[Libreoffice-bugs] [Bug 53154] Closing Report Wizard crashes LibreOffice

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Aug 6 17:16:29 CEST 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=53154

--- Comment #6 from Lionel Elie Mamane <lionel at mamane.lu> 2012-08-06 15:16:29 UTC ---
(In reply to comment #5)
> can't reproduce here either; the crash is in a Java finalizer, so timing may
> vary significantly; freeUnoInterfaceProxy leading to __cxa_pure_virtual sounds
> like either memory corruption or a ref-counted UNO object forcefully being
> deleted before its ref-count is zero

That's interesting... The line just before that is


    (*pThis->pBridge->getCppEnv()->revokeInterface)(
        pThis->pBridge->getCppEnv(), pThis->pCppI );

I wonder if that's the line that "forcefully deletes pThis->pCppI", and thus
leads to the pure virtual:


(gdb) break unointerfaceproxy.cxx:51
Breakpoint 1 at 0x7fffea2ff82d: file
/home/master/src/libreoffice/workdirs/libreoffice-3.6/bridges/source/cpp_uno/shared/unointerfaceproxy.cxx,
line 51.

(gdb) commands 1
Type commands for breakpoint(s) 1, one per line.
End with a line saying just "end".
>print pThis->pCppI
>continue
>end


(gdb) continue
-----> big snip of many breakpoint hits <--------------
Breakpoint 1, bridges::cpp_uno::shared::freeUnoInterfaceProxy (pEnv=0x1ba5330,
pProxy=0x2676e50)
    at
/home/master/src/libreoffice/workdirs/libreoffice-3.6/bridges/source/cpp_uno/shared/unointerfaceproxy.cxx:51
51        (*pThis->pBridge->getCppEnv()->revokeInterface)(
$94 = (reportdesign::OSection *) 0x23c45c0
pure virtual method called
terminate called without an active exception

(gdb) up 6
#6  0x00007fffea2ff880 in bridges::cpp_uno::shared::freeUnoInterfaceProxy
(pEnv=0x1ba5330, pProxy=0x2676e50)
    at
/home/master/src/libreoffice/workdirs/libreoffice-3.6/bridges/source/cpp_uno/shared/unointerfaceproxy.cxx:53
53        pThis->pCppI->release();

(gdb) print pThis->pCppI
$95 = (com::sun::star::uno::XInterface *) 0x23c4610

Hmmm... The value (address pointed at) of pThis->pCppI has changed between line
51 and 53... I don't immediately understand how this could happen:


print pThis->pBridge->getCppEnv()->revokeInterface
$96 = (void (*)(_uno_ExtEnvironment *, void *)) 


revokeInterface takes a void*, not a &(void*), so how could it change its
argument? Maybe it is a more subtle memory corruption issue?

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Libreoffice-bugs mailing list