1117853 – [fix available] impress killed by SIGABRT on paste into outline view at a position where the slide has no title object

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1117853 - [fix available] impress killed by SIGABRT on paste into outline view at a position where the slide has no title object

Summary: [fix available] impress killed by SIGABRT on paste into outline view at a pos...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libreoffice
Sub Component:
Version:	7.0
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Caolan McNamara
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:	abrt_hash:06e8c5a783441c35e9b2fe9fa17...
Duplicates (1):	1115472 (view as bug list)
Depends On:	1119709
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-09 13:58 UTC by David Jaša
Modified:	2015-03-05 08:50 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-05 08:50:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
File: backtrace (49.58 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: cgroup (172 bytes, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: core_backtrace (25.29 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: dso_list (22.28 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: environ (1.87 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: limits (1.29 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: maps (106.71 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: open_fds (604 bytes, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: proc_pid_status (1.09 KB, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: var_log_messages (498 bytes, text/plain) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: binary (6.98 KB, application/octet-stream) 2014-07-09 13:58 UTC, David Jaša	no flags	Details
File: sosreport.tar.xz (7.07 MB, application/octet-stream) 2014-07-09 13:59 UTC, David Jaša	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
FreeDesktop.org	81487	0	None	None	None	Never
Red Hat Product Errata	RHSA-2015:0377	0	normal	SHIPPED_LIVE	Moderate: libreoffice security, bug fix, and enhancement update	2015-03-05 13:48:57 UTC

Description David Jaša 2014-07-09 13:58:28 UTC

Description of problem:
1. I opened a template, made it editable (pencil icon)
2. I opened a longish presentation (~40 slides but no slides nor formatting beyond bold text), copied it's outline
3. I pasted the outline to now-editable template from point 1

Actual result:
LO crashed (even after a fresh start)

Expected result:
LO keeps running

Version-Release number of selected component:
libreoffice-core-4.1.4.2-3.el7

Additional info:
reporter:       libreport-2.1.11
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --impress --splash-pipe=6
crash_function: std::__throw_bad_alloc
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.10.0-123.1.2.el7.x86_64
runlevel:       N 5
type:           CCpp
uid:            16189

Truncated backtrace:
Thread no. 1 (10 frames)
 #6 std::__throw_bad_alloc at ../../../../../libstdc++-v3/src/c++11/functexcept.cc:52
 #7 allocate at /usr/include/c++/4.8.2/ext/new_allocator.h:102
 #8 _M_allocate at /usr/include/c++/4.8.2/bits/stl_vector.h:168
 #9 _M_create_storage at /usr/include/c++/4.8.2/bits/stl_vector.h:181
 #10 _Vector_base at /usr/include/c++/4.8.2/bits/stl_vector.h:136
 #11 vector at /usr/include/c++/4.8.2/bits/stl_vector.h:270
 #12 Outliner::CreateParaObject at /usr/src/debug/libreoffice-4.1.4.2/editeng/source/outliner/outliner.cxx:411
 #13 sd::OutlineViewShell::UpdateTitleObject at /usr/src/debug/libreoffice-4.1.4.2/sd/source/ui/view/outlnvsh.cxx:1696
 #14 sd::OutlineView::UpdateDocument at /usr/src/debug/libreoffice-4.1.4.2/sd/source/ui/view/outlview.cxx:1583
 #15 sd::OutlineView::EndModelChange at /usr/src/debug/libreoffice-4.1.4.2/sd/source/ui/view/outlview.cxx:1553

Comment 1 David Jaša 2014-07-09 13:58:31 UTC

Created attachment 916776 [details]
File: backtrace

Comment 2 David Jaša 2014-07-09 13:58:32 UTC

Created attachment 916777 [details]
File: cgroup

Comment 3 David Jaša 2014-07-09 13:58:33 UTC

Created attachment 916778 [details]
File: core_backtrace

Comment 4 David Jaša 2014-07-09 13:58:35 UTC

Created attachment 916779 [details]
File: dso_list

Comment 5 David Jaša 2014-07-09 13:58:36 UTC

Created attachment 916780 [details]
File: environ

Comment 6 David Jaša 2014-07-09 13:58:37 UTC

Created attachment 916781 [details]
File: limits

Comment 7 David Jaša 2014-07-09 13:58:42 UTC

Created attachment 916782 [details]
File: maps

Comment 8 David Jaša 2014-07-09 13:58:43 UTC

Created attachment 916783 [details]
File: open_fds

Comment 9 David Jaša 2014-07-09 13:58:45 UTC

Created attachment 916784 [details]
File: proc_pid_status

Comment 10 David Jaša 2014-07-09 13:58:46 UTC

Created attachment 916785 [details]
File: var_log_messages

Comment 11 David Jaša 2014-07-09 13:58:47 UTC

Created attachment 916786 [details]
File: binary

Comment 12 David Jaša 2014-07-09 13:59:53 UTC

Created attachment 916787 [details]
File: sosreport.tar.xz

Comment 14 David Jaša 2014-07-09 14:03:09 UTC

A minor clarification: I selected slides 2-47 to copy.

Comment 17 David Tardon 2014-07-10 08:39:11 UTC

(In reply to David Jaša from comment #0)
> Description of problem:
> 1. I opened a template, made it editable (pencil icon)
> 2. I opened a longish presentation (~40 slides but no slides nor formatting
> beyond bold text), copied it's outline
> 3. I pasted the outline to now-editable template from point 1

Did you paste it into the outline view too? Or into a text block in a slide?

Comment 18 David Jaša 2014-07-10 08:51:43 UTC

(In reply to David Tardon from comment #17)
> (In reply to David Jaša from comment #0)
> > Description of problem:
> > 1. I opened a template, made it editable (pencil icon)
> > 2. I opened a longish presentation (~40 slides but no slides nor formatting
> > beyond bold text), copied it's outline
> > 3. I pasted the outline to now-editable template from point 1
> 
> Did you paste it into the outline view too? Or into a text block in a slide?

Yes, to Outline as well

Comment 19 Caolan McNamara 2014-07-17 10:13:41 UTC

blast thing refuses to throw bad alloc for me, and valgrind doesn't show any particularly huge leaks or other problems. Perhaps we have some insane temporary peak memory use here.

caolanm->djasa: What's the output of

ulimit -a && free && uname -a

Comment 20 David Jaša 2014-07-17 11:03:00 UTC

$ ulimit -a && free && uname -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 92215
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 92215
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
             total       used       free     shared    buffers     cached
Mem:      11825196   10784312    1040884    1259400     132340    3237352
-/+ buffers/cache:    7414620    4410576
Swap:            0          0          0
Linux cihla.spice.brq.redhat.com 3.10.0-123.1.2.el7.x86_64 #1 SMP Wed Jun 4 15:22:01 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux


I could possibly run LO in valgrind if you give me a suitable invocation.

Comment 21 Caolan McNamara 2014-07-17 12:20:30 UTC

nah, on second examination its not a memory thing, its a negative number used in new.

Somehow ParagraphList::GetAbsPos( pPara ) didn't find the paragraph, returns -1 for not found and that goes on to get used elsewhere is a disastrous manner. We know that pPara is not NULL so its hard to see what that happened.

I can probably bodge things based on the bt to not crash, but the real mystery is why I cannot reproduce this. Here's my exact step-by-step. 

a) Open both attached documents, 
b In spice-debugging switch to outline tab, put mouse at the start of "Components", ctrl + shift + end, ctrl + c
c) switch to InternalPresoTemplate, click on outline, ctrl + v

Comment 22 David Jaša 2014-07-17 14:23:26 UTC

(In reply to Caolan McNamara from comment #21)
...
> Here's my exact step-by-step. 
> 
> a) Open both attached documents, 
> b In spice-debugging switch to outline tab, put mouse at the start of
> "Components", ctrl + shift + end, ctrl + c
> c) switch to InternalPresoTemplate, click on outline,

go to second slide, you'll get the crash

> ctrl + v

(in the 4.1, any slide would do. I pasted to 2. to keep first slide empty for headers...)

Comment 23 Caolan McNamara 2014-07-17 15:49:39 UTC

reproducible now

Comment 24 Caolan McNamara 2014-07-18 09:06:52 UTC

fixed upstream now as http://cgit.freedesktop.org/libreoffice/core/commit/?id=a5793f5e0013b156600fd718d8f77870a9e73032

Comment 25 Caolan McNamara 2014-08-19 08:49:18 UTC

*** Bug 1115472 has been marked as a duplicate of this bug. ***

Comment 29 errata-xmlrpc 2015-03-05 08:50:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0377.html

Note You need to log in before you can comment on or make changes to this bug.