Bug 841092 - [abrt][a11y] libreoffice-core- ImpEditEngine::RecalcTextPortion->GetObject(65535) killed by signal 11 (SIGSEGV)
Summary: [abrt][a11y] libreoffice-core- ImpEditEngine::RecalcTextPorti...
Alias: None
Product: Fedora
Classification: Fedora
Component: libreoffice
Version: 16
Hardware: x86_64
OS: Unspecified
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact: Fedora Extras Quality Assurance
Whiteboard: abrt_hash:0ff54fa1500112a5c160481ae6d...
Depends On:
TreeView+ depends on / blocked
Reported: 2012-07-18 06:51 UTC by Steve Yoon
Modified: 2012-09-11 11:29 UTC (History)
6 users (show)

Clone Of:
Last Closed: 2012-09-11 11:29:18 UTC

Attachments (Terms of Use)
File: dso_list (28.26 KB, text/plain)
2012-07-18 06:51 UTC, Steve Yoon
no flags Details
File: smolt_data (3.15 KB, text/plain)
2012-07-18 06:51 UTC, Steve Yoon
no flags Details
File: maps (105.38 KB, text/plain)
2012-07-18 06:51 UTC, Steve Yoon
no flags Details
File: backtrace (68.36 KB, text/plain)
2012-07-18 06:52 UTC, Steve Yoon
no flags Details

Description Steve Yoon 2012-07-18 06:51:48 UTC
libreport version: 2.0.10
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --impress file:///home/syoon/%EB%B0%94%ED%83%95%ED%99%94%EB%A9%B4/RedHat/%EB%B3%B4%EA%B3%A0/FY13%20Account%20Plan/FY13H2%20OEM%20ISV%20Plan.odp --splash-pipe=7
comment:        Crashed after push Ctr-Z
crash_function: GetObject
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.3.8-1.fc16.x86_64
pid:            30703
pwd:            /home/syoon
time:           2012년 07월 18일 (수) 오전 10시 33분 29초
uid:            1000
username:       syoon

backtrace:      Text file, 70004 bytes
dso_list:       Text file, 28934 bytes
maps:           Text file, 107911 bytes
smolt_data:     Binary file, 3225 bytes

:'LESSOPEN=||/usr/bin/lesspipe.sh %s'

:Jul 16 13:41:37 syoon kernel: [449572.967226] soffice.bin[26429]: segfault at 7fd9b2073000 ip 00000034fc8868d2 sp 00007fff268abde0 error 7 in libsvllx.so[34fc800000+109000]
:Jul 16 13:41:42 syoon abrt[31127]: Saved core dump of pid 26429 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-16-13:41:37-26429 (309260288 bytes)
:Jul 16 14:03:58 syoon kernel: [450913.087260] soffice.bin[32002]: segfault at 7fff8 ip 00007f50ff9bb5b9 sp 00007fff6c94a6b0 error 4 in libeditenglx.so[7f50ff8b4000+209000]
:Jul 16 14:04:02 syoon abrt[32125]: Saved core dump of pid 32002 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-16-14:03:58-32002 (237711360 bytes)
:Jul 18 10:33:29 syoon kernel: [610997.394185] soffice.bin[30703]: segfault at 7fff8 ip 00007fd2a2b8f5b9 sp 00007fff05cbfd70 error 4 in libeditenglx.so[7fd2a2a88000+209000]
:Jul 18 10:33:37 syoon abrt[6244]: Saved core dump of pid 30703 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-07-18-10:33:29-30703 (282902528 bytes)

Comment 1 Steve Yoon 2012-07-18 06:51:53 UTC
Created attachment 598795 [details]
File: dso_list

Comment 2 Steve Yoon 2012-07-18 06:51:55 UTC
Created attachment 598796 [details]
File: smolt_data

Comment 3 Steve Yoon 2012-07-18 06:51:58 UTC
Created attachment 598797 [details]
File: maps

Comment 4 Steve Yoon 2012-07-18 06:52:00 UTC
Created attachment 598798 [details]
File: backtrace

Comment 5 Caolan McNamara 2012-08-22 13:40:13 UTC
Looks like this is triggered by having accessibility enabled. Are you able to reproduce this crash and give a step-by-step route to reproducing ?

I can assume that the number of text portions was 0 somehow, leading to wraparound with nLastPortion = Count() - 1; and I could hackaround that to avoid the immediate crash, but far better would be knowing how it got that way in the first place.

Comment 6 Caolan McNamara 2012-09-11 11:29:18 UTC
Can't reproduce or see how it could come about. I committed http://cgit.freedesktop.org/libreoffice/core/commit/?id=4f177fbbab1619b9a2f9afa04d882c5fd415fcc0 upstream to abort right at the point where the initial problem gets detected and survive in NDEBUG mode

Note You need to log in before you can comment on or make changes to this bug.