[PATCH] fdo#46728: EDITING: soffice.bin crashed with SIGSEGV in Window::GetCursor()
caolanm at redhat.com
Fri Mar 9 08:19:10 PST 2012
On Thu, 2012-03-08 at 19:45 +0100, Dézsi Szabolcs wrote:
> Error is in svx/source/sdr/overlay/overlaymanagerbuffered.cxx
> 386: Window& rWindow = static_cast< Window& >(rmOutputDevice);
> 387: Cursor* pCursor = rWindow.GetCursor();
> Maybe something is with the timing of instructions because there are
> two lines which are exactly the same, and there works everything:
I think this is a bit screwed up, here's a valgrind trace I generated
with export VALGRIND=memcheck and repeated the how-to-reproduce step.
The line "pCandidate->Update();" in overlaymanagerbuffered.cxx:376
triggers a series of events that deletes the overlaymanager who's
ImpBufferTimerHandler is still executing, i.e. "this" is destroyed.
We get lucky sometimes because sometimes the drawing happens while the
flashing text cursor is not-drawn state when we enter.
In the absence of alternative ideas, we could try and work some
reference count stuff in there. Even with pulling the window/cursor info
out while reference is still valid before this gets deleted, there's
still use of some members at the end of the method which are equally
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4788 bytes
Desc: not available
More information about the LibreOffice