abrt version: 2.0.3 architecture: x86_64 backtrace_rating: 4 cmdline: /usr/lib64/libreoffice/program/swriter.bin -writer component: libreoffice crash_function: SwCrsrShell::GetCrsr executable: /usr/lib64/libreoffice/program/swriter.bin kernel: 2.6.42.12-1.fc15.x86_64 os_release: Fedora release 15 (Lovelock) package: libreoffice-writer-3.3.4.1-2.fc15 reason: Process /usr/lib64/libreoffice/program/swriter.bin was killed by signal 11 (SIGSEGV) time: Thu May 3 12:24:21 2012 uid: 2026 username: slawomir xsession_errors: backtrace: Text file, 115462 bytes dso_list: Text file, 21443 bytes maps: Text file, 78638 bytes comment: :I have a document which when opened triggers this question: :The template '...' on which this document is based, has been modified. Do you want to update style based formatting according to the modified template? : :[Update Styles] [Keep Old Styles] [Help] : :There are 4 different scenarios: :1 - select [Update Styles] and then try opening Page Preview without saving the document first - LibreOffice Writer crashes. :2 - select [Update Styles] and then try opening Page Preview after saving the document first - LibreOffice Writer crashes. :3 - select [Keep Old Styles] and then try opening Page Preview - LibreOffice Writer doesn't crash. :4 - select [Update Styles], save document, close it, open it again and then try opening Page Preview - LibreOffice Writer doesn't crash. : :It is reproducible 100% with this document. : :Backtrace is from scenario 1. environ: :ORBIT_SOCKETDIR=/tmp/orbit-slawomir :XDG_SESSION_ID=1 :HOSTNAME=gaia.garous.net :IMSETTINGS_INTEGRATE_DESKTOP=yes :GIO_LAUNCHED_DESKTOP_FILE_PID=28888 :GPG_AGENT_INFO=/tmp/keyring-WJ1Js3/gpg:0:1 :SHELL=/bin/bash :TERM=dumb :DESKTOP_STARTUP_ID=gnome-shell-2229-gaia.garous.net-libreoffice-9_TIME14503105 :HISTSIZE=1000 :XDG_SESSION_COOKIE=416f84d9c1904d76a962a6160000000c-1336026473.983445-1548027741 :GJS_DEBUG_OUTPUT=stderr :OLDPWD=/usr/lib64/libreoffice/program :GNOME_KEYRING_CONTROL=/tmp/keyring-WJ1Js3 :'GJS_DEBUG_TOPICS=JS ERROR;JS LOG' :IMSETTINGS_MODULE=none :USER=slawomir :LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64 :CCACHE_DIR=/sandbox/slawomir/ccache :SSH_AUTH_SOCK=/tmp/keyring-WJ1Js3/ssh :USERNAME=slawomir :SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/2009,unix/unix:/tmp/.ICE-unix/2009 :GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop :MAIL=/var/spool/mail/slawomir :PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/slawomir/.local/bin:/home/slawomir/bin :DESKTOP_SESSION=gnome :QT_IM_MODULE=xim :PWD=/home/slawomir :XMODIFIERS=@im=none :KDE_IS_PRELINKED=1 :GNOME_KEYRING_PID=2001 :LANG=en_US.UTF-8 :MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles :GDM_LANG= :LOADEDMODULES= :KDEDIRS=/usr :NO_DISTCC=1 :GDMSESSION=gnome :HISTCONTROL=ignoredups :HOME=/home/slawomir :SHLVL=2 :GNOME_DESKTOP_SESSION_ID=this-is-deprecated :SAL_ENABLE_FILE_LOCKING=1 :LOGNAME=slawomir :DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-1P5UT87toW,guid=bda8e2ed59543ef19f2efa5500000147 :MODULESHOME=/usr/share/Modules :'LESSOPEN=||/usr/bin/lesspipe.sh %s' :WINDOWPATH=1 :XDG_RUNTIME_DIR=/run/user/slawomir :DISPLAY=:0 :G_BROKEN_FILENAMES=1 :CCACHE_HASHDIR= :XAUTHORITY=/var/run/gdm/auth-for-slawomir-yRg1UG/database :'module=() { eval `/usr/bin/modulecmd bash $*`\n}' :_=/usr/lib64/libreoffice/program/swriter.bin var_log_messages: :May 3 12:23:43 gaia kernel: [14476.775248] swriter.bin[25294]: segfault at 50 ip 000000313ead60f8 sp 00007fff9c5c1e80 error 6 in libsfxlx.so[313e800000+41f000] :May 3 12:23:44 gaia abrt[28306]: saved core dump of pid 25294 (/usr/lib64/libreoffice/program/swriter.bin) to /var/spool/abrt/ccpp-2012-05-03-12:23:43-25294.new/coredump (143822848 bytes) :May 3 12:24:21 gaia kernel: [14514.823139] swriter.bin[28903]: segfault at 1a8 ip 0000003142d30fa9 sp 00007fff867e0710 error 4 in libswlx.so[3142a00000+b4d000] :May 3 12:24:22 gaia abrt[29147]: saved core dump of pid 28903 (/usr/lib64/libreoffice/program/swriter.bin) to /var/spool/abrt/ccpp-2012-05-03-12:24:21-28903.new/coredump (117469184 bytes)
Created attachment 581827 [details] File: dso_list
Created attachment 581828 [details] File: maps
Created attachment 581829 [details] File: backtrace
SwCrsrShell::GetCrsr (this=0x0) is the clear immediate reason for the crash but that's from SwEditShell::GetScriptType where... FOREACHPAM_START(this), so this must be 0 there as well, which comes from SwTextShell::GetState ... SwWrtShell &rSh = GetShell(); rSh.GetScriptType() so the problem doesn't seem to be obviously local to the backtrace. caolanm->Slawomir Are you able to provide the document which reproduces the crash ?
Created attachment 582588 [details] File which causes the crash (zipped)
reproducible
http://cgit.freedesktop.org/libreoffice/core/commit/?id=a1d265be484f1c70f57ab3de9b2d8c27d2fd3aa4 seems to help
I'm a bit to chicken to backport this fix to f15, f16, f17 & rawhide seeing as its all a bit tricky. Will leave it for upstream master and see if it works out in the longer term
good idea not to backport this, the fix caused upstream regression 58893. i'm hoping that beacee6fad46aa2c8fc813bb0150e5c7a5175b26 is a better fix for this, though don't really know either...