Ubuntu
libreoffice package

soffice.bin crashed after entering chars using ibus-chewing

Bug #915173 reported by Shih-Yuan Lee
86
This bug affects 18 people
Affects Status Importance Assigned to Milestone
libreoffice (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

When using ibus-chewing to input some Chinese characters in preedit area such as "一二三四五六七八九十一二三四五六七八九十" (one two three four five six seven eight nine ten one two three four five six seven eight nine ten in English), libreoffice writer crashed.

Not reproducible in Xubuntu:
lsb_release -rd
Description: Ubuntu precise (development branch)
Release: 12.04

apt-cache policy libreoffice-writer
libreoffice-writer:
  Installed: 1:3.5.0-1ubuntu4
  Candidate: 1:3.5.0-1ubuntu4
  Version table:
 *** 1:3.5.0-1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

ibus-chewing
ibus-chewing:
  Installed: 1.3.10+clean-1
  Candidate: 1.3.10+clean-1
  Version table:
 *** 1.3.10+clean-1 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: libreoffice-core 1:3.4.4-0ubuntu2
ProcVersionSignature: User Name 3.2.0-8.14-generic 3.2.0
Uname: Linux 3.2.0-8-generic x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Thu Jan 12 14:58:04 2012
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120111)
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin --writer --splash-pipe=7
ProcEnviron:
 LANGUAGE=zh_TW:
 PATH=(custom, no user)
 LANG=zh_TW.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f2f5f5d3d99: testb $0x1,0x8(%r12,%r15,1)
 PC (0x7f2f5f5d3d99) ok
 source "$0x1" ok
 destination "0x8(%r12,%r15,1)" (0x7f2f0315c8c0) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 ?? () from /lib/x86_64-linux-gnu/libc.so.6
 ?? () from /lib/x86_64-linux-gnu/libc.so.6
 malloc () from /lib/x86_64-linux-gnu/libc.so.6
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/libswlx.so
 ?? () from /usr/lib/libreoffice/program/../basis-link/program/libswlx.so
Title: soffice.bin crashed with SIGSEGV in malloc()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

See original description
Revision history for this message
Shih-Yuan Lee (fourdollars) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 malloc_consolidate (av=0x7f2f5f8f51c0) at malloc.c:5167
 malloc_consolidate (av=0x7f2f5f8f51c0) at malloc.c:5115
 _int_malloc (av=0x7f2f5f8f51c0, bytes=5600) at malloc.c:4373
 __GI___libc_malloc (bytes=5600) at malloc.c:3660
 SwLRects::SwLRects (this=0x3147410, nInit=<optimized out>) at /build/buildd/libreoffice-3.4.4/libreoffice-build/build/libreoffice-3.4.3.2/sw/source/core/layout/paintfrm.cxx:411

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in libreoffice (Ubuntu):
importance: Undecided → Medium
summary: - soffice.bin crashed with SIGSEGV in malloc()
+ soffice.bin crashed with SIGSEGV in malloc_consolidate()
tags: removed: need-amd64-retrace
Shih-Yuan Lee (fourdollars)
visibility: private → public
Revision history for this message
penalvch (penalvch) wrote : Re: soffice.bin crashed with SIGSEGV in malloc_consolidate()

Shih-Yuan Lee, thank you for reporting this bug and helping make Ubuntu better. Regarding your comments:

"When using ibus-chewing to input some Chinese characters in bufferred area..."

So you had 一二三四五六七八九十一二三四五六七八九十 in the ibus-chewing typing buffer when the crash occurred?

"...such as '一二三四五六七八九十一二三四五六七八九十' (one two three four five six seven eight nine ten one two three four five six seven eight nine ten in English), libreoffice writer crashed."

Despite being very unfamiliar with how to type exactly that in the typing buffer (pressing the 1 on the keyboard with ibus-chewing unfortunately did not create 一 on the screen), I was unable to reproduce this crash.

Please answer these questions:

* Is this crash reproducible?
* If so, could you please provided a detailed, click-by-click example on a US keyboard in order to recreate this bug?

This will help us to find and resolve the problem.

lsb_release -rd
Description: Ubuntu precise (development branch)
Release: 12.04

apt-cache policy libreoffice-writer
libreoffice-writer:
  Installed: 1:3.5.0-1ubuntu4
  Candidate: 1:3.5.0-1ubuntu4
  Version table:
 *** 1:3.5.0-1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

ibus-chewing
ibus-chewing:
  Installed: 1.3.10+clean-1
  Candidate: 1.3.10+clean-1
  Version table:
 *** 1.3.10+clean-1 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

Changed in libreoffice (Ubuntu):
status: New → Incomplete
Revision history for this message
In , Cheng-Chia (cheng-chia-redhat-bugs) wrote :
Download full text (4.2 KiB)

libreport version: 2.0.8
abrt_version: 2.0.7
backtrace_rating: 4
cmdline: /usr/lib64/libreoffice/program/soffice.bin --writer --splash-pipe=7
crash_function: SwViewImp::PaintLayer
executable: /usr/lib64/libreoffice/program/soffice.bin
kernel: 3.2.7-1.fc16.x86_64
pid: 2469
pwd: /home/realplus
reason: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time: 西元2012年03月03日 (週六) 22時49分36秒
uid: 1000
username: realplus
xsession_errors:

backtrace: Text file, 55881 bytes
dso_list: Text file, 19994 bytes
maps: Text file, 79246 bytes
smolt_data: Binary file, 2916 bytes

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=HiHeHo-S205
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=2458
:GPG_AGENT_INFO=/tmp/keyring-nCFoPC/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=gnome-shell-1478-HiHeHo-S205-libreoffice-2_TIME938020
:HISTSIZE=1000
:XDG_SESSION_COOKIE=f01d1509c87b498c5f6afb8200000011-1330785281.685158-1562711213
:GJS_DEBUG_OUTPUT=stderr
:OLDPWD=/usr/lib64/libreoffice/program
:GNOME_KEYRING_CONTROL=/tmp/keyring-nCFoPC
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=IBus
:USER=realplus
:SSH_AUTH_SOCK=/tmp/keyring-nCFoPC/ssh
:USERNAME=realplus
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1270,unix/unix:/tmp/.ICE-unix/1270
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop
:MAIL=/var/spool/mail/realplus
:PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/realplus/.local/bin:/home/realplus/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/realplus
:XMODIFIERS=@im=ibus
:KDE_IS_PRELINKED=1
:GNOME_KEYRING_PID=1266
:LANG=zh_TW.utf8
:GDM_LANG=zh_TW.utf8
:KDEDIRS=/usr
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/realplus
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=realplus
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-byxwqDMbCA,guid=44acabacb82f64ac946f2ed100000044
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/realplus
:DISPLAY=:0
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-realplus-WEJbpk/database
:LD_LIBRARY_PATH=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/client:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/native_threads:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64

var_log_messages:
:Feb 28 22:12:23 HiHeHo-S205 kernel: [24034.753725] soffice.bin[4998]: segfault at 0 ip 0000003625c3b311 sp 00007fffc7a101d0 error 6 in libuno_sal.so.3[3625c00000+57000]
:Feb 28 22:12:27 HiHeHo-S205 abrt[9456]: Saved core dump of pid 4998 (/usr/lib64/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-02-28-22:12:24-4998 (162369536 bytes)
:Feb 28 22:35:22 HiHeHo-S205 kernel: [25412.904196] soffice.bin[9502] general protection ip:3625c3b160 sp:7fffa677fa20 error:0 in libuno_sal.so.3[3625c00000+57000]
:Feb 28 22:35:24 HiHeHo-S205 abrt[11526]: Saved core dump of pid 9502 (/usr/lib64/libreoffice/p...

Read more...

Revision history for this message
In , Cheng-Chia (cheng-chia-redhat-bugs) wrote :

Created attachment 567300
File: maps

Revision history for this message
In , Cheng-Chia (cheng-chia-redhat-bugs) wrote :

Created attachment 567301
File: dso_list

Revision history for this message
In , Cheng-Chia (cheng-chia-redhat-bugs) wrote :

Created attachment 567302
File: smolt_data

Revision history for this message
In , Cheng-Chia (cheng-chia-redhat-bugs) wrote :

Created attachment 567303
File: backtrace

Revision history for this message
In , Cheng-Chia (cheng-chia-redhat-bugs) wrote :

I used ibus-chewing to input a few characters, then LibreOffice crashed.

After a few tests, I found a way to let LibreOffice crashed easily with ibus-chewing.

1. Launch LibreOffice
2. Switch to ibus-chewing input method via Alt + Shift.
3. Type g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3 (16 times at least), then press Enter twice
4. Try to keep typing g4g4g4g4g4g4g4g4 until LibreOffice crash. If you have entered more than 16 times and LibreOffice has not yet crashed, go back to Step 3 and do it again. LibreOffice will crash eventually.

Revision history for this message
In , Caolan (caolan-redhat-bugs) wrote :

reproducible

Revision history for this message
In , Caolan (caolan-redhat-bugs) wrote :

well, I can reproduce a crash in the gtk input engine integration, though the original backtrace suggests a crash in writer layout

Revision history for this message
In , Caolan (caolan-redhat-bugs) wrote :

can reproduce the other crash too, seems to be part of the same problem alright. Should be good in >= 3.4.5.2-8

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

libreoffice-3.4.5.2-8.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/libreoffice-3.4.5.2-8.fc16

Revision history for this message
poloshiao (poloshiao) wrote :

I met the same crash problems as described above.
my OS : ubuntu 12.04 daily-build (updated)
my linux-kernel: uname -r : 3.2.0-18-generic-pae
my LibreOffice: libreoffice-writer 1:3.5.0-2ubuntu1
my Input Method: Chewing (Traditional Chinese)
Inputed Characters: "一二三四五六七八九十一二三四五六七八九十..."
Crash Point: No regular rule

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

Package libreoffice-3.4.5.2-8.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-3.4.5.2-8.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-3267/libreoffice-3.4.5.2-8.fc16
then log in and leave karma (feedback).

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

libreoffice-3.4.5.2-8.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.

penalvch (penalvch)
no longer affects: df-libreoffice
Revision history for this message
penalvch (penalvch) wrote :

Shih-Yuan Lee (fourdollars), this issue was unreproducible following the example in:
https://bugzilla.redhat.com/show_bug.cgi?id=799628#c5

As well, providing bug links to other operating systems is not as helpful as providing the previously requested click-by-click example on a US keyboard of how to type in the bufferred area "一二三四五六七八九十一二三四五六七八九十". Could you please provide this?

Revision history for this message
Shih-Yuan Lee (fourdollars) wrote :

@penalvch,

It doesn't matter what content you input.
The point is that you have to buffer enough Chinese characters to let LibreOffice crash.
Please see the attached PDF file.
Is it helpful?

Changed in libreoffice (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
penalvch (penalvch) wrote :

Shih-Yuan Lee, well it is still not reproducible. However, my testing environment is Xubuntu (native and VM), which does not install libreoffice-gtk natively. In your stacktrace.txt it notes:
#12 0x00007f2f54305b25 in ?? () from /usr/lib/libreoffice/basis3.4/program/libvclplug_gtklx.so

which leads me to believe this issue being correlated to libreoffice-gtk / Unity. For now, I'm going to leave this for a Unity triager, or until I generate a Unity VM and can reproduce the crash.

Revision history for this message
Shih-Yuan Lee (fourdollars) wrote :

This bug seems not able to be triggered by ibus-chewing 1.3.10+clean-2 so I change the status to Invalid.
If anyone can reproduce this bug on Ubuntu 12.04, please help to change it back to Confirmed.

Changed in libreoffice (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
yltang (yltang) wrote :

On my system (Ubuntu 12.04 LTS, LibreOffice 3.5.2.2, and ibus-chewing 1.3.10+clean-2), the problem is very definite: LibreOffice *always* crashes at exactly the sixth Chinese character I input (not commit yet), no matter it is Writer, Calc, or Impress. Now I have to watch out not to input more than 5 Chinese characters each time -- a work-around for the time being. :-(

Changed in libreoffice (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Finjon Kiang (kiange) wrote :

Upgrading to 12.04 fixed the issue in my laptop (currently, I just upgraded today.)

penalvch (penalvch)
description: updated
Revision history for this message
yltang (yltang) wrote :

Just curious, would this bug be fixed in version 12.04.01? I am really looking forward to it.

Björn Michaelsen (bjoern-michaelsen)
summary: - soffice.bin crashed with SIGSEGV in malloc_consolidate()
+ soffice.bin crashed after entering chars using ibus-chewing
Shih-Yuan Lee (fourdollars)
description: updated
Revision history for this message
Björn Michaelsen (bjoern-michaelsen) wrote :

This should be fixed with http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-5&id=10a390d4676cb678c58b2d6f1db9db8a76041996 in libreoffice-3.5.5~rc2-0ubuntu1~ppa1 https://launchpad.net/~libreoffice/+archive/ppa/+sourcepub/2533676/+listing-archive-extra

Please test from the LibreOffice PPA at: https://launchpad.net/~libreoffice/+archive/ppa?field.series_filter=precise

Changed in libreoffice (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
yltang (yltang) wrote :

Hurray !!! the bug is finally fixed. Thanks a million, Bjorn.

Björn Michaelsen (bjoern-michaelsen)
Changed in libreoffice (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in libreoffice (Fedora):
importance: Unknown → Undecided
status: Unknown → Fix Released
penalvch (penalvch)
no longer affects: libreoffice (Fedora)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.