https://bugs.freedesktop.org/show_bug.cgi?id=82183
Priority: medium
Bug ID: 82183
Assignee: [email protected]
Summary: DDE()-related segfault (reproducible)
Severity: critical
Classification: Unclassified
OS: Linux (All)
Reporter: [email protected]
Hardware: x86 (IA32)
Status: UNCONFIRMED
Version: 4.2.5.2 release
Component: Spreadsheet
Product: LibreOffice
Created attachment 104063
--> https://bugs.freedesktop.org/attachment.cgi?id=104063&action=edit
Testcase input, required for reproducing
Build-ID: 61cb170a04bb1f12e77c884eab9192be736ec5f5
(Backtrace and register dump below; core dump to follow in next post)
I can reproducibly cause Spreadsheet to crash with the following steps:
0. Save the given .ods-Attachment somewhere, say, /tmp/b.ods
1. Fire up a new, blank, Spreadsheet.
2. Click function wizard
3. Enter: =DDE("soffice";"/tmp/b.ods")
4. Now press left-arrow to move the cursor in front of the closing parenthesis,
insert a semicolon there, so that it looks (syntactically wrong) like this:
DDE("soffice";"/tmp/b.ods";) -- The program should rather immediately segfault
A core dump is attached, but for convenience I'll inline the call stack and reg
dump anyway:
(gdb) info reg
eax 0xaeb34b88 -1363981432
ecx 0x6 6
edx 0xaeb34a90 -1363981680
ebx 0xad4cfdb4 -1387463244
esp 0xbfd517fc 0xbfd517fc
ebp 0xbfd51818 0xbfd51818
esi 0xaeb5fc88 -1363805048
edi 0xaeb5fe20 -1363804640
eip 0x0 0
eflags 0x210292 [ AF SF IF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) bt
#0 0x00000000 in ?? ()
#1 0xad067cb0 in ScFormulaDlg::IsRefInputMode() const () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#2 0xacfa9dad in ScModule::IsFormulaMode() () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#3 0xad22d535 in ScTabView::SetTabNo(short, bool, bool, bool) () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#4 0xad239b97 in
ScTabViewShell::DoReadUserDataSequence(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) () from /usr/opt/libreoffice4.2/program/../program/libsclo.so
#5 0xb7061f11 in
SfxBaseController::ConnectSfxFrame_Impl(SfxBaseController::ConnectSfxFrame) ()
from /usr/opt/libreoffice4.2/program/libsfxlo.so
#6 0xb7062e17 in
SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame>
const&) () from /usr/opt/libreoffice4.2/program/libsfxlo.so
#7 0xb705828b in
SfxFrameLoader_Impl::impl_createDocumentView(com::sun::star::uno::Reference<com::sun::star::frame::XModel2>
const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&,
comphelper::NamedValueCollection const&, rtl::OUString const&) () from
/usr/opt/libreoffice4.2/program/libsfxlo.so
#8 0xb705a9e3 in
SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&)
() from /usr/opt/libreoffice4.2/program/libsfxlo.so
#9 0xb099b44c in framework::LoadEnv::impl_loadContent() () from
/usr/opt/libreoffice4.2/program/../program/libfwklo.so
#10 0xb099c495 in framework::LoadEnv::startLoading() () from
/usr/opt/libreoffice4.2/program/../program/libfwklo.so
#11 0xb099d9a6 in
framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader>
const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>
const&, rtl::OUString const&, rtl::OUString const&, long,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
from /usr/opt/libreoffice4.2/program/../program/libfwklo.so
#12 0xb09b645e in framework::Desktop::loadComponentFromURL(rtl::OUString
const&, rtl::OUString const&, long,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
from /usr/opt/libreoffice4.2/program/../program/libfwklo.so
#13 0xb6feb5bd in SfxObjectShell::CreateAndLoadComponent(SfxItemSet const&,
SfxFrame*) () from /usr/opt/libreoffice4.2/program/libsfxlo.so
#14 0xb6eca282 in sfx2::SvxInternalLink::Connect(sfx2::SvBaseLink*) () from
/usr/opt/libreoffice4.2/program/libsfxlo.so
#15 0xb6ecc8fa in sfx2::SvBaseLink::_GetRealObject(unsigned char) () from
/usr/opt/libreoffice4.2/program/libsfxlo.so
#16 0xb6ecca19 in sfx2::SvBaseLink::Update() () from
/usr/opt/libreoffice4.2/program/libsfxlo.so
#17 0xace587fb in ScDdeLink::TryUpdate() () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#18 0xace85aa6 in ScInterpreter::ScDde() () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#19 0xacea1b3b in ScInterpreter::Interpret() () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#20 0xacdeaede in ScSimpleFormulaCalculator::Calculate() () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#21 0xacdeb03a in ScSimpleFormulaCalculator::GetErrCode() () from
/usr/opt/libreoffice4.2/program/../program/libsclo.so
#22 0xad06833b in ScFormulaDlg::calculateValue(rtl::OUString const&,
rtl::OUString&) () from /usr/opt/libreoffice4.2/program/../program/libsclo.so
#23 0xac89c1e1 in formula::FormulaDlg_Impl::CalcValue(rtl::OUString const&,
rtl::OUString&) () from
/usr/opt/libreoffice4.2/program/../program/libforuilo.so
#24 0xac89e54f in formula::FormulaDlg_Impl::FormulaHdl(void*) () from
/usr/opt/libreoffice4.2/program/../program/libforuilo.so
#25 0xb6152924 in VclMultiLineEdit::Modify() () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#26 0xb615514f in ImpVclMEdit::Notify(SfxBroadcaster&, SfxHint const&) () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#27 0xb6d2a2c0 in SfxBroadcaster::Broadcast(SfxHint const&) () from
/usr/opt/libreoffice4.2/program/libsvllo.so
#28 0xb616694d in TextView::KeyInput(KeyEvent const&) () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#29 0xb6153b2a in TextWindow::KeyInput(KeyEvent const&) () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#30 0xb635159d in ImplHandleKey(Window*, unsigned short, unsigned short,
unsigned short, unsigned short, unsigned char) () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#31 0xb6353b5a in ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void
const*) () from /usr/opt/libreoffice4.2/program/libvcllo.so
#32 0xb2ddff95 in SalFrame::CallCallback(unsigned short, void const*) const ()
from /usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#33 0xb2ddec59 in GtkSalFrame::doKeyCallback(unsigned int, unsigned int,
unsigned short, unsigned char, unsigned int, unsigned short, bool, bool) ()
from /usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#34 0xb2ddee17 in GtkSalFrame::IMHandler::signalIMCommit(_GtkIMContext*, char*,
void*) () from /usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#35 0xb559a478 in g_cclosure_marshal_VOID__STRING () from
/usr/lib/libgobject-2.0.so.0
#36 0xb558d13a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#37 0xb55a361d in ?? () from /usr/lib/libgobject-2.0.so.0
#38 0xb55a4bfc in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#39 0xb55a4ebd in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#40 0xb2a1c78e in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#41 0xb559a478 in g_cclosure_marshal_VOID__STRING () from
/usr/lib/libgobject-2.0.so.0
#42 0xb558d13a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#43 0xb55a361d in ?? () from /usr/lib/libgobject-2.0.so.0
#44 0xb55a4bfc in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#45 0xb55a4ebd in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#46 0xb2a1a18d in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#47 0xb2a1abf1 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#48 0xb2a1964c in gtk_im_context_filter_keypress () from
/usr/lib/libgtk-x11-2.0.so.0
#49 0xb2a1d2a7 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#50 0xb2a1964c in gtk_im_context_filter_keypress () from
/usr/lib/libgtk-x11-2.0.so.0
#51 0xb2dda4ab in GtkSalFrame::IMHandler::handleKeyEvent(_GdkEventKey*) () from
/usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#52 0xb2ddeef3 in GtkSalFrame::signalKey(_GtkWidget*, _GdkEventKey*, void*) ()
from /usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#53 0xb2a3ae74 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#54 0xb558d13a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#55 0xb55a361d in ?? () from /usr/lib/libgobject-2.0.so.0
#56 0xb55a4a7b in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#57 0xb55a5076 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#58 0xb2b67156 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#59 0xb2a335a3 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#60 0xb2a34857 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#61 0xb28bddda in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#62 0xb54f3305 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#63 0xb54f6fe8 in ?? () from /lib/libglib-2.0.so.0
#64 0xb54f71c8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#65 0xb2dc7f2c in GtkData::Yield(bool, bool) () from
/usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#66 0xb2dc9c08 in GtkInstance::Yield(bool, bool) () from
/usr/opt/libreoffice4.2/program/libvclplug_gtklo.so
#67 0xb60fa4e7 in ImplYield(bool, bool) () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#68 0xb60f9c19 in Application::Yield() () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#69 0xb60f9c44 in Application::Execute() () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#70 0xb76bc68e in desktop::Desktop::Main() () from
/usr/opt/libreoffice4.2/program/libsofficeapp.so
#71 0xb60fe7ba in ImplSVMain() () from
/usr/opt/libreoffice4.2/program/libvcllo.so
#72 0xb60fe894 in SVMain() () from /usr/opt/libreoffice4.2/program/libvcllo.so
#73 0xb76d493d in soffice_main () from
/usr/opt/libreoffice4.2/program/libsofficeapp.so
#74 0x08048680 in main ()
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
