Apache OpenOffice (AOO) Bugzilla – Issue 125147
CRASH applying styles to text
Last modified: 2017-10-21 18:14:33 UTC
OVERVIEW AOO 4.1 on Linux crashes -- without reliably prompting for recovery -- when applying a style to a new text document. STEPS TO REPRODUCE 1) Move /opt/openoffice4/share/extensions to /opt/openoffice4/share/extensions-disabled to ensure no extensions are causing problems. 2) Create a new empty directory /opt/openoffice4/share/extensions. 3) Move ~/.openoffice/4/user to ~/.openoffice/4/user-aside to ensure profile is not causing problems. 4) Start OpenOffice using command line openoffice4 in Gnome Terminal. 5) Click the button to create a new Text document. 6) Type a word. I used "word". 7) Double-click "word". 8) Open the sidebar and choose the Styles icon (looks like a party hat). 9) Click to select the "character" styles. 10) Pick any style and double-click it to apply. ACTUAL RESULTS AOO crashes. EXPECTED RESULTS Style should be applied to the text. Nothing should crash. BUILD DATE AND HARDWARE 2014-04-22 12:11 - Linux x86_64 OPERATING ENVIRONMENT RHEL 6.5 - Kernel Linux 2.6.32-431.21.1.el6.x86_64 - Gnome 2.28.2 Lenovo ThinkPad T420 with AOO running on external monitor attached by VGA
Created attachment 83595 [details] output of strace -ttTf -o strace.txt openoffice4 (zipped)
Running under strace produced the following console output: =================================== [pkidwell@oc2847425224 ~]$ strace -ttTf -o strace.txt openoffice4 execute Job is called. In early start Trying to upload file: usagelog_apache.PBLZPX7.062014.log inside on New .odt file has been created /opt/openoffice4/program/soffice: line 121: 12351 Segmentation fault "$sd_prog/$sd_binary" "$@" =================================== Full strace output is attached. Quick look showed SegFault happens after read from fd=13, which is connected (much earlier) as: 12351 14:37:02.642106 connect(13, {sa_family=AF_FILE, path="/tmp/orbit-pkidwell/linc-79f6-0-2593046c607d"}, 47) = 0 <0.000515>
Can not duplicate on Windows 7! (Installed AOO4.1.0 fresh from website on Windows 7 running in KVM.)
I gave up, uninstalled 4.1.0, and installed 4.0.1 on my Linux system. I can not reproduce the bug on 4.0.1. So I have marked this bug with keyword REGRESSION.
I cannot reproduce this. I'd suggest to try with a nightly build from http://ci.apache.org/projects/openoffice/#linux64
(In reply to Pete K. from comment #0) > 3) Move ~/.openoffice/4/user to ~/.openoffice/4/user-aside to ensure profile > is not causing problems. You can test with a brand new profile using -env:UserInstallation, for example: ]$ openoffice4 -env:UserInstallation=file:///tmp/aoo-test
I could not reproduce the crash under Ubuntu 10.04 (64bit) with AOO 4.1.0 It looks like as if the described defect depends on a certain system configuration. @Pete K.: Do you have further information about your system and your installed AOO version: - locale - language of AOO version - AOO using any installed Java. if yes, which - ... adding keyword 'needmoreinfo', keeping keyword 'regression' unless nobody else reproduce, but submitter did not observe the defect on the same system with previous version.
Cannot reproduce on RHEL6.4 with AOO410. The provided strace shows that gnome's GIO virtual filesystem might be involved. A backtrace of the crash stack could confirm this. Why GIO gets active for such a sidebar action is not understood though...
Tested and reproduced the crash on nightly build: AOO420m1(Build:9800) - Rev 1605069 2014-06-25_04:11:22 - Rev. 1605250 @Oliver: Locale is en-us, language US English. Java is showing up (under Tools > Options > Java) as Sun Microsystems 1.6.0_30 (in /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre). No parameters or class path showing. @hdu: How might I get a "backtrace of the crash stack"?
Created attachment 83659 [details] Output of catchsegv openoffice4 Output of catchsegv to generate backtrace and more
Well, following my last comment, I googled around until I discovered catchsegv. I attached the output of "catchsegv openoffice4" - seems like accessibility code triggers the crash? Anyway, hope this helps!
@Steve: Could you please have a look? Due to Pete's findings the defect is caused by a certain accessibility code.
(In reply to Oliver-Rainer Wittmann from comment #12) > @Steve: Could you please have a look? Due to Pete's findings the defect is > caused by a certain accessibility code. I'll try to reproduce it firstly.
Confirmed that this issue still exists in AOO 4.1.1 on RedHat Enterprise Linux 6.5
I am raising this to P2/Critical. At this point the crash is preventing me from upgrading from 4.0.1 to 4.1.1 on RHEL 6.5. This means that I am missing the security fixes that were included in 4.1.1.
(In reply to Pete K. from comment #15) I'm seeing exactly the same issue as Pete. I had to fall back to AOO 4.0.1, too. For me, this problem started with AOO 4.1, and AOO 4.1.1 has it, too.
Can not reproduce on Linux-32 in 4.1.1. More information is needed from Pete and Frank regarding Linux OS and architecture.
Created attachment 84495 [details] rpm -qa output
I'm on Linux RedHat 64 bit. I've attached the list of installed packages. Please disregard the AOO version, because I had to fall back to 4.0.1. Which other information would be helpful?
(In reply to Frank M. from comment #19) > I'm on Linux RedHat 64 bit. > I've attached the list of installed packages. Please disregard the AOO > version, because I had to fall back to 4.0.1. > Which other information would be helpful? This was very helpful. I changed the OS to Linux64 for now.
I found that the problem disappears when I remove a setting from the file ~/.gconf/desktop/gnome/interface/%gconf.xml The problematic line is <entry name="accessibility" mtime="1398169534" type="bool" value="true"/> After removing this setting, AOO does not crash.
Good finding. I could reproduce the crash with the accesibility enabled on Cent OS 6.6 x86_64 and AOO 4.1.1 working inside virtual environment. Check Gnome - System - Preferences - Assistive Technologies - Enable assistive technologies checkbox. And then relog. Follow the procedure written in the description.
The issue caused in SvTreeListBox::IsSelected method called from SvTreeListBox::FillAccessibleEntryStateSet method. If the passed entry is not found in the aDataTable, NULL pointer is used. HasEntryFocus method also gave me crash after the hack for IsSelected method. And also, NULL entry passed to FillAccessibleEntryStateSet was also happen.
Fixed on trunk, revision 1668939.
(In reply to hanya from comment #24) > Fixed on trunk, revision 1668939. Has this fix been applied/tested only for english language? Because the same crash still occurs in AOO4.1.2 on other languages (german, french and swedish are confirmed). -> Issue 126980 I see the target milestone is 4.2.0? It would be better now to set it to 4.1.3 and ask for release blocker...
(In reply to Matthias Seidel from comment #25) > (In reply to hanya from comment #24) > > Fixed on trunk, revision 1668939. > > Has this fix been applied/tested only for english language? > > Because the same crash still occurs in AOO4.1.2 on other languages (german, > french and swedish are confirmed). -> Issue 126980 I could confirm issue 126980 even with en-US on Ubutntu 16.04.1. This issue 125147 does not related to any language pack. But the reson of the crash is the same, null pointer referencing. > I see the target milestone is 4.2.0? > It would be better now to set it to 4.1.3 and ask for release blocker... If it would be part of 4.1.3, it's better. I thought next release would be 4.2 when I found the fix.
(In reply to hanya from comment #26) > If it would be part of 4.1.3, it's better. I thought next release would be > 4.2 when I found the fix. Well, at that time there was no 4.1.3 planned... ;-) Can anyone change the target milestone? I have no rights. Interesting that issue 126980 occurs for you in en-US (OK, I only tested with en-GB). But I have at least 2 other reproducible crashes which may be caused by the same problem. One is issue 125762.
Tested with a 4.2.0 dev build of SVN r1761670 (Ubuntu 16.04.1 / 64bit) and the problem is no longer visible!
(In reply to hanya from comment #24) > Fixed on trunk, revision 1668939. This fix should be included in 4.1.4 It solves most of the crashes in Ubuntu (and maybe any distibution with agnome-based DE?) together with https://svn.apache.org/viewvc?view=rev&rev=1761439.
"arielch" committed SVN revision 1781472 into branches/AOO414: i125147 - Prevent NULL pointer dereference
Merged Revision 1668939 in branch AOO414
Verified fixed on 4.1.4 RC2 Rev. 1804788 Linux-32.
change back to RESOLVED until final release.
Still fixed for AOO 4.1.4 RC5, Rev. 1811857 based on Linux-32 testing.