https://bz.apache.org/ooo/show_bug.cgi?id=127783
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from [email protected] --- The sample document crashes for me on FreeBSD as well. Top 21 stack frames: ---snip--- #0 ContentAttribs::GetStyleSheet() const (this=0x8) at source/editeng/editdoc.hxx:192 #1 0x000000080448453d in ImpEditEngine::SetStyleSheet(unsigned int, SfxStyleSheet*) (this=0x80aef1710, nPara=<optimized out>, pStyle=0x80ab74380) at source/editeng/impedit5.cxx:78 #2 0x000000080447a16c in ImpEditEngine::InsertBinTextObject(BinTextObject&, EditPaM) (this=this@entry=0x80aef1710, rTextObject=..., aPaM=...) at source/editeng/impedit4.cxx:1347 #3 0x0000000804476b74 in ImpEditEngine::InsertText(EditTextObject const&, EditSelection) (this=this@entry=0x80aef1710, rTextObject=..., aSel=...) at source/editeng/impedit4.cxx:1230 #4 0x0000000804479963 in ImpEditEngine::SetText(EditTextObject const&) (this=0x80aef1710, rTextObject=...) at source/editeng/impedit4.cxx:1214 #5 0x000000080442b979 in EditEngine::SetText(EditTextObject const&) (this=0x80aea9450, rTextObject=...) at source/editeng/editeng.cxx:1383 #6 0x00000008044d322a in Outliner::SetText(OutlinerParaObject const&) (this=0x80ab64290, rPObj=...) at source/outliner/outliner.cxx:646 #7 0x0000000803b47bb5 in SdrTextObj::AdjustTextFrameWidthAndHeight(Rectangle&, int, int) const (this=0x80d98c350, rR=..., bHgt=<optimized out>, bWdt=<optimized out>) at source/svdraw/svdotxat.cxx:148 #8 0x0000000803b47eb8 in SdrTextObj::NbcAdjustTextFrameWidthAndHeight(int, int) (this=0x8, bHgt=16017840, bWdt=16684368) at source/svdraw/svdotxat.cxx:211 #9 0x0000000803b3bb84 in SdrTextObj::NbcSetOutlinerParaObjectForText(OutlinerParaObject*, SdrText*) (this=0x80d98c350, pTextObject=<optimized out>, pText=0x80d97b910) at source/svdraw/svdotext.cxx:1505 #10 0x0000000803b045b4 in SdrObject::SetOutlinerParaObject(OutlinerParaObject*) (this=0x80d98c350, pTextObject=0x80d942610) at source/svdraw/svdobj.cxx:1781 #11 0x000000080e6d2caa in SdPage::SetObjText(SdrTextObj*, SdrOutliner*, PresObjKind, String const&) (this=this@entry=0x80aeac010, pObj=0x8, pObj@entry=0x80d98c350, pOutliner=pOutliner@entry=0x80a138710, eObjKind=<optimized out>, rString=...) at source/core/sdpage.cxx:2502 #12 0x000000080e6d1a1f in SdPage::CreatePresObj(PresObjKind, unsigned char, Rectangle const&, unsigned char) (this=this@entry=0x80aeac010, eObjKind=16684368, eObjKind@entry=PRESOBJ_NOTES, bVertical=bVertical@entry=0 '\000', rRect=<optimized out>) at source/core/sdpage.cxx:466 #13 0x000000080e6d6e93 in SdPage::InsertAutoLayoutShape(SdrObject*, PresObjKind, bool, Rectangle, bool) (this=this@entry=0x80aeac010, pObj=0x0, eObjKind=eObjKind@entry=PRESOBJ_NOTES, bVertical=false, aRect=..., bInit=true) at source/core/sdpage.cxx:2226 #14 0x000000080e6d36fc in SdPage::SetAutoLayout(AutoLayout, unsigned char, unsigned char) (this=0x8, eLayout=<optimized out>, bInit=1 '\001', bCreate=<optimized out>) at source/core/sdpage.cxx:1575 #15 0x000000080e1561f1 in ImplSdPPTImport::Import() (this=0x80d867010) at source/filter/ppt/pptin.cxx:1033 #16 0x000000080e153d57 in SdPPTImport::Import() (this=this@entry=0x80d860850) at source/filter/ppt/pptin.cxx:164 #17 0x000000080e15b35b in ImportPPT(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>*, SdDrawDocument*, SvStream&, SotStorage&, SfxMedium&) (rConfigPath=..., pConfigData=pConfigData@entry=0x7fffffff9450, pDocument=pDocument@entry=0x80a144c10, rDocStream=..., rStorage=..., rMedium=...) at source/filter/ppt/pptin.cxx:2789 #18 0x000000080e740bc1 in SdPPTFilter::Import() (this=0x7fffffff94a0) at source/filter/sdpptwrp.cxx:116 #19 0x000000080e68932b in sd::DrawDocShell::ConvertFrom(SfxMedium&) (this=0x80a0b0670, rMedium=...) at source/ui/docshell/docshel4.cxx:488 #20 0x000000080141ab89 in SfxObjectShell::DoLoad(SfxMedium*) (this=0x80a0b0670, pMed=0x80aecfe10) at source/doc/objstor.cxx:753 ---snip--- In frame #0 we have this=0x8, which is definitely wrong, objects are never that low in memory. It came from frame #1, line 77: 74 void ImpEditEngine::SetStyleSheet( sal_uInt16 nPara, SfxStyleSheet* pStyle ) 75 { 76 DBG_ASSERT( GetStyleSheetPool() || !pStyle, "SetStyleSheet: No StyleSheetPool registered!" ); 77 ContentNode* pNode = aEditDoc.SaveGetObject( nPara ); 78 SfxStyleSheet* pCurStyle = pNode->GetStyleSheet(); (gdb) print pNode $2 = (ContentNode *) 0x0 So in line 78 we're calling GetStyleSheet() on a NULL pNode. The reason NULL becomes 8 is probably a second vtable pointer on an object using multiple inheritance. But "git blame" shows that whole function is unchanged since the code was initially imported in 2011. It wasn't a case of a NULL check being removed. The root cause must be elsewhere. -- You are receiving this mail because: You are the assignee for the issue.
