Apache OpenOffice (AOO) Bugzilla – Issue 116120
vcl: TabControl::ImplGetTabRect negative height leads to X_CreatePixmap BadAlloc
Last modified: 2012-10-09 09:07:04 UTC
While working on issue 116038 (which might be completely unrelated), noticed that building sd/qa/unoapi and xmloff/qa/unoapi crashed relatively often on X11-based platforms with something like [...] 37: ***** State for xmloff.Impress.XMLContentImporter ****** 37: Whole component: PASSED(with known issues).OK 37: ******************************************************** 37: Creating: xmloff.Impress.XMLMetaExporter 37: LOG> Log started 13.11.2010 - 13:47:02 37: LOG> creating an impress document 37: X-Error: BadAlloc (insufficient resources for operation) 37: Major opcode: 53 (X_CreatePixmap) 37: Resource ID: 0x603aca 37: Serial No: 112562 (112562) 37: These errors are reported asynchronously, 37: set environment variable SAL_SYNCHRONIZE to 1 to help debugging 37: Application Error4654 Abort - core dumped [...] With SAL_SYNCHRONIZE=1 I was able to track that down to gdk_pixmap_new being called with a negative height at <http://hg.services.openoffice.org/DEV300/file/a83c735eb7bd/vcl/unx/gtk/gdi/salnativewidgets-gtk.cxx#l2320>, which in turn was called by TabControl::ImplGetTabRect returning aRect with negative height at <http://hg.services.openoffice.org/DEV300/file/a83c735eb7bd/vcl/source/control/tabctrl.cxx#l487>, stack being [1] GtkSalGraphics::NWPaintGTKTabItem(0x111b538, 0x37, 0xffff8001, 0xfe4e1e7d, 0xffff8001, 0x1), at 0xfe4ba094 [2] GtkSalGraphics::drawNativeControl(0x111b538, 0x37, 0x1, 0x11a10b0, 0x1, 0x11a1260), at 0xfe4b3dd4 [3] SalGraphics::DrawNativeControl(0x111b538, 0x37, 0x1, 0xffbfc118, 0x1, 0x11a1260), at 0xfd641490 [4] OutputDevice::DrawNativeControl(0x1087890, 0x37, 0x1, 0xffbfc2a8, 0x1, 0xffbfc288), at 0xfd50d6c0 [5] TabControl::ImplPaint(0x1087890, 0xffbfc394, 0xc2a388, 0xfffffff6, 0xffff8001, 0xffbfc280), at 0xfd744a48 [6] sd::__unnamed_CHEEK9xjBNk6G::TabBarControl::Paint(0x1087890, 0xffbfc394, 0x0, 0xffff8001, 0xffff8000, 0xffffff), at 0xf41bc36c [7] Window::ImplCallPaint(0x1087890, 0x10e1f50, 0x4d, 0x1a5, 0x0, 0xffff8000), at 0xfd6d3954 [8] Window::ImplCallPaint(0xce9290, 0x10e1ec0, 0x80, 0xd32e58, 0x1087890, 0xffff8000), at 0xfd6d3a0c [9] Window::ImplCallPaint(0xd20cb0, 0x10e1e30, 0x80, 0xd20de0, 0xce9290, 0xffff8000), at 0xfd6d3a0c [10] Window::ImplCallPaint(0x111e0f0, 0x10e1e60, 0x80, 0xbb2558, 0xd20cb0, 0xffff8000), at 0xfd6d3a0c [11] Window::ImplCallPaint(0xbb2698, 0x10e1db0, 0x80, 0xd32d18, 0x111e0f0, 0xffff8000), at 0xfd6d3a0c [12] Window::ImplCallPaint(0x11b5198, 0x10dddb8, 0x80, 0x117e360, 0xbb2698, 0xffff8000), at 0xfd6d3a0c [13] Window::ImplCallPaint(0xc203b8, 0x10d7520, 0x82, 0xbd4400, 0x11b5198, 0xffff8000), at 0xfd6d3a0c [14] Window::ImplHandlePaintHdl(0xc203b8, 0xbb8880, 0xbd4400, 0x0, 0xc2, 0xe0), at 0xfd6d3c08 [15] Timer::ImplTimerCallbackProc(0xfd89fc8c, 0x0, 0xfd89f774, 0xfd893658, 0x1, 0xe08fd0db), at 0xfd4df684 [16] GtkXLib::timeoutFn(0x26f08, 0xfd89f774, 0xfe4f2b40, 0xfd89f760, 0x25c, 0x26ed8), at 0xfe49a414 [17] g_timeout_dispatch(0x10b6b98, 0xfe49a378, 0x26f08, 0x0, 0xff392a00, 0xfc2aa800), at 0xfc258d00 [18] g_main_dispatch(0x3f030, 0xfc2bec00, 0x0, 0x0, 0xfffffffd, 0xffffffef), at 0xfc255ac8 [19] g_main_context_dispatch(0x3f030, 0x12c, 0x0, 0x1, 0xfc2bec00, 0x3f030), at 0xfc256ffc [20] g_main_context_iterate(0x1, 0x1, 0x1, 0x3f030, 0x3f038, 0x2), at 0xfc2574c8 [21] g_main_context_iteration(0x0, 0xfc2bec00, 0x1, 0x3f030, 0xfc2bec00, 0xff2c0160), at 0xfc2576d8 [22] GtkXLib::Yield(0x26f08, 0x0, 0x1, 0x1, 0xfe4f2b40, 0xfd89f760), at 0xfe49a7f4 [23] ImplYield(0xfd893658, 0xfd89f774, 0x428, 0x0, 0x1, 0x0), at 0xfd4da0bc [24] Application::Execute(0x1, 0xfd89f774, 0xfd89f760, 0xfd893658, 0x428, 0x400), at 0xfd4d6a50 [25] desktop::Desktop::Main(0xffbfd15c, 0x0, 0xfed831f4, 0xf7471220, 0xffbfccd0, 0x1), at 0xfed1911c [26] ImplSVMain(0xfed16c20, 0xfd89f760, 0x1, 0xfd89f774, 0xfd893658, 0xff1f6558), at 0xfd4dde24 [27] SVMain(0x0, 0xffbfd158, 0xfd89f760, 0x2, 0x80000000, 0x40000000), at 0xfd4de000 [28] soffice_main(0x13400, 0xfed9c3a4, 0xfffeca01, 0x13400, 0xfffec9f9, 0x13400), at 0xfed46de0 [29] main(0x7, 0xffbfd254, 0xffbfd274, 0x21400, 0xff3900c0, 0x0), at 0x10f80 Crude patch diff -r b67b0fef84e5 vcl/source/control/tabctrl.cxx --- a/vcl/source/control/tabctrl.cxx Mon Dec 13 09:47:56 2010 +0100 +++ b/vcl/source/control/tabctrl.cxx Tue Dec 14 13:12:35 2010 +0100 @@ -484,6 +484,7 @@ aRect = Rectangle( Point( TAB_OFFSET, aRect.Bottom()+TAB_OFFSET ), Size( nWidth-TAB_OFFSET*2, nHeight-aRect.Bottom()-TAB_OFFSET*2 ) ); +if(aRect.GetHeight()<0)aRect.SetEmpty(); return aRect; } appears to make the problem go away.
Created attachment 75346 [details] patch that should fix this
Unfortunately I couldn't reproduce the crash. However attached is the patch I would like to commit - if it solves the problem for you.
@pl: Did not experience the problem again after applying the attached tabctrl.diff.
committed in CWS vcl118, thanks for testing the patch !
please verify in CWS vcl118
.
Got into AOO 3.4.0 => closing