Bug 996162

Summary: [abrt] libreoffice-core-4.1.0.4-6.fc19: Font::operator=: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: klaus
Component: libreofficeAssignee: Caolan McNamara <caolanm>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: caolanm, dtardon, erack, klaus, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:037b29897e7ca16117f4545f749310516b02590a
Fixed In Version: libreoffice-4.1.2.3-3.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-10 01:08:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages
none
document that causes crashes none

Description klaus 2013-08-12 14:31:58 UTC 
Version-Release number of selected component:
libreoffice-core-4.1.0.4-6.fc19

Additional info:
reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer file:///tmp/Adjunktvejledning-udgave-2013-v3.docx --splash-pipe=5
crash_function: Font::operator=
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.10.5-201.fc19.x86_64
runlevel:       N 5
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 Font::operator= at /usr/src/debug/libreoffice-4.1.0.4/vcl/source/gdi/font.cxx:583
 #1 Outliner::ImpCalcBulletFont at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/outliner/outliner.cxx:903
 #2 Outliner::ImplGetBulletSize at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/outliner/outliner.cxx:1516
 #3 Outliner::ImpCalcBulletArea at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/outliner/outliner.cxx:1612
 #4 OutlinerEditEng::GetBulletArea at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/outliner/outleeng.cxx:73
 #5 ImpEditEngine::CreateLines at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/editeng/impedit3.cxx:720
 #6 ImpEditEngine::FormatDoc at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/editeng/impedit3.cxx:396
 #7 ImpEditEngine::FormatAndUpdate at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/editeng/impedit3.cxx:4150
 #8 EditEngine::SetUpdateMode at /usr/src/debug/libreoffice-4.1.0.4/editeng/source/editeng/editeng.cxx:1514
 #9 SvxTextEditSourceImpl::unlock at /usr/src/debug/libreoffice-4.1.0.4/svx/source/unodraw/unoshtxt.cxx:884
Comment 1 klaus 2013-08-12 14:32:02 UTC 
Created attachment 785714 [details]
File: backtrace
Comment 2 klaus 2013-08-12 14:32:07 UTC 
Created attachment 785715 [details]
File: cgroup
Comment 3 klaus 2013-08-12 14:32:11 UTC 
Created attachment 785716 [details]
File: core_backtrace
Comment 4 klaus 2013-08-12 14:32:22 UTC 
Created attachment 785717 [details]
File: dso_list
Comment 5 klaus 2013-08-12 14:32:26 UTC 
Created attachment 785718 [details]
File: environ
Comment 6 klaus 2013-08-12 14:32:30 UTC 
Created attachment 785720 [details]
File: exploitable
Comment 7 klaus 2013-08-12 14:32:33 UTC 
Created attachment 785722 [details]
File: limits
Comment 8 klaus 2013-08-12 14:32:38 UTC 
Created attachment 785724 [details]
File: maps
Comment 9 klaus 2013-08-12 14:32:41 UTC 
Created attachment 785727 [details]
File: open_fds
Comment 10 klaus 2013-08-12 14:32:45 UTC 
Created attachment 785729 [details]
File: proc_pid_status
Comment 11 klaus 2013-08-12 14:32:48 UTC 
Created attachment 785731 [details]
File: var_log_messages
Comment 12 Caolan McNamara 2013-08-22 14:19:58 UTC 
I rather suspect that there is a NULL font in this case. Can you reproduce this crash with that Adjunktvejledning-udgave-2013-v3.docx ? if so could you attach that here.
Comment 13 Caolan McNamara 2013-08-22 14:31:11 UTC 
committed http://cgit.freedesktop.org/libreoffice/core/commit/?id=166510ed48bf49b75a031ce973f41d08fb4e4518 upstream on that theory, but would need to verify it with the original crasher doc
Comment 14 klaus 2013-08-22 15:14:00 UTC 
Created attachment 789258 [details]
document that causes crashes
Comment 15 Fedora Update System 2013-10-08 08:17:12 UTC 
libreoffice-4.1.2.3-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libreoffice-4.1.2.3-3.fc20
Comment 16 Fedora Update System 2013-10-08 08:18:20 UTC 
libreoffice-4.1.2.3-3.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/libreoffice-4.1.2.3-3.fc19
Comment 17 Fedora Update System 2013-10-09 14:40:30 UTC 
Package libreoffice-4.1.2.3-3.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-4.1.2.3-3.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-18561/libreoffice-4.1.2.3-3.fc20
then log in and leave karma (feedback).
Comment 18 Fedora Update System 2013-10-10 01:08:51 UTC 
libreoffice-4.1.2.3-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2013-10-12 04:31:15 UTC 
libreoffice-4.1.2.3-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.