https://bz.apache.org/ooo/show_bug.cgi?id=125129
--- Comment #13 from [email protected] --- (gdb) break SvxAreaTabPage::SetColorTable Function "SvxAreaTabPage::SetColorTable" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (SvxAreaTabPage::SetColorTable) pending. (gdb) break SvxAreaTabPage::SvxAreaTabPage Function "SvxAreaTabPage::SvxAreaTabPage" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 2 (SvxAreaTabPage::SvxAreaTabPage) pending. (gdb) break SvxAreaTabPage::ActivatePage Function "SvxAreaTabPage::ActivatePage" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 3 (SvxAreaTabPage::ActivatePage) pending. (gdb) c Thread 1 hit Breakpoint 2, SvxAreaTabPage::SvxAreaTabPage (this=0x80e5f4020, pParent=0x80d4e4ee8, rInAttrs=...) at source/tabpages/tparea.cxx:627 627 : SvxTabPage ( pParent, CUI_RES( RID_SVXPAGE_AREA ), rInAttrs ), (gdb) n ... (gdb) n 670 maColorTab(), (gdb) print maColorTab $1 = {px = 0x7777777777777777, pn = {pi_ = 0x7777777777777777}} (gdb) n 671 maGradientList(), (gdb) print maColorTab $2 = {px = 0x0, pn = {pi_ = 0x0}} So the constructor for SvxTabPage runs first, and initializes maColorTab to the "bad" value with the NULL pointer. (gdb) c Continuing. Thread 1 received signal SIGSEGV, Segmentation fault. XPropertyList::Count (this=0x0) at source/xoutdev/xtable.cxx:164 164 if( mbListDirty ) It is never changed after the constructor is called, and remains NULL, causing the bug. Let's first prove that's really the case. Did the breakpoints successfully register? (gdb) info break Num Type Disp Enb Address What 1 breakpoint keep y 0x000000080ee92a02 in SvxAreaTabPage::SetColorTable(boost::shared_ptr<XColorList>) at source/inc/cuitabarea.hxx:309 2 breakpoint keep y 0x000000080ef80067 in SvxAreaTabPage::SvxAreaTabPage(Window*, SfxItemSet const&) at source/tabpages/tparea.cxx:627 breakpoint already hit 1 time 3 breakpoint keep y 0x000000080ef814c9 in SvxAreaTabPage::ActivatePage(SfxItemSet const&) at source/tabpages/tparea.cxx:845 Did SvxAreaTabPage::SetColorTable() get inlined and not trigger? Rebuilding main/cui with maximum debugging and inlining disabled, and repeating this whole debugging session, gets me the same result. So why isn't SvxAreaTabPage::SetColorTable() called? Frame #3 reached as late as line 2791: #3 0x000000080ef4239b in SvxAreaTabPage::PageCreated(SfxAllItemSet) (this=0x80f01b020, aSet=...) at source/tabpages/tparea.cxx:2791 which means it got past: if (pColorTabItem) SetColorTable(pColorTabItem->GetColorTable()); earlier in void SvxAreaTabPage::PageCreated (SfxAllItemSet aSet) //add CHINA001 Let's debug SvxAreaTabPage::PageCreated() itself. (gdb) 2765 if (pColorTabItem) (gdb) print pColorTabItem $1 = (const SvxColorTableItem *) 0x0 So the pColorTabItem passed to SvxAreaTabPage::PageCreated() was NULL, thus SvxAreaTabPage::SetColorTable() was never called, and remained NULL since the constructor, causing the crash later when we try to access it. Where does SvxAreaTabPage::PageCreated() get called from? (gdb) bt #0 SvxAreaTabPage::PageCreated(SfxAllItemSet) (this=0x80ef47020, aSet=...) at source/tabpages/tparea.cxx:2767 #1 0x000000080e92c6a1 in SwFrmDlg::PageCreated(unsigned short, SfxTabPage&) (this=0x80e3f0060, nId=<optimized out>, rPage=...) at source/ui/frmdlg/frmdlg.cxx:245 #2 0x0000000801468a05 in SfxTabDialog::ActivatePageHdl(TabControl*) (this=0x80e3f0060, pTabCtrl=0x80e3f02e8) at source/dialog/tabdlg.cxx:1479 #3 0x0000000801467a28 in SfxTabDialog::LinkStubActivatePageHdl(void*, void*) (pThis=0x80e3f0060, pCaller=0x80e3f02e8) at source/dialog/tabdlg.cxx:1383 #4 0x0000000802c17f2f in TabControl::SelectTabPage(unsigned short) (this=0x80e3f02e8, nPageId=10056) at source/control/tabctrl.cxx:1899 #5 0x0000000802e4ea1a in ImplHandleMouseEvent(Window*, unsigned short, unsigned char, long, long, unsigned long, unsigned short, unsigned short) (pWindow=<optimized out>, nSVEvent=1, bMouseLeave=0 '\000', nX=<optimized out>, nY=<optimized out>, nMsgTime=182648833, nCode=1, nMode=3) at source/window/winproc.cxx:800 ... -- You are receiving this mail because: You are the assignee for the issue.
