.0-openjdk/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:1597
: #3 VMError::report_and_die at /usr/src/debug/java-1.7.0-openjdk/openjdk/hotspot/src/share/vm/utilities/vmError.cpp:1022
: #4 crash_handler at /usr/src/debug/java-1.7.0-openjdk/openjdk/hotspot/src/os/linux/vm/vmError_linux.cpp:106
: #6 ??
: #7 os::abort at /usr/src/debug/java-1.7.0-openjdk/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:1578
: #8 VMError::report_and_die at /usr/src/debug/java-1.7.0-openjdk/openjdk/hotspot/src/share/vm/utilities/vmError.cpp:1018
: #9 JVM_handle_linux_signal at /usr/src/debug/java-1.7.0-openjdk/openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp:528
: #11 SwView::RecheckBrowseMode at /usr/src/debug/libreoffice-3.5.7.2/solver/unxlngx6.pro/inc/svl/eitem.hxx:51
: #12 SwXTextDocument::getRendererCount at /usr/src/debug/libreoffice-3.5.7.2/sw/source/ui/uno/unotxdoc.cxx:2564
: #13 SfxPrinterController::getPageCount at /usr/src/debug/libreoffice-3.5.7.2/sfx2/source/view/viewprn.cxx:241

Potential duplicate bug: 706076
Comment 1 David Ford 2012-12-25 01:53:27 UTC 
Created attachment 668642 [details]
File: core_backtrace
Comment 2 David Ford 2012-12-25 01:53:29 UTC 
Created attachment 668643 [details]
File: environ
Comment 3 David Ford 2012-12-25 01:53:37 UTC 
Created attachment 668644 [details]
File: backtrace
Comment 4 David Ford 2012-12-25 01:53:39 UTC 
Created attachment 668645 [details]
File: limits
Comment 5 David Ford 2012-12-25 01:53:40 UTC 
Created attachment 668646 [details]
File: smolt_data
Comment 6 David Ford 2012-12-25 01:53:42 UTC 
Created attachment 668647 [details]
File: cgroup
Comment 7 David Ford 2012-12-25 01:53:44 UTC 
Created attachment 668648 [details]
File: executable
Comment 8 David Ford 2012-12-25 01:53:50 UTC 
Created attachment 668649 [details]
File: maps
Comment 9 David Ford 2012-12-25 01:53:52 UTC 
Created attachment 668650 [details]
File: dso_list
Comment 10 David Ford 2012-12-25 01:53:54 UTC 
Created attachment 668651 [details]
File: proc_pid_status
Comment 11 David Ford 2012-12-25 01:53:56 UTC 
Created attachment 668652 [details]
File: open_fds
Comment 12 David Ford 2012-12-25 01:53:59 UTC 
Created attachment 668653 [details]
File: var_log_messages
Comment 13 Michael Stahl 2013-01-04 23:48:53 UTC 
crash because pSwView is 0 in "pSwView->RecheckBrowseMode();"

apparently this pSwView was introduced in OOo 3.4 in commit 2f9f480b22f2fff59d9c48b4b46706c3d5223e66
so it's likely this crash is a regression.

pSwView is checked for 0 in every use except the one the one that
causes this crash here, so i'll assume it's a simple oversight.

fixed upstream master in commit 1c52268a5bc6d79c6ee1344e4e341c7e3820d4e0
and backported to 4.0 branch and proposed for 3.6 branch;
added to f17 package, should be in next update for that.
Comment 14 Fedora Update System 2013-01-21 10:33:52 UTC 
libreoffice-3.5.7.2-8.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libreoffice-3.5.7.2-8.fc17
Comment 15 Fedora Update System 2013-01-23 02:04:12 UTC 
Package libreoffice-3.5.7.2-8.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-3.5.7.2-8.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-1280/libreoffice-3.5.7.2-8.fc17
then log in and leave karma (feedback).
Comment 16 Fedora Update System 2013-01-23 06:39:18 UTC 
libreoffice-3.5.7.2-9.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libreoffice-3.5.7.2-9.fc17
Comment 17 Fedora Update System 2013-02-02 04:37:25 UTC 
libreoffice-3.5.7.2-9.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.