Bug 510394 - Crash while saving xls file possibly due to double free or corruption error
Crash while saving xls file possibly due to double free or corruption error
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openoffice.org (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: David Tardon
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-08 20:53 EDT by Ed Solis
Modified: 2009-08-31 19:32 EDT (History)
2 users (show)

See Also:
Fixed In Version: 3.1.1-19.1.fc11
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-31 19:32:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Sample XLS that generated the error (8.50 KB, application/vnd.ms-excel)
2009-07-08 20:53 EDT, Ed Solis
no flags Details
mapped stack (4.33 KB, text/plain)
2009-07-09 03:02 EDT, David Tardon
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenOffice.org 101725 None None None Never

  None (edit)
Description Ed Solis 2009-07-08 20:53:18 EDT
Created attachment 351006 [details]
Sample XLS that generated the error

Description of problem:

oocalc crashes while saving an xls spreadsheet. The console shows that glibc detected a double free or corruption bug. Below is the console output

*** glibc detected *** /usr/lib/openoffice.org3/program/scalc.bin: double free or corruption (!prev): 0x09bacd10 ***
======= Backtrace: =========
/lib/libc.so.6[0x1ab231]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0x3c23f1]
/usr/lib/openoffice.org3/program/../basis-link/program/libscli.so[0x10f59f0]
/usr/lib/openoffice.org3/program/../basis-link/program/libscli.so[0x10f5e44]
/usr/lib/openoffice.org3/program/../basis-link/program/libscli.so(_ZN10ScDocumentD1Ev+0x407)[0x10cd4af]
/usr/lib/openoffice.org3/program/../basis-link/program/libscli.so(_ZN10ScDocShellD0Ev+0x1fb)[0xe22479]
/usr/lib/openoffice.org3/program/../basis-link/program/libtlli.so(_ZN9SvRefBase11QueryDeleteEv+0x16)[0x9084ce]
/usr/lib/openoffice.org3/program/../basis-link/program/libsotli.so(_ZN9SotObject11QueryDeleteEv+0x31)[0x6f92d23]
/usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so[0x6261bf6]
/usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so[0x631d631]
/usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so(_ZN15SfxTopViewFrameD0Ev+0x53)[0x6325b83]
/usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so(_ZN15SfxTopViewFrame5CloseEv+0x51)[0x6325f63]
/usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so[0x630f804]
/usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so(_ZN17SfxBaseController7disposeEv+0x399)[0x632ba45]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5ab6dd4]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5ab57df]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5a902be]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5a94460]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5a88d21]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5a89154]
/usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so[0x5a89459]
/usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so[0x833eb68]
/usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so[0x82eae02]
/usr/lib/openoffice.org/basis3.1/program/libvclplug_genli.so(_ZN10SalDisplay21DispatchInternalEventEv+0x97)[0x7fb7287]
/usr/lib/openoffice.org/basis3.1/program/libvclplug_gtkli.so[0x1b46f1b]
/lib/libglib-2.0.so.0[0x38f9f31]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1f8)[0x38fbd78]
/lib/libglib-2.0.so.0[0x38ff310]
/lib/libglib-2.0.so.0(g_main_context_iteration+0x73)[0x38ff443]
/usr/lib/openoffice.org/basis3.1/program/libvclplug_gtkli.so[0x1b46fe3]
/usr/lib/openoffice.org/basis3.1/program/libvclplug_genli.so(_ZN14X11SalInstance5YieldEbb+0x2f)[0x7fbd815]
/usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so(_ZN11Application5YieldEb+0x5c)[0x8175760]
/usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so(_ZN11Application7ExecuteEv+0x2b)[0x81757af]
/usr/lib/openoffice.org3/program/../basis-link/program/libsofficeapp.so[0x49fecb]
/usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so[0x81798bf]
/usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so(_Z6SVMainv+0x2c)[0x8179a57]
/usr/lib/openoffice.org3/program/../basis-link/program/libsofficeapp.so(soffice_main+0xd0)[0x4c41b8]
/usr/lib/openoffice.org3/program/scalc.bin(main+0x20)[0x80487c4]
/lib/libc.so.6(__libc_start_main+0xe6)[0x151a66]
/usr/lib/openoffice.org3/program/scalc.bin[0x8048711]
======= Memory map: ========
00110000-0013a000 r-xp 00000000 fd:01 14259      /lib/libgcc_s-4.4.0-20090506.so.1
0013a000-0013b000 rw-p 00029000 fd:01 14259      /lib/libgcc_s-4.4.0-20090506.so.1
0013b000-002a6000 r-xp 00000000 fd:01 205953     /lib/libc-2.10.1.so
002a6000-002a7000 ---p 0016b000 fd:01 205953     /lib/libc-2.10.1.so
002a7000-002a9000 r--p 0016b000 fd:01 205953     /lib/libc-2.10.1.so
002a9000-002aa000 rw-p 0016d000 fd:01 205953     /lib/libc-2.10.1.so
002aa000-002ad000 rw-p 002aa000 00:00 0 
002ad000-002d8000 r-xp 00000000 fd:01 70139      /usr/lib/openoffice.org/ure/lib/libuno_cppu.so.3
002d8000-002d9000 rw-p 0002b000 fd:01 70139      /usr/lib/openoffice.org/ure/lib/libuno_cppu.so.3
002d9000-002de000 r-xp 00000000 fd:01 178549     /usr/lib/openoffice.org/basis3.1/program/libi18nisolang1gcc3.so
002de000-002df000 rw-p 00005000 fd:01 178549     /usr/lib/openoffice.org/basis3.1/program/libi18nisolang1gcc3.so
002df000-00300000 r-xp 00000000 fd:01 178638     /usr/lib/openoffice.org/basis3.1/program/libvos3gcc3.so
00300000-00302000 rw-p 00021000 fd:01 178638     /usr/lib/openoffice.org/basis3.1/program/libvos3gcc3.so
00302000-00305000 r-xp 00000000 fd:01 70143      /usr/lib/openoffice.org/ure/lib/libuno_salhelpergcc3.so.3
00305000-00306000 rw-p 00003000 fd:01 70143      /usr/lib/openoffice.org/ure/lib/libuno_salhelpergcc3.so.3
00306000-0030c000 r-xp 00000000 fd:01 70133      /usr/lib/openoffice.org/ure/lib/libjvmaccessgcc3.so.3
0030c000-0030d000 rw-p 00005000 fd:01 70133      /usr/lib/openoffice.org/ure/lib/libjvmaccessgcc3.so.3
0030d000-003f0000 r-xp 00000000 fd:01 205992     /usr/lib/libstdc++.so.6.0.11
003f0000-003f4000 r--p 000e2000 fd:01 205992     /usr/lib/libstdc++.so.6.0.11
003f4000-003f6000 rw-p 000e6000 fd:01 205992     /usr/lib/libstdc++.so.6.0.11
003f6000-003fc000 rw-p 003f6000 00:00 0 
003fc000-00412000 r-xp 00000000 fd:01 205956     /lib/libpthread-2.10.1.so
00412000-00413000 ---p 00016000 fd:01 205956     /lib/libpthread-2.10.1.so
00413000-00414000 r--p 00016000 fd:01 205956     /lib/libpthread-2.10.1.so
00414000-00415000 rw-p 00017000 fd:01 205956     /lib/libpthread-2.10.1.so
00415000-00417000 rw-p 00415000 00:00 0 
00417000-00429000 r-xp 00000000 fd:01 178594     /usr/lib/openoffice.org/basis3.1/program/libsaxli.so
00429000-0042a000 rw-p 00011000 fd:01 178594     /usr/lib/openoffice.org/basis3.1/program/libsaxli.so
0042a000-0042b000 r-xs 00000000 fd:01 407426     /home/esolis/.execooop1P3bT (deleted)
0042b000-0044b000 r-xp 00000000 fd:01 205952     /lib/ld-2.10.1.so
0044b000-0044c000 r--p 0001f000 fd:01 205952     /lib/ld-2.10.1.so
0044c000-0044d000 rw-p 00020000 fd:01 205952     /lib/ld-2.10.1.so
0044d000-00477000 r-xp 00000000 fd:01 178478     /usr/lib/openoffice.org/basis3.1/program/libavmediali.so
00477000-00479000 rw-p 0002a000 fd:01 178478     /usr/lib/openoffice.org/basis3.1/program/libavmediali.so
00479000-00480000 r-xp 00000000 fd:01 178566     /usr/lib/openoffice.org/basis3.1/program/libjli_g.so
00480000-00481000 rw-p 00006000 fd:01 178566     /usr/lib/openoffice.org/basis3.1/program/libjli_g.so
00481000-00483000 r-xp 00000000 fd:01 205966     /usr/lib/libXau.so.6.0.0
00483000-00484000 rw-p 00001000 fd:01 205966     /usr/lib/libXau.so.6.0.0
00484000-00486000 r-xp 00000000 fd:01 397779     /usr/lib/libXinerama.so.1.0.0
00486000-00487000 rw-p 00001000 fd:01 397779     /usr/lib/libXinerama.so.1.0.0
00487000-004e9000 r-xp 00000000 fd:01 178604     /usr/lib/openoffice.org/basis3.1/program/libsofficeapp.so
004e9000-004ec000 rw-p 00062000 fd:01 178604     /usr/lib/openoffice.org/basis3.1/program/libsofficeapp.so
004ec000-00579000 r-xp 00000000 fd:01 70140      /usr/lib/openoffice.org/ure/lib/libuno_cppuhelpergcc3.so.3
00579000-0057c000 rw-p 0008c000 fd:01 70140      /usr/lib/openoffice.org/ure/lib/libuno_cppuhelpergcc3.so.3
0057c000-005be000 r-xp 00000000 fd:01 178545     /usr/lib/openoffice.org/basis3.1/program/libgoli.so
005be000-005c0000 rw-p 00042000 fd:01 178545     /usr/lib/openoffice.org/basis3.1/program/libgoli.so
005c0000-005c2000 r-xp 00000000 fd:01 397892     /usr/lib/libXcomposite.so.1.0.0
005c2000-005c3000 rw-p 00001000 fd:01 397892     /usr/lib/libXcomposite.so.1.0.0
005c3000-005c6000 r-xp 00000000 fd:01 205968     /lib/libdl-2.10.1.so
005c6000-005c7000 r--p 00002000 fd:01 205968     /lib/libdl-2.10.1.so
005c7000-005c8000 rw-p 00003000 fd:01 205968     /lib/libdl-2.10.1.so
005c8000-005c9000 r-xs 00000000 fd:01 407474     /home/esolis/.execoooZCWJCz (deleted)
005c9000-005ca000 r-xs 00000000 fd:01 407491     /home/esolis/.execooovkPs3f (deleted)
005ca000-005f0000 r-xp 00000000 fd:01 73017      /lib/libm-2.10.1.so
005f0000-005f1000 r--p 00025000 fd:01 73017      /lib/libm-2.10.1.so
005f1000-005f2000 rw-p 00026000 fd:01 73017      /lib/libm-2.10.1.so
005f2000-007a1000 r-xp 00000000 fd:01 70142      /usr/lib/openoffice.org/ure/lib/libuno_sal.so.3
007a1000-007b5000 rw-p 001ae000 fd:01 70142      /usr/lib/openoffice.org/ure/lib/libuno_sal.so.3
007b5000-007b8000 rw-p 007b5000 00:00 0 
007b8000-008a9000 r-xp 00000000 fd:01 178611     /usr/lib/openoffice.org/basis3.1/program/libsvlli.so
008a9000-008af000 rw-p 000f0000 fd:01 178611     /usr/lib/openoffice.org/basis3.1/program/libsvlli.so
008af000-0094e000 r-xp 00000000 fd:01 178619     /usr/lib/openoffice.org/basis3.1/program/libtlli.so
0094e000-00951000 rw-p 0009f000 fd:01 178619     /usr/lib/openoffice.org/basis3.1/program/libtlli.so
00951000-009bd000 r-xp 00000000 fd:01 178622     /usr/lib/openoffice.org/basis3.1/program/libucbhelper4gcc3.so
009bd000-009c0000 rw-p 0006b000 fd:01 178622     /usr/lib/openoffice.org/basis3.1/program/libucbhelper4gcc3.so
009c0000-00a44000 r-xp 00000000 fd:01 178633     /usr/lib/openoffice.org/basis3.1/program/libutlli.so
00a44000-00a48000 rw-p 0
---start copy and paste here---
(I)    x.org loaded video driver of...
(II) Loading /usr/lib/xorg/modules/drivers//intel_drv.so
(II) Loading /usr/lib/xorg/modules/drivers//vesa_drv.so
(II) Loading /usr/lib/xorg/modules/drivers//fbdev_drv.so
(II) Unloading /usr/lib/xorg/modules/drivers//vesa_drv.so
(II) Unloading /usr/lib/xorg/modules/drivers//fbdev_drv.so
(==) Depth 24 pixmap format is 32 bpp
(III)  Desktop is: GNOME
(IV)   openoffice.org-kde version is: package openoffice.org-kde is not installed
(V)    libgcj version is: libgcj-4.4.0-4-i586
(VI)   kernel is: Linux 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686 i686 i386
(VII)  OpenOffice.org core rpm version is: openoffice.org-core-3.1.0-11.3.fc11-i586
(VIII) accessibility is: false
(IX)   gtk theme is: Nodoka
(X)    icon theme is: Fedora
(XI)   metacity theme is: Nodoka
(XII)  fedora release is: Fedora release 11 (Leonidas)
(XIII) LANG is: en_US.UTF-8
...start free space details ...
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/vg_esolis-lv_root
                      72662312  11682464  57288740  17% /
/dev/mapper/vg_esolis-lv_root
                      72662312  11682464  57288740  17% /
...end free space details ...
...start (default) java details ...
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Server VM (build 14.0-b16, mixed mode)
...end (default) java details ...
...start sestatus details ...
SELinux status:                 disabled
...end sestatus details ...
...start stackreport details ...
0x612e1e: 0x1c04c0: /usr/lib/openoffice.org3/program/../basis-link/ure-link/lib/libuno_sal.so.3 + 0x20e1e
0x613765: 0x1c04c0: /usr/lib/openoffice.org3/program/../basis-link/ure-link/lib/libuno_sal.so.3 + 0x21765
0xcf9400: 0x0:  + 0x400 (__kernel_sigreturn + 0x0)
0xcf9424: 0x0:  + 0x424 (__kernel_vsyscall + 0x10)
0x1667c1: 0x16cd7c: /lib/libc.so.6 + 0x2b7c1 (gsignal + 0x51)
0x168092: 0x16cd7c: /lib/libc.so.6 + 0x2d092 (abort + 0x182)
0x1a4dad: 0x16cd7c: /lib/libc.so.6 + 0x69dad
0x1ab231: 0x16cd7c: /lib/libc.so.6 + 0x70231
0x3c23f1: 0xe60f8: /usr/lib/libstdc++.so.6 + 0xb53f1 (operator delete(void*) + 0x21)
0x10f59f0: 0x8670f8: /usr/lib/openoffice.org3/program/../basis-link/program/libscli.so + 0x3fb9f0
0x10f5e44: 0x8670f8: /usr/lib/openoffice.org3/program/../basis-link/program/libscli.so + 0x3fbe44
0x10cd4af: 0x8670f8: /usr/lib/openoffice.org3/program/../basis-link/program/libscli.so + 0x3d34af (ScDocument::~ScDocument() + 0x407)
0xe22479: 0x8670f8: /usr/lib/openoffice.org3/program/../basis-link/program/libscli.so + 0x128479 (ScDocShell::~ScDocShell() + 0x1fb)
0x9084ce: 0xa05a8: /usr/lib/openoffice.org3/program/../basis-link/program/libtlli.so + 0x594ce (SvRefBase::QueryDelete() + 0x16)
0x6f92d23: 0x5ba34: /usr/lib/openoffice.org3/program/../basis-link/program/libsotli.so + 0xfd23 (SotObject::QueryDelete() + 0x31)
0x6261bf6: 0x3c1d68: /usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so + 0xf1bf6
0x631d631: 0x3c1d68: /usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so + 0x1ad631
0x6325b83: 0x3c1d68: /usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so + 0x1b5b83 (SfxTopViewFrame::~SfxTopViewFrame() + 0x53)
0x6325f63: 0x3c1d68: /usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so + 0x1b5f63 (SfxTopViewFrame::Close() + 0x51)
0x630f804: 0x3c1d68: /usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so + 0x19f804
0x632ba45: 0x3c1d68: /usr/lib/openoffice.org3/program/../basis-link/program/libsfxli.so + 0x1bba45 (SfxBaseController::dispose() + 0x399)
0x5ab6dd4: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x99dd4
0x5ab57df: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x987df
0x5a902be: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x732be
0x5a94460: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x77460
0x5a88d21: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x6bd21
0x5a89154: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x6c154
0x5a89459: 0x2961bc: /usr/lib/openoffice.org3/program/../basis-link/program/libfwkli.so + 0x6c459
0x833eb68: 0x38576c: /usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so + 0x25ab68
0x82eae02: 0x38576c: /usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so + 0x206e02
0x7fb7287: 0x7b5f8: /usr/lib/openoffice.org/basis3.1/program/libvclplug_genli.so + 0x48287 (SalDisplay::DispatchInternalEvent() + 0x97)
0x1b46f1b: 0x4ef60: /usr/lib/openoffice.org/basis3.1/program/libvclplug_gtkli.so + 0x11f1b
0x38f9f31: 0xdd050: /lib/libglib-2.0.so.0 + 0x32f31
0x38fbd78: 0xdd050: /lib/libglib-2.0.so.0 + 0x34d78 (g_main_context_dispatch + 0x1f8)
0x38ff310: 0xdd050: /lib/libglib-2.0.so.0 + 0x38310
0x38ff443: 0xdd050: /lib/libglib-2.0.so.0 + 0x38443 (g_main_context_iteration + 0x73)
0x1b46fe3: 0x4ef60: /usr/lib/openoffice.org/basis3.1/program/libvclplug_gtkli.so + 0x11fe3
0x7fbd815: 0x7b5f8: /usr/lib/openoffice.org/basis3.1/program/libvclplug_genli.so + 0x4e815 (X11SalInstance::Yield(bool, bool) + 0x2f)
0x8175760: 0x38576c: /usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so + 0x91760 (Application::Yield(bool) + 0x5c)
0x81757af: 0x38576c: /usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so + 0x917af (Application::Execute() + 0x2b)
0x49fecb: 0x638c0: /usr/lib/openoffice.org3/program/../basis-link/program/libsofficeapp.so + 0x18ecb
0x81798bf: 0x38576c: /usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so + 0x958bf
0x8179a57: 0x38576c: /usr/lib/openoffice.org3/program/../basis-link/program/libvclli.so + 0x95a57 (SVMain() + 0x2c)
0x4c41b8: 0x638c0: /usr/lib/openoffice.org3/program/../basis-link/program/libsofficeapp.so + 0x3d1b8 (soffice_main + 0xd0)
0x80487c4: 0xd04: /usr/lib/openoffice.org3/program/scalc.bin + 0x7c4 (main + 0x20)
0x151a66: 0x16cd7c: /lib/libc.so.6 + 0x16a66 (__libc_start_main + 0xe6)
0x8048711: 0xd04: /usr/lib/openoffice.org3/program/scalc.bin + 0x711
...end stackreport details ...
...start sample ldd details ...
	linux-gate.so.1 =>  (0x0071e000)
	libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0x0071f000)
	libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0x00110000)
	libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x00cbd000)
	libgio-2.0.so.0 => /lib/libgio-2.0.so.0 (0x001a6000)
	libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0 (0x0021f000)
	libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0 (0x0066a000)
	libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0 (0x002d1000)
	libcairo.so.2 => /usr/lib/libcairo.so.2 (0x00249000)
	libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x004ce000)
	libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x002dc000)
	libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x0036f000)
	libgmodule-2.0.so.0 => /lib/libgmodule-2.0.so.0 (0x002c4000)
	libgthread-2.0.so.0 => /lib/libgthread-2.0.so.0 (0x002c8000)
	librt.so.1 => /lib/librt.so.1 (0x003a3000)
	libdbus-glib-1.so.2 => /usr/lib/libdbus-glib-1.so.2 (0x004a9000)
	libdbus-1.so.3 => /lib/libdbus-1.so.3 (0x003ac000)
	libgobject-2.0.so.0 => /lib/libgobject-2.0.so.0 (0x0044d000)
	libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x00d13000)
	libvclplug_genli.so => /usr/lib/openoffice.org/basis3.1/program/libvclplug_genli.so (0x005a5000)
	libvclli.so => /usr/lib/openoffice.org/basis3.1/program/libvclli.so (0x00df1000)
	libpspli.so => /usr/lib/openoffice.org/basis3.1/program/libpspli.so (0x07acb000)
	libsotli.so => /usr/lib/openoffice.org/basis3.1/program/libsotli.so (0x00514000)
	libutlli.so => /usr/lib/openoffice.org/basis3.1/program/libutlli.so (0x00687000)
	libtlli.so => /usr/lib/openoffice.org/basis3.1/program/libtlli.so (0x00b15000)
	libcomphelp4gcc3.so => /usr/lib/openoffice.org/basis3.1/program/libcomphelp4gcc3.so (0x01e46000)
	libucbhelper4gcc3.so => /usr/lib/openoffice.org/basis3.1/program/libucbhelper4gcc3.so (0x00c20000)
	libuno_cppuhelpergcc3.so.3 => /usr/lib/openoffice.org/basis3.1/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3 (0x0695a000)
	libuno_cppu.so.3 => /usr/lib/openoffice.org/basis3.1/program/../ure-link/lib/libuno_cppu.so.3 (0x003ed000)
	libvos3gcc3.so => /usr/lib/openoffice.org/basis3.1/program/libvos3gcc3.so (0x00572000)
	libuno_sal.so.3 => /usr/lib/openoffice.org/basis3.1/program/../ure-link/lib/libuno_sal.so.3 (0x03b88000)
	libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x00419000)
	libX11.so.6 => /usr/lib/libX11.so.6 (0x05159000)
	libXext.so.6 => /usr/lib/libXext.so.6 (0x0048e000)
	libdl.so.2 => /lib/libdl.so.2 (0x00421000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x00628000)
	libstlport_gcc.so => /usr/lib/openoffice.org/basis3.1/program/../ure-link/lib/libstlport_gcc.so (0x0117e000)
	libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x054a0000)
	libm.so.6 => /lib/libm.so.6 (0x00c8f000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00cda000)
	libc.so.6 => /lib/libc.so.6 (0x042a6000)
	libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00426000)
	libXrender.so.1 => /usr/lib/libXrender.so.1 (0x0049e000)
	libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x0059f000)
	libXi.so.6 => /usr/lib/libXi.so.6 (0x00595000)
	libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x00643000)
	libXcomposite.so.1 => /usr/lib/libXcomposite.so.1 (0x002cd000)
	libXdamage.so.1 => /usr/lib/libXdamage.so.1 (0x004c8000)
	libselinux.so.1 => /lib/libselinux.so.1 (0x01241000)
	libpng12.so.0 => /usr/lib/libpng12.so.0 (0x047b5000)
	libpixman-1.so.0 => /usr/lib/libpixman-1.so.0 (0x0125f000)
	libz.so.1 => /lib/libz.so.1 (0x0064d000)
	libexpat.so.1 => /lib/libexpat.so.1 (0x048fb000)
	/lib/ld-linux.so.2 (0x0042b000)
	libcap.so.2 => /lib/libcap.so.2 (0x00660000)
	libbasegfxli.so => /usr/lib/openoffice.org/basis3.1/program/libbasegfxli.so (0x05b43000)
	libSM.so.6 => /usr/lib/libSM.so.6 (0x0070f000)
	libICE.so.6 => /usr/lib/libICE.so.6 (0x06cc3000)
	libi18nisolang1gcc3.so => /usr/lib/openoffice.org/basis3.1/program/libi18nisolang1gcc3.so (0x00717000)
	libi18nutilgcc3.so => /usr/lib/openoffice.org/basis3.1/program/libi18nutilgcc3.so (0x00bb7000)
	libicuuc.so.40 => /usr/lib/libicuuc.so.40 (0x012a5000)
	libicudata.so.40 => /usr/lib/libicudata.so.40 (0xb728c000)
	libicule.so.40 => /usr/lib/libicule.so.40 (0x0721e000)
	libjvmaccessgcc3.so.3 => /usr/lib/openoffice.org/basis3.1/program/../ure-link/lib/libjvmaccessgcc3.so.3 (0x00d05000)
	libuno_salhelpergcc3.so.3 => /usr/lib/openoffice.org/basis3.1/program/../ure-link/lib/libuno_salhelpergcc3.so.3 (0x00665000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x013e1000)
	libxcb.so.1 => /usr/lib/libxcb.so.1 (0x046ce000)
	libXau.so.6 => /usr/lib/libXau.so.6 (0x004cb000)
	libattr.so.1 => /lib/libattr.so.1 (0x00cb7000)
	libuuid.so.1 => /lib/libuuid.so.1 (0x00d0c000)
	libfreebl3.so => /lib/libfreebl3.so (0x01412000)
...end sample ldd details ...
---end copy and paste here---
paste the above into your bug report



Version-Release number of selected component (if applicable):

3.1.0-11.3.fc11

How reproducible:

Not always

Steps to Reproduce (will not always work):
0. Run oocalc from the command line to see the glibc message
1. Open the attached sample xls file
2. Delete the DataPilot_Sheet1_1 sheet
3. Select columns A, B, and C of Sheet1
4. Select from menu Data->DataPilot->Start
5. Choose Current selection as the select source and click OK
6. Drag the Category button to the Page Fields
7. Drag the Category button to the Column Fields
8. Drag the Info button to the Row Fields
9. Drag the Field button to the Data Fields
10. Clikc Options... button and select Count as the Function, then click OK to close the dialog box
11. Click the More button
12. Choose - new sheet - from the Results to drop down
13. Check ignore empty rows
14. Uncheck Total Columns and Total rows
15. Select OK to generate the DataPilot 
16. Click the save icon on the tool bar
17. Click Keep Current Format button to save in xls format
18. Choose from the menu File->Exit
  
Actual results:

The applications hangs and the console will show a stack trace of the error

Expected results:

The applications will exit properly

Additional info:

The sample.xls file was originally created using ODF format then saved as XLS.
Comment 1 David Tardon 2009-07-09 03:02:49 EDT
Created attachment 351018 [details]
mapped stack
Comment 2 Caolan McNamara 2009-07-09 06:32:18 EDT
ScDPCollection::clearCacheCellPool has a dubious comment about a workaround for a double-free which sounds just like this problem, though I cannot reproduce the reported error under valgrind or not.

Looking closer at ScDPCollection::clearCacheCellPool and friends in indicated
Comment 3 David Tardon 2009-07-09 06:51:16 EDT
dtardon->caolanm: I can't reproduce it, too. But maybe it's related to http://www.openoffice.org/issues/show_bug.cgi?id=101725, i.e. the following change to sc/source/core/data/dpobject.cxx:

@@ -2345,7 +2345,7 @@ ScDPCollection::ScDPCollection(const ScD
 	ScCollection(r),
     pDoc(r.pDoc),
     maSharedString(r.maSharedString),
-    maCacheCellPool(r.maCacheCellPool)
+    maCacheCellPool()   // #i101725# don't copy hash_set with pointers from the other collection
 {
 }
 
@@ -2507,8 +2507,9 @@ void ScDPCollection::clearCacheCellPool(
     vector<ScDPCacheCell*> ps;
     ps.reserve(maCacheCellPool.size());
     copy(maCacheCellPool.begin(), maCacheCellPool.end(), back_inserter(ps));
-    for_each(ps.begin(), ps.end(), DeleteCacheCells());
     maCacheCellPool.clear();
+    // for correctness' sake, delete the elements after clearing the hash_set
+    for_each(ps.begin(), ps.end(), DeleteCacheCells());
 }
Comment 4 Caolan McNamara 2009-07-09 06:54:17 EDT
Yes, as suspected. Cloning the cache doesn't make a lot of sense, end up with two objects, one probably in the undo stack, pointing at the same data, both dtors try and erase the same info
Comment 5 Caolan McNamara 2009-07-09 06:57:15 EDT
i.e. should be easiest to reproduce by deleting the new data pilot sheet after creating it, and then exiting OOo. The above is the right fix, can you backport it as "workspace.calc311fixes" or sommat to the F-11 branch for us.
Comment 6 David Tardon 2009-07-09 08:26:33 EDT
fix committed, will be in >=3.1.0-11.5
Comment 7 Fedora Update System 2009-07-10 03:53:50 EDT
openoffice.org-3.1.0-11.5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/openoffice.org-3.1.0-11.5.fc11
Comment 8 Fedora Update System 2009-07-16 03:06:13 EDT
openoffice.org-3.1.0-11.5.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openoffice.org'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7604
Comment 9 Fedora Update System 2009-08-29 05:41:30 EDT
openoffice.org-3.1.1-19.1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/openoffice.org-3.1.1-19.1.fc11
Comment 10 Fedora Update System 2009-08-31 19:31:52 EDT
openoffice.org-3.1.1-19.1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.