914917 – [abrt] libreoffice-core-3.6.5.2-2.fc18: writerfilter::ooxml::OOXMLFastContextHandlerMath::process: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)

Bug 914917 - [abrt] libreoffice-core-3.6.5.2-2.fc18: writerfilter::ooxml::OOXMLFastContextHandlerMath::process: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)

Summary: [abrt] libreoffice-core-3.6.5.2-2.fc18: writerfilter::ooxml::OOXMLFastContext...

Keywords:
Status:	CLOSED DUPLICATE of bug 862467
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libreoffice
Sub Component:
Version:	18
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Caolan McNamara
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:914598255496dee133820b096f6...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-23 12:27 UTC by Michael Jørgensen
Modified:	2013-04-16 11:20 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-16 11:20:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (95.12 KB, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: cgroup (127 bytes, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: core_backtrace (7.31 KB, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: dso_list (18.37 KB, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: environ (1.97 KB, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: limits (1.29 KB, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: maps (88.70 KB, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: open_fds (571 bytes, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: proc_pid_status (925 bytes, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
File: var_log_messages (351 bytes, text/plain) 2013-02-23 12:27 UTC, Michael Jørgensen	no flags	Details
When opening this document, libreoffice crashes (20.37 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document) 2013-02-23 21:10 UTC, Michael Jørgensen	no flags	Details
core file generated (61.32 MB, application/octet-stream) 2013-03-02 20:53 UTC, Michael Jørgensen	no flags	Details
View All

Description Michael Jørgensen 2013-02-23 12:27:34 UTC

Version-Release number of selected component:
libreoffice-core-3.6.5.2-2.fc18

Additional info:
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --writer '/home/mike/Dropbox/Gymnasium/2012-13/fy1w/Hvor meget CO2 dannes.docx' --splash-pipe=6
crash_function: writerfilter::ooxml::OOXMLFastContextHandlerMath::process
executable:     /usr/lib64/libreoffice/program/soffice.bin
kernel:         3.7.9-201.fc18.x86_64
remote_result:  NOTFOUND
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 writerfilter::ooxml::OOXMLFastContextHandlerMath::process at /usr/src/debug/libreoffice-3.6.5.2/writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:2454
 #1 sax_fastparser::FastSaxParser::callbackEndElement at /usr/src/debug/libreoffice-3.6.5.2/sax/source/fastparser/fastparser.cxx:873
 #2 doContent at lib/xmlparse.c:2532
 #3 contentProcessor at lib/xmlparse.c:2105
 #4 doProlog at lib/xmlparse.c:4016
 #5 prologProcessor at lib/xmlparse.c:3739
 #6 XML_ParseBuffer at lib/xmlparse.c:1651
 #7 sax_fastparser::FastSaxParser::parse at /usr/src/debug/libreoffice-3.6.5.2/sax/source/fastparser/fastparser.cxx:670
 #8 sax_fastparser::FastSaxParser::parseStream at /usr/src/debug/libreoffice-3.6.5.2/sax/source/fastparser/fastparser.cxx:485
 #9 writerfilter::ooxml::OOXMLDocumentImpl::resolve at /usr/src/debug/libreoffice-3.6.5.2/writerfilter/source/ooxml/OOXMLDocumentImpl.cxx:348

Potential duplicate: bug 862890

Comment 1 Michael Jørgensen 2013-02-23 12:27:39 UTC

Created attachment 701598 [details]
File: backtrace

Comment 2 Michael Jørgensen 2013-02-23 12:27:41 UTC

Created attachment 701599 [details]
File: cgroup

Comment 3 Michael Jørgensen 2013-02-23 12:27:43 UTC

Created attachment 701600 [details]
File: core_backtrace

Comment 4 Michael Jørgensen 2013-02-23 12:27:45 UTC

Created attachment 701601 [details]
File: dso_list

Comment 5 Michael Jørgensen 2013-02-23 12:27:47 UTC

Created attachment 701602 [details]
File: environ

Comment 6 Michael Jørgensen 2013-02-23 12:27:49 UTC

Created attachment 701603 [details]
File: limits

Comment 7 Michael Jørgensen 2013-02-23 12:27:52 UTC

Created attachment 701604 [details]
File: maps

Comment 8 Michael Jørgensen 2013-02-23 12:27:54 UTC

Created attachment 701605 [details]
File: open_fds

Comment 9 Michael Jørgensen 2013-02-23 12:27:56 UTC

Created attachment 701606 [details]
File: proc_pid_status

Comment 10 Michael Jørgensen 2013-02-23 12:27:58 UTC

Created attachment 701607 [details]
File: var_log_messages

Comment 11 Michael Jørgensen 2013-02-23 21:09:05 UTC

This error happens consistently, i.e. every time.

It happens when I double-click on the attached document "Hvor meget CO2 dannes.docx"

Comment 12 Michael Jørgensen 2013-02-23 21:10:23 UTC

Created attachment 701771 [details]
When opening this document, libreoffice crashes

When opening this document, libreoffice crashes

Comment 13 David Tardon 2013-02-28 15:32:21 UTC

Does not crash for me. And valgrind output is clean too...

Comment 14 Michael Jørgensen 2013-03-02 20:39:49 UTC

Well, I just tried again, and it fails again. I'm attempting to get more specific information, so I started the application from the command line using:

libreoffice Hvor\ meget\ CO2\ dannes.docx

This generated a core file, see attached file. I then ran gdb on this core file and got the following stack trace:

[mike@granbo-3 fy1w]$ gdb /usr/lib64/libreoffice/program/soffice.bin core.2223 
GNU gdb (GDB) Fedora (7.5.1-36.fc18)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib64/libreoffice/program/soffice.bin...Reading symbols from /usr/lib/debug/usr/lib64/libreoffice/program/soffice.bin.debug...done.
done.
[New LWP 2223]
[New LWP 2224]
[New LWP 2226]
[New LWP 2227]
[New LWP 2228]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

warning: "/usr/lib/debug/usr/lib64/libicudata.so.49.1.1.debug": separate debug info file has no debug info
Core was generated by `/usr/lib64/libreoffice/program/soffice.bin Hvor meget CO2 dannes.docx --splash-'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f9e76c654fd in writerfilter::ooxml::OOXMLFastContextHandlerMath::process (this=0x7f9e76a3b918)
    at /usr/src/debug/libreoffice-3.6.5.2/writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:2454
2454	    uno::Reference< uno::XInterface > component( ref->getComponent(), uno::UNO_QUERY );
(gdb) bt
#0  0x00007f9e76c654fd in writerfilter::ooxml::OOXMLFastContextHandlerMath::process (this=0x7f9e76a3b918)
    at /usr/src/debug/libreoffice-3.6.5.2/writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:2454
#1  0x00007f9e7a942320 in sax_fastparser::FastSaxParser::callbackEndElement (this=0x7f9e76ab6670)
    at /usr/src/debug/libreoffice-3.6.5.2/sax/source/fastparser/fastparser.cxx:873
#2  0x0000003e374087b0 in doContent (parser=parser@entry=0x17829f0, startTagLevel=startTagLevel@entry=0, enc=
    0x3e37626800 <utf8_encoding>, s=
    0x17ac543 "</m:oMath><w:r><w:t xml:space=\"preserve\"> og er altså et stort antal molekyler. Når man taler om et mol af et stof, f.eks. et mol CO</w:t></w:r><w:r w:rsidRPr=\"00916F88\"><w:rPr><w:vertAlign w:val=\"s"..., s@entry=
    0x17ab049 "<w:document xmlns:wpc=\"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\" xmlns:mc=\"http://schemas.openxmlformats.org/markup-compatibility/2006\" xmlns:o=\"urn:schemas-microsoft-com:off"..., end=end@entry=0x17af010 "\020@", 
    nextPtr=nextPtr@entry=0x1782a20, haveMore=1 '\001') at lib/xmlparse.c:2532
#3  0x0000003e3740972e in contentProcessor (parser=parser@entry=0x17829f0, start=start@entry=
    0x17ab049 "<w:document xmlns:wpc=\"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\" xmlns:mc=\"http://schemas.openxmlformats.org/markup-compatibility/2006\" xmlns:o=\"urn:schemas-microsoft-com:off"..., end=end@entry=0x17af010 "\020@", 
    endPtr=endPtr@entry=0x1782a20) at lib/xmlparse.c:2105
#4  0x0000003e3740b24e in doProlog (parser=parser@entry=0x17829f0, enc=0x3e37626800 <utf8_encoding>, s=
    0x17ab049 "<w:document xmlns:wpc=\"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\" xmlns:mc=\"http://schemas.openxmlformats.org/markup-compatibility/2006\" xmlns:o=\"urn:schemas-microsoft-com:off"..., s@entry=
    0x17ab010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<w:document xmlns:wpc=\"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\" xmlns:mc=\"http://schemas.openxmlformats.org/markup-c"..., end=end@entry=0x17af010 "\020@", 
    tok=<optimized out>, next=
    0x17ab049 "<w:document xmlns:wpc=\"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\" xmlns:mc=\"http://schemas.openxmlformats.org/markup-compatibility/2006\" xmlns:o=\"urn:schemas-microsoft-com:off"..., nextPtr=nextPtr@entry=0x1782a20, haveMore=1 '\001')
    at lib/xmlparse.c:4016
#5  0x0000003e3740b9fb in prologProcessor (parser=0x17829f0, s=
    0x17ab010 "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\r\n<w:document xmlns:wpc=\"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\" xmlns:mc=\"http://schemas.openxmlformats.org/markup-c"..., end=0x17af010 "\020@", nextPtr=0x1782a20)
    at lib/xmlparse.c:3739
#6  0x0000003e3740da3d in XML_ParseBuffer (parser=0x17829f0, len=<optimized out>, isFinal=0) at lib/xmlparse.c:1651
#7  0x00007f9e7a9412be in sax_fastparser::FastSaxParser::parse (this=this@entry=0x7f9e76ab6670)
    at /usr/src/debug/libreoffice-3.6.5.2/sax/source/fastparser/fastparser.cxx:670
#8  0x00007f9e7a94417e in sax_fastparser::FastSaxParser::parseStream (this=0x7f9e76ab6670, maStructSource=...)
    at /usr/src/debug/libreoffice-3.6.5.2/sax/source/fastparser/fastparser.cxx:485
#9  0x00007f9e76c56515 in writerfilter::ooxml::OOXMLDocumentImpl::resolve (this=<optimized out>, rStream=...)
    at /usr/src/debug/libreoffice-3.6.5.2/writerfilter/source/ooxml/OOXMLDocumentImpl.cxx:348
#10 0x00007f9e76c4dfed in WriterFilter::filter (this=0x7f9e770ed340, aDescriptor=uno::Sequence of length 14 = {...})
---Type <return> to continue, or q <return> to quit---
    at /usr/src/debug/libreoffice-3.6.5.2/writerfilter/source/filter/ImportFilter.cxx:129
#11 0x000000336e2cb61a in SfxObjectShell::ImportFrom (this=<optimized out>, rMedium=..., bInsert=false)
    at /usr/src/debug/libreoffice-3.6.5.2/sfx2/source/doc/objstor.cxx:2238
#12 0x000000336e2cf969 in SfxObjectShell::DoLoad (this=0x1678720, pMed=<optimized out>)
    at /usr/src/debug/libreoffice-3.6.5.2/sfx2/source/doc/objstor.cxx:727
#13 0x000000336e311b9d in SfxBaseModel::load (this=0x7f9e8cd06a38, seqArguments=...)
    at /usr/src/debug/libreoffice-3.6.5.2/sfx2/source/doc/sfxbasemodel.cxx:1903
Python Exception <class 'gdb.error'> base class 'com::sun::star::uno::XInterface' is ambiguous in type 'framework::Frame': 
#14 0x000000336e34a9a0 in SfxFrameLoader_Impl::load (this=0x7f9e8c888c10, rArgs=..., _rTargetFrame=)
    at /usr/src/debug/libreoffice-3.6.5.2/sfx2/source/view/frmload.cxx:611
#15 0x00007f9e8acd8aa3 in framework::LoadEnv::impl_loadContent (this=this@entry=0x7f9e8c9b6fd0)
    at /usr/src/debug/libreoffice-3.6.5.2/framework/source/loadenv/loadenv.cxx:1160
#16 0x00007f9e8acd9ef8 in framework::LoadEnv::startLoading (this=0x7f9e8c9b6fd0)
    at /usr/src/debug/libreoffice-3.6.5.2/framework/source/loadenv/loadenv.cxx:418
#17 0x00007f9e8ac54c5e in framework::LoadDispatcher::impl_dispatch (this=0x7f9e8c9b6f38, rURL=..., 
    lArguments=uno::Sequence of length 4 = {...}, xListener=empty uno::Reference)
    at /usr/src/debug/libreoffice-3.6.5.2/framework/source/dispatch/loaddispatcher.cxx:130
#18 0x00007f9e8ac55148 in framework::LoadDispatcher::dispatchWithReturnValue (this=<optimized out>, rURL=..., lArguments=...)
    at /usr/src/debug/libreoffice-3.6.5.2/framework/source/dispatch/loaddispatcher.cxx:76
#19 0x0000003e380fee64 in comphelper::SynchronousDispatch::dispatch (xStartPoint=..., sURL=..., sTarget=..., nFlags=<optimized out>, 
    lArguments=uno::Sequence of length 4 = {...}) at /usr/src/debug/libreoffice-3.6.5.2/comphelper/source/misc/synchronousdispatch.cxx:84
#20 0x000000336e83baf0 in desktop::DispatchWatcher::executeDispatchRequests (this=0x7f9e8c8aabe8, 
    aDispatchRequestsList=std::vector of length 1, capacity 1 = {...}, bNoTerminate=false)
    at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/dispatchwatcher.cxx:396
#21 0x000000336e849921 in desktop::OfficeIPCThread::ExecuteCmdLineRequests (aRequest=...)
    at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/officeipcthread.cxx:1049
#22 0x000000336e81fa75 in desktop::Desktop::OpenClients () at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/app.cxx:2520
#23 0x000000336e820cbc in desktop::Desktop::OpenClients_Impl (this=0x7fff6944d370)
    at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/app.cxx:1999
#24 0x000000336cd68992 in Call (pCaller=<optimized out>, this=<optimized out>)
    at /usr/src/debug/libreoffice-3.6.5.2/solver/unxlngx6.pro/inc/tools/link.hxx:143
#25 ImplHandleUserEvent (pSVEvent=0x1486a50) at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/window/winproc.cxx:2003
#26 ImplWindowFrameProc (pWindow=<optimized out>, nEvent=22, pEvent=0x1486a50)
    at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/window/winproc.cxx:2575
#27 0x000000336cd714ec in CallCallback (pEvent=0x1486a50, nEvent=22, this=0xdf6580)
    at /usr/src/debug/libreoffice-3.6.5.2/vcl/inc/salframe.hxx:281
#28 SalGenericDisplay::DispatchInternalEvent (this=0xdbd100) at /usr/src/debug/libreoffice-3.6.5.2/vcl/generic/app/gendisp.cxx:102
---Type <return> to continue, or q <return> to quit---
#29 0x00007f9e920bd9ff in GtkData::userEventFn (data=data@entry=0xd264d0)
    at /usr/src/debug/libreoffice-3.6.5.2/vcl/unx/gtk/app/gtkdata.cxx:959
#30 0x00007f9e920bda79 in call_userEventFn (data=0xd264d0) at /usr/src/debug/libreoffice-3.6.5.2/vcl/unx/gtk/app/gtkdata.cxx:969
#31 0x00007f9e918f3a55 in g_main_dispatch (context=0xd667d0) at gmain.c:2715
#32 g_main_context_dispatch (context=context@entry=0xd667d0) at gmain.c:3219
#33 0x00007f9e918f3d88 in g_main_context_iterate (context=context@entry=0xd667d0, block=block@entry=0, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3290
#34 0x00007f9e918f3e44 in g_main_context_iteration (context=0xd667d0, may_block=0) at gmain.c:3351
#35 0x00007f9e920bd791 in GtkData::Yield (this=0xd264d0, bWait=true, bHandleAllCurrentEvents=<optimized out>)
    at /usr/src/debug/libreoffice-3.6.5.2/vcl/unx/gtk/app/gtkdata.cxx:596
#36 0x000000336caf7784 in ImplYield (i_bAllEvents=false, i_bWait=true) at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/app/svapp.cxx:451
#37 Application::Yield (i_bAllEvents=false) at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/app/svapp.cxx:485
#38 0x000000336caf7827 in Application::Execute () at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/app/svapp.cxx:430
#39 0x000000336e81e450 in desktop::Desktop::Main (this=0x7fff6944d370)
    at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/app.cxx:1718
#40 0x000000336caffc39 in ImplSVMain () at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/app/svmain.cxx:183
#41 0x000000336caffcc5 in SVMain () at /usr/src/debug/libreoffice-3.6.5.2/vcl/source/app/svmain.cxx:220
#42 0x000000336e84ad05 in soffice_main () at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/sofficemain.cxx:83
#43 0x00000000004006fb in sal_main () at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/main.c:34
#44 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/libreoffice-3.6.5.2/desktop/source/app/main.c:33
(gdb) 


The document was created on a Windows machine (Windows 7 and Microsoft Office with latest updates), and it works fine there.

Comment 15 Michael Jørgensen 2013-03-02 20:53:40 UTC

Created attachment 704511 [details]
core file generated

core file generated

Comment 16 Michael Jørgensen 2013-03-02 20:59:06 UTC

Still trying to get more information, this time I used valgrind, by running the following command:

valgrind --log-file=log.%p --trace-children=yes libreoffice Hvor\ meget\ CO2\ dannes.docx

This generated nine different log files, and two core files. One of these log files contains the segmentation fault. The full contents of this log file is:

==3123== Memcheck, a memory error detector
==3123== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==3123== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==3123== Command: /usr/lib64/libreoffice/program/soffice.bin Hvor\ meget\ CO2\ dannes.docx --splash-pipe=9
==3123== Parent PID: 3104
==3123== 
==3123== Thread 3:
==3123== Invalid read of size 4
==3123==    at 0xE00807D: SessionManagerClient::SaveYourselfProc(_SmcConn*, void*, int, int, int, int) (sm.cxx:228)
==3123==    by 0x336FE04D56: _SmcProcessMessage (sm_process.c:241)
==3123==    by 0x3E49410FA6: IceProcessMessages (process.c:386)
==3123==    by 0xE007B86: ICEConnectionWorker (sm.cxx:676)
==3123==    by 0x3E36417BD6: osl_thread_start_Impl (thread.c:261)
==3123==    by 0x3E31C07D14: start_thread (pthread_create.c:308)
==3123==    by 0x3E314F246C: clone (clone.S:114)
==3123==  Address 0x156f5574 is 4 bytes inside a block of size 5 alloc'd
==3123==    at 0x4A0883C: malloc (vg_replace_malloc.c:270)
==3123==    by 0x3E31485D71: strdup (strdup.c:42)
==3123==    by 0xE008074: SessionManagerClient::SaveYourselfProc(_SmcConn*, void*, int, int, int, int) (sm.cxx:227)
==3123==    by 0x336FE04D56: _SmcProcessMessage (sm_process.c:241)
==3123==    by 0x3E49410FA6: IceProcessMessages (process.c:386)
==3123==    by 0xE007B86: ICEConnectionWorker (sm.cxx:676)
==3123==    by 0x3E36417BD6: osl_thread_start_Impl (thread.c:261)
==3123==    by 0x3E31C07D14: start_thread (pthread_create.c:308)
==3123==    by 0x3E314F246C: clone (clone.S:114)
==3123== 
==3123== Thread 1:
==3123== Invalid read of size 8
==3123==    at 0x1CC524FD: writerfilter::ooxml::OOXMLFastContextHandlerMath::process() (OOXMLFastContextHandler.cxx:2454)
==3123==    by 0x17EDA31F: sax_fastparser::FastSaxParser::callbackEndElement(char const*) (fastparser.cxx:873)
==3123==    by 0x3E374087AF: doContent (xmlparse.c:2532)
==3123==    by 0x3E3740972D: contentProcessor (xmlparse.c:2105)
==3123==    by 0x3E3740B24D: doProlog (xmlparse.c:4016)
==3123==    by 0x3E3740B9FA: prologProcessor (xmlparse.c:3739)
==3123==    by 0x3E3740DA3C: XML_ParseBuffer (xmlparse.c:1651)
==3123==    by 0x17ED92BD: sax_fastparser::FastSaxParser::parse() (fastparser.cxx:670)
==3123==    by 0x17EDC17D: sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) (fastparser.cxx:485)
==3123==    by 0x1CC43514: writerfilter::ooxml::OOXMLDocumentImpl::resolve(writerfilter::Stream&) (OOXMLDocumentImpl.cxx:348)
==3123==    by 0x1CC3AFEC: WriterFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (ImportFilter.cxx:129)
==3123==    by 0x336E2CB619: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2238)
==3123==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==3123== 
==3123== 
==3123== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==3123==  Access not within mapped region at address 0x10
==3123==    at 0x1CC524FD: writerfilter::ooxml::OOXMLFastContextHandlerMath::process() (OOXMLFastContextHandler.cxx:2454)
==3123==    by 0x17EDA31F: sax_fastparser::FastSaxParser::callbackEndElement(char const*) (fastparser.cxx:873)
==3123==    by 0x3E374087AF: doContent (xmlparse.c:2532)
==3123==    by 0x3E3740972D: contentProcessor (xmlparse.c:2105)
==3123==    by 0x3E3740B24D: doProlog (xmlparse.c:4016)
==3123==    by 0x3E3740B9FA: prologProcessor (xmlparse.c:3739)
==3123==    by 0x3E3740DA3C: XML_ParseBuffer (xmlparse.c:1651)
==3123==    by 0x17ED92BD: sax_fastparser::FastSaxParser::parse() (fastparser.cxx:670)
==3123==    by 0x17EDC17D: sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) (fastparser.cxx:485)
==3123==    by 0x1CC43514: writerfilter::ooxml::OOXMLDocumentImpl::resolve(writerfilter::Stream&) (OOXMLDocumentImpl.cxx:348)
==3123==    by 0x1CC3AFEC: WriterFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (ImportFilter.cxx:129)
==3123==    by 0x336E2CB619: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2238)
==3123==  If you believe this happened as a result of a stack
==3123==  overflow in your program's main thread (unlikely but
==3123==  possible), you can try to increase the size of the
==3123==  main thread stack using the --main-stacksize= flag.
==3123==  The main thread stack size used in this run was 8388608.
==3123== 
==3123== HEAP SUMMARY:
==3123==     in use at exit: 9,390,589 bytes in 134,965 blocks
==3123==   total heap usage: 240,571 allocs, 105,606 frees, 19,751,421 bytes allocated
==3123== 
==3123== LEAK SUMMARY:
==3123==    definitely lost: 41,952 bytes in 17 blocks
==3123==    indirectly lost: 10,368 bytes in 321 blocks
==3123==      possibly lost: 1,496,375 bytes in 22,391 blocks
==3123==    still reachable: 7,841,894 bytes in 112,236 blocks
==3123==         suppressed: 0 bytes in 0 blocks
==3123== Rerun with --leak-check=full to see details of leaked memory
==3123== 
==3123== For counts of detected and suppressed errors, rerun with: -v
==3123== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)

Let me know, if there is anything else I can do to help track down this problem.

Comment 17 Caolan McNamara 2013-04-16 11:20:38 UTC

The CreateEmbeddedObject seems to have failed for some unknown reason, valgrind here with the same version is silent. This is the same problem as bug 862467 and I tweaked up stream with a workaround to not crash, but its a blind fix.

*** This bug has been marked as a duplicate of bug 862467 ***

Note You need to log in before you can comment on or make changes to this bug.