Red Hat Bugzilla – Bug 1117853
[fix available] impress killed by SIGABRT on paste into outline view at a position where the slide has no title object
Last modified: 2015-03-05 03:50:22 EST
Description of problem: 1. I opened a template, made it editable (pencil icon) 2. I opened a longish presentation (~40 slides but no slides nor formatting beyond bold text), copied it's outline 3. I pasted the outline to now-editable template from point 1 Actual result: LO crashed (even after a fresh start) Expected result: LO keeps running Version-Release number of selected component: libreoffice-core-4.1.4.2-3.el7 Additional info: reporter: libreport-2.1.11 backtrace_rating: 4 cmdline: /usr/lib64/libreoffice/program/soffice.bin --impress --splash-pipe=6 crash_function: std::__throw_bad_alloc executable: /usr/lib64/libreoffice/program/soffice.bin kernel: 3.10.0-123.1.2.el7.x86_64 runlevel: N 5 type: CCpp uid: 16189 Truncated backtrace: Thread no. 1 (10 frames) #6 std::__throw_bad_alloc at ../../../../../libstdc++-v3/src/c++11/functexcept.cc:52 #7 allocate at /usr/include/c++/4.8.2/ext/new_allocator.h:102 #8 _M_allocate at /usr/include/c++/4.8.2/bits/stl_vector.h:168 #9 _M_create_storage at /usr/include/c++/4.8.2/bits/stl_vector.h:181 #10 _Vector_base at /usr/include/c++/4.8.2/bits/stl_vector.h:136 #11 vector at /usr/include/c++/4.8.2/bits/stl_vector.h:270 #12 Outliner::CreateParaObject at /usr/src/debug/libreoffice-4.1.4.2/editeng/source/outliner/outliner.cxx:411 #13 sd::OutlineViewShell::UpdateTitleObject at /usr/src/debug/libreoffice-4.1.4.2/sd/source/ui/view/outlnvsh.cxx:1696 #14 sd::OutlineView::UpdateDocument at /usr/src/debug/libreoffice-4.1.4.2/sd/source/ui/view/outlview.cxx:1583 #15 sd::OutlineView::EndModelChange at /usr/src/debug/libreoffice-4.1.4.2/sd/source/ui/view/outlview.cxx:1553
Created attachment 916776 [details] File: backtrace
Created attachment 916777 [details] File: cgroup
Created attachment 916778 [details] File: core_backtrace
Created attachment 916779 [details] File: dso_list
Created attachment 916780 [details] File: environ
Created attachment 916781 [details] File: limits
Created attachment 916782 [details] File: maps
Created attachment 916783 [details] File: open_fds
Created attachment 916784 [details] File: proc_pid_status
Created attachment 916785 [details] File: var_log_messages
Created attachment 916786 [details] File: binary
Created attachment 916787 [details] File: sosreport.tar.xz
A minor clarification: I selected slides 2-47 to copy.
(In reply to David Jaša from comment #0) > Description of problem: > 1. I opened a template, made it editable (pencil icon) > 2. I opened a longish presentation (~40 slides but no slides nor formatting > beyond bold text), copied it's outline > 3. I pasted the outline to now-editable template from point 1 Did you paste it into the outline view too? Or into a text block in a slide?
(In reply to David Tardon from comment #17) > (In reply to David Jaša from comment #0) > > Description of problem: > > 1. I opened a template, made it editable (pencil icon) > > 2. I opened a longish presentation (~40 slides but no slides nor formatting > > beyond bold text), copied it's outline > > 3. I pasted the outline to now-editable template from point 1 > > Did you paste it into the outline view too? Or into a text block in a slide? Yes, to Outline as well
blast thing refuses to throw bad alloc for me, and valgrind doesn't show any particularly huge leaks or other problems. Perhaps we have some insane temporary peak memory use here. caolanm->djasa: What's the output of ulimit -a && free && uname -a
$ ulimit -a && free && uname -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 92215 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 92215 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited total used free shared buffers cached Mem: 11825196 10784312 1040884 1259400 132340 3237352 -/+ buffers/cache: 7414620 4410576 Swap: 0 0 0 Linux cihla.spice.brq.redhat.com 3.10.0-123.1.2.el7.x86_64 #1 SMP Wed Jun 4 15:22:01 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux I could possibly run LO in valgrind if you give me a suitable invocation.
nah, on second examination its not a memory thing, its a negative number used in new. Somehow ParagraphList::GetAbsPos( pPara ) didn't find the paragraph, returns -1 for not found and that goes on to get used elsewhere is a disastrous manner. We know that pPara is not NULL so its hard to see what that happened. I can probably bodge things based on the bt to not crash, but the real mystery is why I cannot reproduce this. Here's my exact step-by-step. a) Open both attached documents, b In spice-debugging switch to outline tab, put mouse at the start of "Components", ctrl + shift + end, ctrl + c c) switch to InternalPresoTemplate, click on outline, ctrl + v
(In reply to Caolan McNamara from comment #21) ... > Here's my exact step-by-step. > > a) Open both attached documents, > b In spice-debugging switch to outline tab, put mouse at the start of > "Components", ctrl + shift + end, ctrl + c > c) switch to InternalPresoTemplate, click on outline, go to second slide, you'll get the crash > ctrl + v (in the 4.1, any slide would do. I pasted to 2. to keep first slide empty for headers...)
reproducible now
fixed upstream now as http://cgit.freedesktop.org/libreoffice/core/commit/?id=a5793f5e0013b156600fd718d8f77870a9e73032
*** Bug 1115472 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0377.html