Reproducible here on amd64. Can be reproduced just by running
"oowriter", or to bypass the wrapper script, "OOO_EXTRA_ARG=-writer
/usr/lib/openoffice/program/ooqstart".
Here's a snippet from strace:
[pid 12231] execve("/usr/lib/openoffice/program/soffice",
["/usr/lib/openoffice/program/soffice", "-writer", "-splash-pipe=5", umovestr:
Input/output error
0x71, "\360!a", "\360!a", umovestr: Input/output error
0x6f632f6465746567, umovestr: Input/output error
0x732f73747865746e, umovestr: Input/output error
0x7974746572756365, umovestr: Input/output error
0x73657079745f], [/* 39 vars */]) = -1 EFAULT (Bad address)
The use of clone() by ooqstart seems odd to me; I don't understand why
it would clone twice using the same address for child_tidptr both times,
perhaps that could account for the problem?
Oh, and oowriter starts successfully under valgrind, with the following
indicative warning:
==13824== Syscall param execve(argv) points to uninitialised byte(s)
==13824== at 0x548DF27: execve (in /lib/libc-2.7.so)
==13824== by 0x4E91374: (within /usr/lib/libglib-2.0.so.0.1500.0)
==13824== by 0x4E91977: (within /usr/lib/libglib-2.0.so.0.1500.0)
==13824== by 0x4E91FB8: g_spawn_async_with_pipes (in
/usr/lib/libglib-2.0.so.0.1500.0)
==13824== by 0x4E9209C: g_spawn_async (in /usr/lib/libglib-2.0.so.0.1500.0)
==13824== by 0x405A7C: main (in /usr/lib/openoffice/program/ooqstart)
All this seems to add up to ooqstart failing to null-terminate the
argv[] array that it's passing when calling execve().
--
[hardy] no longer possible to use 'openoffice my-document.odp' in a terminal
https://bugs.launchpad.net/bugs/179977
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
