https://bugs.freedesktop.org/show_bug.cgi?id=70197
Priority: medium
Bug ID: 70197
Assignee: [email protected]
Summary: [FILEOPEN/FILESAVE] crash loading autosaved
presentation
Severity: major
Classification: Unclassified
OS: Linux (All)
Reporter: [email protected]
Hardware: x86-64 (AMD64)
Status: UNCONFIRMED
Version: 4.1.2.3 rc
Component: Presentation
Product: LibreOffice
Created attachment 87197
--> https://bugs.freedesktop.org/attachment.cgi?id=87197&action=edit
file causing the crash
The attached reduced testcase causes a segfault in libreoffice. The saved file
breaks after a few hours of editing. All times a broken file was saved, I
could recover the presentation (but losing the pictures) by stripping
<draw:image> tags from the content.xml file.
Backtrace:
#0 0x000000336cfb88b8 in main_arena () from /lib64/libc.so.6
#1 0x000000336fc5d89f in __cxxabiv1::__dynamic_cast (src_ptr=0x1396670,
src_type=0x3381219460 <typeinfo for SvXMLImportContext>,
dst_type=0x338121cc30, src2dst=0)
at ../../../../libstdc++-v3/libsupc++/dyncast.cc:60
#2 0x0000003380dda15a in SdXMLFrameShapeContext::EndElement() ()
from /usr/lib64/libreoffice/program/../program/libxolo.so
#3 0x0000003380d29216 in SvXMLImport::endElement(rtl::OUString const&) ()
from /usr/lib64/libreoffice/program/../program/libxolo.so
#4 0x00007fffd264f4fe in
sax_expatwrap::SaxExpatParser_Impl::callbackEndElement(void*, char const*) ()
from /usr/lib64/libreoffice/program/../program/libexpwraplo.so
#5 0x000000337280b080 in doContent () from /lib64/libexpat.so.1
#6 0x000000337280b9de in contentProcessor () from /lib64/libexpat.so.1
#7 0x0000003372809cd5 in doProlog () from /lib64/libexpat.so.1
#8 0x000000337280a4cd in prologProcessor () from /lib64/libexpat.so.1
#9 0x000000337280da1f in XML_ParseBuffer () from /lib64/libexpat.so.1
#10 0x00007fffd264e7b9 in sax_expatwrap::SaxExpatParser_Impl::parse() ()
from /usr/lib64/libreoffice/program/../program/libexpwraplo.so
#11 0x00007fffd2651912 in
sax_expatwrap::SaxExpatParser::parseStream(com::sun::star::xml::sax::InputSource
const&) ()
from /usr/lib64/libreoffice/program/../program/libexpwraplo.so
#12 0x00007fffd1f8770a in
ReadThroughComponent(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>,
com::sun::star::uno::Reference<com::sun::star::lang::XComponent>, String
const&,
com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>&, char
const*, com::sun::star::uno::Sequence<com::sun::star::uno::Any>, rtl::OUString
const&, unsigned char, unsigned char) ()
from /usr/lib64/libreoffice/program/../program/libsdlo.so
#13 0x00007fffd1f88408 in
ReadThroughComponent(com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&, com::sun::star::uno::Reference<com::sun::star::lang::XComponent>, char
const*, char const*,
com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>&, char
const*, com::sun::star::uno::Sequence<com::sun::star::uno::Any>, rtl::OUString
const&, unsigned char) ()
from /usr/lib64/libreoffice/program/../program/libsdlo.so
#14 0x00007fffd1f8a3e1 in SdXMLFilter::Import(unsigned long&) ()
from /usr/lib64/libreoffice/program/../program/libsdlo.so
#15 0x00007fffd20152e3 in sd::DrawDocShell::Load(SfxMedium&) ()
from /usr/lib64/libreoffice/program/../program/libsdlo.so
#16 0x000000337ff1d46f in SfxObjectShell::LoadOwnFormat(SfxMedium&) ()
from /usr/lib64/libreoffice/program/libsfxlo.so
#17 0x000000337ff2c08d in SfxObjectShell::DoLoad(SfxMedium*) ()
from /usr/lib64/libreoffice/program/libsfxlo.so
#18 0x000000337ff55f37 in
SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) ()
from /usr/lib64/libreoffice/program/libsfxlo.so
#19 0x000000337ffe119d in
SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&)
()
from /usr/lib64/libreoffice/program/libsfxlo.so
#20 0x00007fffdbc138bd in framework::LoadEnv::impl_loadContent() ()
from /usr/lib64/libreoffice/program/../program/libfwklo.so
#21 0x00007fffdbc14088 in framework::LoadEnv::startLoading() ()
from /usr/lib64/libreoffice/program/../program/libfwklo.so
#22 0x00007fffdbb86464 in
framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) ()
from /usr/lib64/libreoffice/program/../program/libfwklo.so
#23 0x00007fffdbb87348 in
framework::LoadDispatcher::dispatchWithReturnValue(com::sun::star::util::URL
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) ()
from /usr/lib64/libreoffice/program/../program/libfwklo.so
#24 0x00000033760f85aa in
comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface>
const&, rtl::OUString const&, rtl::OUString const&, int,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
from /usr/lib64/libreoffice/program/libcomphelper.so
#25 0x000000337d83dcd9 in
desktop::DispatchWatcher::executeDispatchRequests(std::vector<desktop::DispatchWatcher::DispatchRequest,
std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&, bool) ()
from /usr/lib64/libreoffice/program/libsofficeapp.so
#26 0x000000337d84837a in
desktop::OfficeIPCThread::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&)
()
from /usr/lib64/libreoffice/program/libsofficeapp.so
#27 0x000000337d8216ee in desktop::Desktop::OpenClients() ()
from /usr/lib64/libreoffice/program/libsofficeapp.so
#28 0x000000337d822521 in desktop::Desktop::OpenClients_Impl(void*) ()
from /usr/lib64/libreoffice/program/libsofficeapp.so
#29 0x000000337880340a in ImplWindowFrameProc(Window*, SalFrame*, unsigned
short, void const*) () from /usr/lib64/libreoffice/program/libvcllo.so
#30 0x0000003378809e68 in SalGenericDisplay::DispatchInternalEvent() ()
from /usr/lib64/libreoffice/program/libvcllo.so
#31 0x00007ffff0cded9f in GtkData::userEventFn(void*) ()
from /usr/lib64/libreoffice/program/libvclplug_gtklo.so
#32 0x00007ffff0cdee11 in call_userEventFn ()
from /usr/lib64/libreoffice/program/libvclplug_gtklo.so
#33 0x000000336f049256 in g_main_dispatch (context=0x6596d0) at gmain.c:3065
#34 g_main_context_dispatch (context=context@entry=0x6596d0) at gmain.c:3641
#35 0x000000336f0495d8 in g_main_context_iterate (
context=context@entry=0x6596d0, block=block@entry=0,
dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712
#36 0x000000336f04968c in g_main_context_iteration (context=0x6596d0,
may_block=0) at gmain.c:3773
#37 0x00007ffff0cdeb11 in GtkData::Yield(bool, bool) ()
from /usr/lib64/libreoffice/program/libvclplug_gtklo.so
#38 0x000000337851cee4 in Application::Yield(bool) ()
from /usr/lib64/libreoffice/program/libvcllo.so
#39 0x000000337851cf87 in Application::Execute() ()
from /usr/lib64/libreoffice/program/libvcllo.so
#40 0x000000337d8242e8 in desktop::Desktop::Main() ()
from /usr/lib64/libreoffice/program/libsofficeapp.so
#41 0x00000033785247b1 in ImplSVMain() ()
from /usr/lib64/libreoffice/program/libvcllo.so
#42 0x00000033785247e2 in SVMain() ()
from /usr/lib64/libreoffice/program/libvcllo.so
#43 0x000000337d84c825 in soffice_main ()
from /usr/lib64/libreoffice/program/libsofficeapp.so
#44 0x000000000040071b in main ()
Valgrind points to a dangling pointer. It doesn't give accurate debug
information unfortunately:
==9142== Address 0x4d28380 is 0 bytes inside a block of size 280 free'd
==9142== at 0x4A078DE: operator delete(void*) (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9142== by 0x3380D38809: ??? (in /usr/lib64/libreoffice/program/libxolo.so)
==9142== by 0x3380DDA13C: ??? (in /usr/lib64/libreoffice/program/libxolo.so)
==9142== by 0x3380D29215: SvXMLImport::endElement(rtl::OUString const&) (in
/usr/lib64/libreoffice/program/libxolo.so)
==9142== by 0x1D79E4FD: ??? (in
/usr/lib64/libreoffice/program/libexpwraplo.so)
==9142== by 0x337280B07F: ??? (in /usr/lib64/libexpat.so.1.6.0)
==9142== by 0x337280B9DD: ??? (in /usr/lib64/libexpat.so.1.6.0)
==9142== by 0x3372809CD4: ??? (in /usr/lib64/libexpat.so.1.6.0)
==9142== by 0x337280A4CC: ??? (in /usr/lib64/libexpat.so.1.6.0)
==9142== by 0x337280DA1E: XML_ParseBuffer (in /usr/lib64/libexpat.so.1.6.0)
==9142== by 0x1D79D7B8: ??? (in
/usr/lib64/libreoffice/program/libexpwraplo.so)
==9142== by 0x1D7A0911: ??? (in
/usr/lib64/libreoffice/program/libexpwraplo.so)
but frame 2 seems to match the address in the gdb backtrace, so it should be in
SdXMLFrameShapeContext::EndElement(), just before the dynamic_cast.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
