[Libreoffice-bugs] [Bug 41712] FILEOPEN soffice.bin crashed with SIGSEGV in SwTxtFrm::HideAndShowObjects()
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Feb 10 09:42:56 PST 2012
https://bugs.freedesktop.org/show_bug.cgi?id=41712
Michael Stahl <mstahl at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WORKSFORME |
CC| |cedric.bosdonnat.ooo at free.f
| |r, mstahl at redhat.com
Keywords| |regression
--- Comment #3 from Michael Stahl <mstahl at redhat.com> 2012-02-10 09:42:56 PST ---
accidentally found out that i can reproduce this on master and ~3.5.0 on Linux.
reverting cc3d0d182cafef9649e45f4657233ac2221fdd0a makes it not crash.
bugdoc is rather pathological, bunch of text:p with 10k x letters
and no space in between.
FindMaster() returns a deleted SwTxtFrm:
==22045== Invalid read of size 8
==22045== at 0x2CB9D758: SwFlowFrm::HasFollow() const (in /data/lo/core_master/solver/unxlngx6/lib/libswlo.so)
==22045== by 0x2CEE5C5C: SwCntntFrm::FindMaster() const (flowfrm.cxx:692)
==22045== by 0x2D038205: SwTxtFormatInfo::Init() (inftxt.cxx:1447)
==22045== by 0x2D037DD2: SwTxtFormatInfo::CtorInitTxtFormatInfo(SwTxtFrm*, unsigned char, unsigned char, unsigned char) (inftxt.cxx:1388)
==22045== by 0x2D02917B: SwTxtFormatInfo::SwTxtFormatInfo(SwTxtFrm*, unsigned char, unsigned char, unsigned char) (in
/data/lo/core_master/solver/unxlngx6/lib/libswlo.so)
==22045== by 0x2D026AB5: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1731)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== Address 0x1fe52368 is 200 bytes inside a block of size 272 free'd
==22045== at 0x4A0662E: free (vg_replace_malloc.c:366)
==22045== by 0x4C44B32: rtl_freeMemory_SYSTEM(void*) (alloc_global.cxx:285)
==22045== by 0x4C44D97: rtl_freeMemory (alloc_global.cxx:355)
==22045== by 0x4C4342B: rtl_cache_free (alloc_cache.cxx:1277)
==22045== by 0x85DDA23: FixedMemPool::Free(void*) (mempool.cxx:82)
==22045== by 0x2CF0E582: SwTxtFrm::operator delete(void*, unsigned long) (in /data/lo/core_master/solver/unxlngx6/lib/libswlo.so)
==22045== by 0x2D09A318: SwTxtFrm::~SwTxtFrm() (txtfrm.cxx:398)
==22045== by 0x2D02328F: SwTxtFrm::JoinFrm() (frmform.cxx:683)
==22045== by 0x2D022E43: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:593)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
==22045== by 0x2CED0D7C: SwFrm::PrepareMake() (calcmove.cxx:386)
==22045== by 0x2CBED189: SwFrm::Calc() const (frame.hxx:1054)
==22045== by 0x2D021D23: SwTxtFrm::CalcFollow(unsigned short) (frmform.cxx:315)
==22045== by 0x2D022EE6: SwTxtFrm::_AdjustFollow(SwTxtFormatter&, unsigned short, unsigned short, unsigned char) (frmform.cxx:607)
==22045== by 0x2D024CAC: SwTxtFrm::FormatAdjust(SwTxtFormatter&, WidowsAndOrphans&, unsigned short, unsigned char) (frmform.cxx:1155)
==22045== by 0x2D0265AC: SwTxtFrm::_Format(SwTxtFormatter&, SwTxtFormatInfo&, unsigned char) (frmform.cxx:1618)
==22045== by 0x2D026B06: SwTxtFrm::_Format(SwParaPortion*) (frmform.cxx:1737)
==22045== by 0x2D0279AA: SwTxtFrm::Format(SwBorderAttrs const*) (frmform.cxx:1914)
==22045== by 0x2CED6025: SwCntntFrm::MakeAll() (calcmove.cxx:1428)
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Libreoffice-bugs
mailing list