[PATCH] fdo#46728: EDITING: soffice.bin crashed with SIGSEGV in Window::GetCursor()

Caolán McNamara caolanm at redhat.com
Fri Mar 9 08:19:10 PST 2012

On Thu, 2012-03-08 at 19:45 +0100, Dézsi Szabolcs wrote:
> Hi!
> Error is in svx/source/sdr/overlay/overlaymanagerbuffered.cxx
> 386: Window& rWindow = static_cast< Window& >(rmOutputDevice);
> 387: Cursor* pCursor = rWindow.GetCursor();
> Maybe something is with the timing of instructions because there are
> two lines which are exactly the same, and there works everything:

I think this is a bit screwed up, here's a valgrind trace I generated
with export VALGRIND=memcheck and repeated the how-to-reproduce step.

The line "pCandidate->Update();" in overlaymanagerbuffered.cxx:376
triggers a series of events that deletes the overlaymanager who's
ImpBufferTimerHandler is still executing, i.e. "this" is destroyed.

We get lucky sometimes because sometimes the drawing happens while the
flashing text cursor is not-drawn state when we enter. 

In the absence of alternative ideas, we could try and work some
reference count stuff in there. Even with pulling the window/cursor info
out while reference is still valid before this gets deleted, there's
still use of some members at the end of the method which are equally
broken :-(

-------------- next part --------------
A non-text attachment was scrubbed...
Name: valgrind.log
Type: text/x-log
Size: 4788 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120309/7bd83768/attachment.bin>

More information about the LibreOffice mailing list