Bug 1719378 - crash in Draw after starting a drag
Summary: crash in Draw after starting a drag
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libreoffice
Version: 30
Hardware: ppc64le
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: PPCTracker
TreeView+ depends on / blocked
 
Reported: 2019-06-11 15:53 UTC by Dan Horák
Modified: 2019-06-14 00:54 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-06-14 00:54:40 UTC


Attachments (Terms of Use)
workaround we used in the past (1.11 KB, application/mbox)
2019-06-11 15:59 UTC, Caolan McNamara
no flags Details

Description Dan Horák 2019-06-11 15:53:16 UTC
Description of problem:
A crash happens in Draw after starting a drag action.

Version-Release number of selected component (if applicable):
libreoffice-core-6.2.4.2-1.fc30.ppc64le

How reproducible:
100%

Steps to Reproduce:
1. start LO Draw
2. put a rectangle to a new doc
3. click and hold on a corner, like when starting a drag action

Actual results:
crash

Expected results:
no crash

Additional info:
(gdb) where
#0  0x00007fffa80d2628 in raise () at /lib64/libc.so.6
#1  0x00007fffa80b470c in abort () at /lib64/libc.so.6
#2  0x00007fffa843e738 in  () at /usr/lib64/libreoffice/program/libuno_sal.so.3
#3  0x00007fffa84804e8 in <signal handler called> () at arch/powerpc/kernel/vdso64/sigtramp.S
#4  0x918a0639ec1b3700 in  ()
#5  0x00007fff9c95ccac in SalFrame::CallCallback(SalEvent, void const*) const (pEvent=0x7fffea948e78, nEvent=SalEvent::LongPress, this=0x7fffea949150)
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/include/vcl/vclptr.hxx:186
#6  0x00007fff9c95ccac in GtkSalFrame::CallCallbackExc(SalEvent, void const*) const
    (this=this@entry=0x7fffea949150, nEvent=nEvent@entry=SalEvent::LongPress, pEvent=pEvent@entry=0x7fffea948e78)
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/unx/gtk3/gtk3gtkframe.cxx:4506
#7  0x00007fff9c95cf8c in GtkSalFrame::gestureLongPress(_GtkGestureLongPress*, void*) (frame=0x7fffea949150, gesture=0x1466010d0 [GtkGestureLongPress])
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/unx/gtk3/gtk3gtkframe.cxx:2883
#8  0x00007fff9c95cf8c in GtkSalFrame::gestureLongPress(_GtkGestureLongPress*, void*) (gesture=0x1466010d0 [GtkGestureLongPress], frame=0x7fffea949150)
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/unx/gtk3/gtk3gtkframe.cxx:2869
#9  0x00007fff9e0374e0 in ffi_call_LINUX64 () at ../src/powerpc/linux64.S:133
#10 0x00007fff9e036084 in ffi_call (cif=0x7fffea949150, fn=<optimized out>, rvalue=0x7fffea9490f0, avalue=0x7fffa08a25e8 <typeinfo for com::sun::star::graphic::XPrimitive2D>)
    at ../src/powerpc/ffi.c:100
#11 0x00007fff9fc28970 in g_cclosure_marshal_generic_va
    (closure=<optimized out>, return_value=0x0, instance=<optimized out>, args_list=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x1466f8bd0)
    at ../gobject/gclosure.c:1614
#12 0x00007fff9fc279f0 in _g_closure_invoke_va (closure=0x146b4d990, return_value=0x0, instance=0x1466010d0, args=0x7fffea9494d8 "", n_params=<optimized out>, param_types=0x1466f8bd0)
    at ../gobject/gclosure.c:873
#13 0x00007fff9fc4fd28 in g_signal_emit_valist (instance=0x1466010d0, signal_id=<optimized out>, detail=<optimized out>, var_args=0x7fffea9494d8 "") at ../gobject/gsignal.c:3300
#14 0x00007fff9fc50120 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../gobject/gsignal.c:3447
#15 0x00007fff9c1e4e70 in _gtk_gesture_long_press_timeout (user_data=0x1466010d0) at gtkgesturelongpress.c:108
#16 0x00007fff9bde1820 in gdk_threads_dispatch (data=0x146725100) at gdk.c:772
#17 0x00007fff9faebb98 in g_timeout_dispatch (source=0x147aa65d0, callback=<optimized out>, user_data=<optimized out>) at ../glib/gmain.c:4678
#18 0x00007fff9faea9ac in g_main_dispatch (context=0x1456c39a0) at ../glib/gmain.c:3189
#19 0x00007fff9faea9ac in g_main_context_dispatch (context=0x1456c39a0) at ../glib/gmain.c:3854
#20 0x00007fff9faeaec8 in g_main_context_iterate (context=context@entry=0x1456c39a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3927
#21 0x00007fff9faeafc8 in g_main_context_iteration (context=0x1456c39a0, may_block=<optimized out>) at ../glib/gmain.c:3988
#22 0x00007fff9c8cfba0 in GtkSalData::Yield(bool, bool) (this=0x14555e5a0, bWait=<optimized out>, bHandleAllCurrentEvents=<optimized out>)
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/unx/gtk3/gtk3gtkdata.cxx:464
#23 0x00007fff9c8d2814 in GtkInstance::DoYield(bool, bool) (this=<optimized out>, bWait=<optimized out>, bHandleAllCurrentEvents=<optimized out>)
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/inc/unx/gtk/gtkdata.hxx:197
#24 0x00007fffa416347c in ImplYield(bool, bool) (i_bWait=<optimized out>, i_bAllEvents=<optimized out>) at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/source/app/svapp.cxx:439
#25 0x00007fffa4166b14 in Application::Execute() () at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/source/app/svapp.cxx:420
#26 0x00007fffa82ffbd8 in desktop::Desktop::Main() (this=0x7fffea949b50) at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/desktop/source/app/app.cxx:1635
#27 0x00007fffa4170c9c in ImplSVMain() () at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/source/app/svmain.cxx:203
#28 0x00007fffa4170ea8 in SVMain() () at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/vcl/source/app/svmain.cxx:237
#29 0x00007fffa8335928 in soffice_main() () at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/desktop/source/app/sofficemain.cxx:169
#30 0x00000001258108c0 in sal_main () at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/desktop/source/app/main.c:48
#31 0x00000001258108c0 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/desktop/source/app/main.c:47

Comment 1 Dan Horák 2019-06-11 15:58:36 UTC
a bit more info from gdb

this->mProc is the faulty address

(gdb) up 5
#5  0x00007fff9c95ccac in SalFrame::CallCallback (pEvent=0x7fffea948e78, nEvent=SalEvent::LongPress, this=0x7fffea949150)
    at /usr/src/debug/libreoffice-6.2.4.2-1.fc30.ppc64le/include/vcl/vclptr.hxx:186
186	    operator reference_type * () const
(gdb) l
181	    {
182	        m_rInnerRef.set(pBody);
183	        return *this;
184	    }
185	
186	    operator reference_type * () const
187	    {
188	        return m_rInnerRef.get();
189	    }
(gdb) p this
$1 = (const SalFrame * const) 0x7fffea949150
(gdb) p *this
$2 = {<vcl::DeletionNotifier> = {m_aListeners = std::__cxx11::list = {[0] = 0x7fff9e0378d8 <ffi_type_double>, 
      [1] = 0x0<error reading variable: Cannot access memory at address 0x8>...}}, <SalGeometryProvider> = {_vptr.SalGeometryProvider = 0x40000000b}, m_pWindow = {
    m_rInnerRef = rtl::Reference to 0x4}, m_pProc = 0x918a0639ec1b3700, m_xFrameWeld = std::unique_ptr<weld::Window> = {get() = 0x0}, maGeometry = {nX = 140737128995055, 
    nY = 140737128995104, nWidth = 140737128994008, nHeight = 0, nLeftDecoration = 0, nTopDecoration = 4, nRightDecoration = 5481224592, nBottomDecoration = 140735874205912, 
    nDisplayScreenNumber = 0}}

Comment 2 Caolan McNamara 2019-06-11 15:59 UTC
Created attachment 1579464 [details]
workaround we used in the past

Comment 3 Caolan McNamara 2019-06-11 16:02:55 UTC
hmph, have we that signal signature wrong all this time, or did it change at some point

Comment 4 Caolan McNamara 2019-06-11 16:13:39 UTC
https://gerrit.libreoffice.org/#/c/73829/

Comment 5 Dan Horák 2019-06-11 16:20:16 UTC
I've had a case where a wrong signature for a callback let to a crash on ppc64le, but worked fine everywhere else. Thanks, this was fast.

Comment 6 Fedora Update System 2019-06-12 08:00:10 UTC
FEDORA-2019-a8343bd43b has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-a8343bd43b

Comment 7 Fedora Update System 2019-06-13 00:55:53 UTC
libreoffice-6.2.4.2-2.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-a8343bd43b

Comment 8 Fedora Update System 2019-06-14 00:54:40 UTC
libreoffice-6.2.4.2-2.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.