Bug 841092 - [abrt][a11y] libreoffice-core- ImpEditEngine::RecalcTextPortion->GetObject(65535) killed by signal 11 (SIGSEGV)
[abrt][a11y] libreoffice-core- ImpEditEngine::RecalcTextPorti...
Product: Fedora
Classification: Fedora
Component: libreoffice (Show other bugs)
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Caolan McNamara
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-07-18 02:51 EDT by Steve Yoon
Modified: 2012-09-11 07:29 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-09-11 07:29:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
File: dso_list (28.26 KB, text/plain)
2012-07-18 02:51 EDT, Steve Yoon
no flags Details
File: smolt_data (3.15 KB, text/plain)
2012-07-18 02:51 EDT, Steve Yoon
no flags Details
File: maps (105.38 KB, text/plain)
2012-07-18 02:51 EDT, Steve Yoon
no flags Details
File: backtrace (68.36 KB, text/plain)
2012-07-18 02:52 EDT, Steve Yoon
no flags Details

  None (edit)
Description Steve Yoon 2012-07-18 02:51:48 EDT
libreport version: 2.0.10
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --impress file:///home/syoon/%EB%B0%94%ED%83%95%ED%99%94%EB%A9%B4/RedHat/%EB%B3%B4%EA%B3%A0/FY13%20Account%20Plan/FY13H2%20OEM%20ISV%20Plan.odp --splash-pipe=7
comment:        Crashed after push Ctr-Z
crash_function: GetObject
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.3.8-1.fc16.x86_64
pid:            30703
pwd:            /home/syoon
time:           2012년 07월 18일 (수) 오전 10시 33분 29초
uid:            1000
username:       syoon

backtrace:      Text file, 70004 bytes
dso_list:       Text file, 28934 bytes
maps:           Text file, 107911 bytes
smolt_data:     Binary file, 3225 bytes

:'LESSOPEN=||/usr/bin/lesspipe.sh %s'

:Jul 16 13:41:37 syoon kernel: [449572.967226] soffice.bin[26429]: segfault at 7fd9b2073000 ip 00000034fc8868d2 sp 00007fff268abde0 error 7 in libsvllx.so[34fc800000+109000]
:Jul 16 13:41:42 syoon abrt[31127]: Saved core dump of pid 26429 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-16-13:41:37-26429 (309260288 bytes)
:Jul 16 14:03:58 syoon kernel: [450913.087260] soffice.bin[32002]: segfault at 7fff8 ip 00007f50ff9bb5b9 sp 00007fff6c94a6b0 error 4 in libeditenglx.so[7f50ff8b4000+209000]
:Jul 16 14:04:02 syoon abrt[32125]: Saved core dump of pid 32002 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-16-14:03:58-32002 (237711360 bytes)
:Jul 18 10:33:29 syoon kernel: [610997.394185] soffice.bin[30703]: segfault at 7fff8 ip 00007fd2a2b8f5b9 sp 00007fff05cbfd70 error 4 in libeditenglx.so[7fd2a2a88000+209000]
:Jul 18 10:33:37 syoon abrt[6244]: Saved core dump of pid 30703 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-18-10:33:29-30703 (282902528 bytes)
Comment 1 Steve Yoon 2012-07-18 02:51:53 EDT
Created attachment 598795 [details]
File: dso_list
Comment 2 Steve Yoon 2012-07-18 02:51:55 EDT
Created attachment 598796 [details]
File: smolt_data
Comment 3 Steve Yoon 2012-07-18 02:51:58 EDT
Created attachment 598797 [details]
File: maps
Comment 4 Steve Yoon 2012-07-18 02:52:00 EDT
Created attachment 598798 [details]
File: backtrace
Comment 5 Caolan McNamara 2012-08-22 09:40:13 EDT
Looks like this is triggered by having accessibility enabled. Are you able to reproduce this crash and give a step-by-step route to reproducing ?

I can assume that the number of text portions was 0 somehow, leading to wraparound with nLastPortion = Count() - 1; and I could hackaround that to avoid the immediate crash, but far better would be knowing how it got that way in the first place.
Comment 6 Caolan McNamara 2012-09-11 07:29:18 EDT
Can't reproduce or see how it could come about. I committed http://cgit.freedesktop.org/libreoffice/core/commit/?id=4f177fbbab1619b9a2f9afa04d882c5fd415fcc0 upstream to abort right at the point where the initial problem gets detected and survive in NDEBUG mode

Note You need to log in before you can comment on or make changes to this bug.