soffice.bin crashed with SIGSEGV in ImplDevFontListData::~ImplDevFontListData()

Version-Release number of selected component:
libreoffice-core-4.1.4.2-4.fc20

Additional info:
reporter: libreport-2.1.11
backtrace_rating: 4
cmdline: /usr/lib64/libreoffice/program/soffice.bin --impress --splash-pipe=5
crash_function: ServerFont::Release
executable: /usr/lib64/libreoffice/program/soffice.bin
kernel: 3.12.8-300.fc20.x86_64
runlevel: N 5
type: CCpp
uid: 1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 ServerFont::Release at /usr/src/debug/libreoffice-4.1.4.2/vcl/generic/glyphs/glyphcache.cxx:341
 #1 GlyphCache::UncacheFont at /usr/src/debug/libreoffice-4.1.4.2/vcl/generic/glyphs/glyphcache.cxx:236
 #2 X11SalGraphics::setFont at /usr/src/debug/libreoffice-4.1.4.2/vcl/unx/generic/gdi/salgdi3.cxx:166
 #3 X11SalGraphics::SetFont at /usr/src/debug/libreoffice-4.1.4.2/vcl/unx/generic/gdi/salgdi3.cxx:508
 #4 ReleaseFonts at /usr/src/debug/libreoffice-4.1.4.2/vcl/inc/salgdi.hxx:224
 #5 OutputDevice::ImplUpdateFontData at /usr/src/debug/libreoffice-4.1.4.2/vcl/source/gdi/outdev3.cxx:186
 #7 OutputDevice::ImplUpdateAllFontData at /usr/src/debug/libreoffice-4.1.4.2/vcl/source/gdi/outdev3.cxx:262
 #8 ImplHandleSalSettings at /usr/src/debug/libreoffice-4.1.4.2/vcl/source/window/winproc.cxx:2216
 #9 ImplWindowFrameProc at /usr/src/debug/libreoffice-4.1.4.2/vcl/source/window/winproc.cxx:2597
 #10 CallCallback at /usr/src/debug/libreoffice-4.1.4.2/vcl/inc/salframe.hxx:243

Potential duplicate: bug 1045497

Created attachment 855640
File: backtrace

Created attachment 855641
File: cgroup

Created attachment 855642
File: core_backtrace

Created attachment 855643
File: dso_list

Created attachment 855644
File: environ

Created attachment 855645
File: exploitable

Created attachment 855646
File: limits

Created attachment 855647
File: maps

Created attachment 855648
File: open_fds

Created attachment 855649
File: proc_pid_status

Created attachment 855650
File: var_log_messages

It is not reproducible, I presume?

No, it doesn't seem reproducible.

I don't know if this is relevant, but I should add that I was updating the system with yum when this happened, and looking at yum history, that day at that time the following packages were updated:
rpm
yum
yum-metadata-parser
gnome-shell
google-crosextra-caladea-fonts
rtkittigervnc-license
tigervnc-server-minimal
webkitgtk
webkitgtk3

Yum history info says:
Begin time : Sun Jan 26 10:12:47 2014
End time : 10:12:55 2014 (8 seconds)

According to comment #12, the crash happened gen 26 10:12:53

I suppose it was reinstallation of google-crosextra-caladea-fonts that caused this. Trying that locally, with the font used in an opened document, does not lead to any crash, but valgrind is not happy about it...

fixed upstream

*** Bug 1070497 has been marked as a duplicate of this bug. ***

libreoffice-4.1.5.3-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/libreoffice-4.1.5.3-4.fc19

Package libreoffice-4.1.5.3-4.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-4.1.5.3-4.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-3458/libreoffice-4.1.5.3-4.fc19
then log in and leave karma (feedback).

LibreOffice shows crashes on clearing the FontListData, unfortunately there is no good reproduction scenario yet, but this issue ranks high on http://errors.ubuntu.com and also happens on Fedora. Errors.ubuntu.com reports this stacktrace to first appear on version 4.0.2.

A stacktrace (which has been reported multiple times) can be found on the Launchpad bug.

While the description of the reports by users do provide no conclusive reproduction scenario, there are:
- two report of "crash on close"
- one report of "crash while installing a font"
- one report of "crash while upgrading"

The latter two might actually be the same as upgrades might install new fonts.

confirmed by multiple Ubuntu reports and a Fedora report.

Created attachment 98899
stacktrace with resolved symbols

adding stacktrace

Looking at the errors.ubuntu.com stats of today (14.04 LTS is out relatively new still) - it seems that _all_ todays reports are from the 14.04 distro, while the bug was first seen on 4.0.2. This might suggest that this is indeed an issue of users keeping libreoffice running during an distro upgrade (with fonts and lots of other things changing below their feet).

fixed some time ago by https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=6b127d40c7d57745bc602d9ff7914392f9d3b92b

*** Bug 78836 has been marked as a duplicate of this bug. ***

bodhi failed to close this bug for some reason...

Well libreoffice 4.2.5 just crashed for me on Linux Mint 13 (ubuntu 12.04) after i copied some files to my ~/.fonts folder and ran 'fc-cache -fv' to refresh the cache.

Oops... That is because the fix has never made it to 4.2... Pushed for review now.

Weird that it wasnt every put into 4.2 as Bjorn asked me to test it so that 4.2.4 could arrive in ubuntu 14.04's repo.

http://nabble.documentfoundation.org/Libreoffice-qa-Pushing-4-2-4-into-Ubuntu-Update-Repo-tp4112961p4112963.html

https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1219245

Which i replied: while having writer open, it didnt crash when i did a software update including the installation/upgrade of various font related packages (libfontconfig1, fontconfig, libxfont1, fontconfig-config, fonts-opensysmbol).

(In reply to comment #8)
> Weird that it wasnt every put into 4.2 as Bjorn asked me to test it so that
> 4.2.4 could arrive in ubuntu 14.04's repo.

Yes, because this is patches in 4.2.4 on Ubuntu 14.04 with a vendor backport, so I wonder what exact bug you are seeing here as it cant really be the one fixed by this patch. So you likely found a different issue.

Note that the Ubuntu error tracker confirms this as there where >2750 crash reports for lp#1219245 and >560 crash reports for lp#1219732 on on libreoffice version 1:4.2.3~rc3-0ubuntu2 each, but none on 1:4.2.4-0ubuntu3.

If anything, this confirms Davids patch is good. ;)

@David: If you put that patch on gerrit, can you CC me for rubberstamping?

David Tardon committed a patch related to this issue.
It has been pushed to "libreoffice-4-2":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=dbf5d7e52d0162ba10bb971d5a3187303c386589&h=libreoffice-4-2

fdo#78598 avoid use of invalidated pointers

It will be available in LibreOffice 4.2.7.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.