Bug 758860 - [abrt] libreoffice-core-3.4.4.2-3.fc16: BigPtrArray::Index2Block: (search/replace empty paragraphs?) (SIGSEGV)
[abrt] libreoffice-core-3.4.4.2-3.fc16: BigPtrArray::Index2Block: (search/rep...
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: libreoffice (Show other bugs)
16
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Michael Stahl
Fedora Extras Quality Assurance
abrt_hash:52824d6ce33bf922fc4a589cce0...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-30 15:37 EST by M. A. MacLain
Modified: 2012-10-07 11:15 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-09 14:20:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
File: dso_list (21.60 KB, text/plain)
2011-11-30 15:37 EST, M. A. MacLain
no flags Details
File: maps (85.90 KB, text/plain)
2011-11-30 15:37 EST, M. A. MacLain
no flags Details
File: backtrace (48.75 KB, text/plain)
2011-11-30 15:37 EST, M. A. MacLain
no flags Details
A test document that crashes (10.56 KB, application/vnd.oasis.opendocument.text)
2011-12-06 12:58 EST, M. A. MacLain
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
FreeDesktop.org 40831 None None None Never

  None (edit)
Description M. A. MacLain 2011-11-30 15:37:11 EST
libreport version: 2.0.7
abrt_version:   2.0.6
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer --splash-pipe=7
comment:        Deleating empty lines with Seach and Replace using regular expressions. This has happened a few times
crash_function: BigPtrArray::Index2Block
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.1.2-1.fc16.x86_64
pid:            11881
pwd:            /home/ml
reason:         Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time:           Wed 30 Nov 2011 01:59:02 PM EST
uid:            1000
username:       ml

backtrace:      Text file, 49921 bytes
dso_list:       Text file, 22121 bytes
maps:           Text file, 87963 bytes

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=P5K
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=11869
:GPG_AGENT_INFO=/tmp/keyring-hASZdX/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=gnome-shell-1491-P5K-libreoffice-3_TIME10699484
:HISTSIZE=1000
:XDG_SESSION_COOKIE=1befefacb2e4c85aaef5079f0000000b-1322667158.785461-1075763628
:GJS_DEBUG_OUTPUT=stderr
:OLDPWD=/usr/lib64/libreoffice/program
:QTDIR=/usr/lib64/qt-3.3
:GNOME_KEYRING_CONTROL=/tmp/keyring-hASZdX
:QTINC=/usr/lib64/qt-3.3/include
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=ml
:SSH_AUTH_SOCK=/tmp/keyring-hASZdX/ssh
:USERNAME=ml
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1270,unix/unix:/tmp/.ICE-unix/1270
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop
:MAIL=/var/spool/mail/ml
:PATH=/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/ml/.local/bin:/home/ml/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/ml
:XMODIFIERS=@im=none
:KDE_IS_PRELINKED=1
:GNOME_KEYRING_PID=1263
:LANG=en_US.UTF-8
:KDEDIRS=/usr
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/ml
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=ml
:QTLIB=/usr/lib64/qt-3.3/lib
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-9ZQiM0wsoa,guid=95b3fe334f85144d6009ba1f0000005d
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/ml
:DISPLAY=:0
:XAUTHORITY=/var/run/gdm/auth-for-ml-kCsNmI/database
:LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64

var_log_messages:
:Nov 28 14:42:26 P5K kernel: [19266.663524] soffice.bin[7780]: segfault at 11 ip 0000003406c09da4 sp 00007ffffc4eff80 error 4 in libpthread-2.14.90.so[3406c00000+17000]
:Nov 29 12:34:19 P5K kernel: [ 4871.830603] soffice.bin[3470]: segfault at 11 ip 0000003406c09da4 sp 00007fff3d83b5a0 error 4 in libpthread-2.14.90.so[3406c00000+17000]
:Nov 29 23:43:31 P5K kernel: [ 4403.333257] soffice.bin[2072]: segfault at 11 ip 0000003406c09da4 sp 00007fffa59f8f00 error 4 in libpthread-2.14.90.so[3406c00000+17000]
:Nov 30 13:59:02 P5K kernel: [12476.873129] soffice.bin[11881]: segfault at 26 ip 00007fe0095d38cb sp 00007fffa079ad38 error 4 in libswlx.so[7fe0092c8000+bd1000]
:Nov 30 13:59:03 P5K abrt[12848]: Saved core dump of pid 11881 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2011-11-30-13:59:02-11881 (107229184 bytes)
Comment 1 M. A. MacLain 2011-11-30 15:37:14 EST
Created attachment 538793 [details]
File: dso_list
Comment 2 M. A. MacLain 2011-11-30 15:37:17 EST
Created attachment 538794 [details]
File: maps
Comment 3 M. A. MacLain 2011-11-30 15:37:19 EST
Created attachment 538795 [details]
File: backtrace
Comment 4 Caolan McNamara 2011-12-01 08:24:11 EST
Yucky, can you reproduce this ?, if so was it a specific document and a specific search/replace. Can you share those with us.
Comment 5 Michael Stahl 2011-12-01 11:41:34 EST
crash on search & replace of empty paragraph is already fixed in LO master.
perhaps we should backport the fix.
Comment 6 M. A. MacLain 2011-12-03 22:35:41 EST
Caolan thanks for your interest. I have been away.  It looks like, according to M. Stahl, the problem has been fixed.  I had crashes in more than one document while removing empty paragraphs.

Happy Holidays.
Comment 7 Caolan McNamara 2011-12-06 04:53:11 EST
caolanm->mstahl: You think it is that empty paragraph search/replace ? If you think its worth backporting, and safe, go for it, otherwise, closed->upstream
Comment 8 M. A. MacLain 2011-12-06 12:58:05 EST
Created attachment 541501 [details]
A test document that crashes

I don't believe the version I have (libreoffice-writer-3.4.4.2-3.fc16.x86_64) has been patched. I still have crashes.   

Attached a sample file to illustrate  crashes while removing empty paragraphs. 

Preserve the original file for reference.  Use a copy for testing.

Thanks.

M.
Comment 9 Michael Stahl 2011-12-09 14:20:25 EST
the fix is now in the upstream 3.4 release branch and should be in 3.4.5
which is just a couple weeks away.
seeing as this isn't a regression i guess we can wait a bit
and then update packages to 3.4.5 release.
Comment 10 John Mellor 2012-10-05 20:11:37 EDT
According to abrt, the Fedora-17 libre-office update today has this problem while attempting to open a docx file.  Please re-open as newly-broken.
Comment 11 John Mellor 2012-10-07 11:15:19 EDT
New bug https://bugzilla.redhat.com/show_bug.cgi?id=863810 created, since abrt is misrepresenting the problem as this bug.

Note You need to log in before you can comment on or make changes to this bug.