Bug 603955 - [abrt] crash in sd::DrawViewShell::GetStatusBarState
Summary: [abrt] crash in sd::DrawViewShell::GetStatusBarState
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openoffice.org
Version: 13
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:db6d8a92d91f9dec0273e8a3c92...
: 660508 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-15 00:41 UTC by tjyuviaej
Modified: 2011-03-08 20:34 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-06-21 15:00:51 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (99.51 KB, text/plain)
2010-06-15 00:41 UTC, tjyuviaej 		no flags Details
View All

Description tjyuviaej 2010-06-15 00:41:04 UTC 
abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: /usr/lib64/openoffice.org3/program/simpress.bin -impress
component: openoffice.org
crash_function: operator-=
executable: /usr/lib64/openoffice.org3/program/simpress.bin
global_uuid: db6d8a92d91f9dec0273e8a3c92e20e3ff26f470
kernel: 2.6.33.5-112.fc13.x86_64
package: openoffice.org-impress-1:3.2.0-12.24.fc13
rating: 4
reason: Process /usr/lib64/openoffice.org3/program/simpress.bin was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

How to reproduce
-----
1. Run ooimpress
2. Edit 8.4MB file for a while
3. Crash
Comment 1 tjyuviaej 2010-06-15 00:41:06 UTC 
Created attachment 424003 [details]
File: backtrace
Comment 2 David Tardon 2010-06-15 06:32:50 UTC 
I see one use of uninitialized value in StatusBar under valgrind that might be related to this, but I doubt it somehow... Can you reproduce the crash? What were you doing when it happened?
Comment 3 tjyuviaej 2010-06-16 02:32:52 UTC 
I'm not clear how to reproduce.  But I found a heavy disk access before crash.

I don't remember the RES and SHR in top command. However VIRT is about 2.8GB.
My Fedora box has 3081MB memory and 5117MB swap.

When the crash occurred, I edit a 8.5MB odp file for about one or two hour with firefox, thunderbird and GNOME desktop.
Comment 4 Caolan McNamara 2010-06-18 16:07:55 UTC 
Do you still have the .odp, maybe there's some embedded format or something inside it that does something interesting on save with the status bar.

----

sd/source/ui/view/drviewsa.cxx does have...

if( SFX_ITEM_AVAILABLE == rSet.GetItemState( SID_ATTR_ZOOMSLIDER ) )
{
   ...
   SdrPageView* pPageView = mpDrawView->GetSdrPageView();
   if( pPageView )
   {
       ...
   }
}
...
Point aPos = GetActiveWindow()->PixelToLogic(maMousePos);
mpDrawView->GetSdrPageView()->LogicToPagePos(aPos);

which begs the question of why bother checking for non-NULL pPageView if its definitely going to dereference it afterwards anyway,
Comment 5 Takanori MATSUURA 2010-06-21 02:07:35 UTC 
I still have the .odp file.

I don't think I want to put the file here but I can send you directly. If you want to investigate this bug with my .odp file, please let me know.
Comment 6 Takanori MATSUURA 2010-06-21 02:15:47 UTC 
Please ignore my comment #5.
Comment 7 tjyuviaej 2010-06-21 02:16:54 UTC 
I still have the .odp file.

I don't think I want to put the file here but I can send you directly. If you
want to investigate this bug with my .odp file, please let me know.
Comment 8 Caolan McNamara 2010-06-21 10:18:07 UTC 
Sure, send it on to me, it's worth a shot
Comment 9 Caolan McNamara 2010-06-21 15:00:51 UTC 
I got the .odp, played around with it a bit and did some load/save under valgrind, but nothing jumped out at me as a source for this :-(
Comment 10 Caolan McNamara 2011-03-08 20:34:21 UTC 
*** Bug 660508 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.