Ubuntu
libreoffice package

[Upstream] soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()

Bug #983751 reported by Andreas Petlund
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
LibreOffice
Invalid
Critical
libreoffice (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

1) lsb_release -rd
Description: Ubuntu 12.04 LTS
Release: 12.04

2) apt-cache policy libreoffice-writer
libreoffice-writer:
  Installed: 1:3.5.2-2ubuntu1
  Candidate: 1:3.5.3-0ubuntu1
  Version table:
     1:3.5.3-0ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main i386 Packages
 *** 1:3.5.2-2ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status

3) What is expected to happen in Writer is when one opens https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/983751/+attachment/3141520/+files/fratredelse-skjema.docx

it does so successfully.

4) What happens instead is is crashes consistently.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: libreoffice-core 1:3.5.2-2ubuntu1 [modified: usr/share/doc/libreoffice-core/copyright]
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
ApportVersion: 2.0.1-0ubuntu4
Architecture: amd64
CrashCounter: 1
Date: Tue Apr 17 10:13:22 2012
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin --writer /tmp/fratredelse-skjema-1.docx --splash-pipe=6
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f9374daabed <_ZN10SwTableBoxC2EP13SwTableBoxFmtRK11SwStartNodeP11SwTableLine+125>: mov 0x68(%rax),%rdi
 PC (0x7f9374daabed) ok
 source "0x68(%rax)" (0x00000068) not located in a known VMA region (needed readable region)!
 destination "%rdi" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 SwTableBox::SwTableBox(SwTableBoxFmt*, SwStartNode const&, SwTableLine*) () from /usr/lib/libreoffice/program/../program/libswlo.so
 SwNodes::TextToTable(std::vector<std::vector<SwNodeRange, std::allocator<SwNodeRange> >, std::allocator<std::vector<SwNodeRange, std::allocator<SwNodeRange> > > > const&, SwTableFmt*, SwTableLineFmt*, SwTableBoxFmt*, SwTxtFmtColl*) () from /usr/lib/libreoffice/program/../program/libswlo.so
 SwDoc::TextToTable(std::vector<std::vector<SwNodeRange, std::allocator<SwNodeRange> >, std::allocator<std::vector<SwNodeRange, std::allocator<SwNodeRange> > > > const&) () from /usr/lib/libreoffice/program/../program/libswlo.so
 ?? () from /usr/lib/libreoffice/program/../program/libswlo.so
 ?? () from /usr/lib/libreoffice/program/../program/libooxmllo.so
Title: soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()
UpgradeStatus: Upgraded to precise on 2012-04-13 (3 days ago)
UserGroups: adm admin cdrom dialout libvirtd lpadmin plugdev sambashare
XsessionErrors:
 gnome-session[2420]: WARNING: Failed to start app: Unable to start application: Failed to execute child process "gnome-volume-control-applet" (No such file or directory)
 (compiz:2520): GConf-CRITICAL **: gconf_client_add_dir: assertion `gconf_valid_key (dirname, NULL)' failed
 (gnome-settings-daemon:2506): color-plugin-WARNING **: failed to reset xrandr-Lenovo Group Limited gamma tables: gamma size is zero
 (gnome-settings-daemon:2506): color-plugin-WARNING **: failed to reset xrandr-Lenovo Group Limited gamma tables: gamma size is zero

See original description
Revision history for this message
Andreas Petlund (andreas-petlund) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
tags: added: apport-failed-retrace
tags: removed: need-amd64-retrace
Revision history for this message
penalvch (penalvch) wrote : Re: soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()

Andreas Petlund, thank you for reporting this bug and helping make Ubuntu better. Could you please attach the file fratredelse-skjema-1.docx that demonstrates this problem?

Changed in libreoffice (Ubuntu):
status: New → Incomplete
Revision history for this message
Andreas Petlund (andreas-petlund) wrote : Re: [Bug 983751] Re: soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()
  • fratredelse-skjema.docx Edit (20.2 KiB, application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="fratredelse-skjema.docx")

On 11. mai 2012 13:05, Christopher M. Penalver wrote:
> Andreas Petlund, thank you for reporting this bug and helping make
> Ubuntu better. Could you please attach the file fratredelse-
> skjema-1.docx that demonstrates this problem?
>
> ** Changed in: libreoffice (Ubuntu)
> Status: New => Incomplete
>
 Attached is the form that caused the problem. Out of curiosity, I tested
it on Windows too (Win 7, 64 bit, LibreOffice 3.5.3). It crashed there too.

Cheers,
Andreas

Revision history for this message
penalvch (penalvch) wrote : Re: soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()

Andreas Petlund, thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at http://wiki.documentfoundation.org/BugReport . If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about the status. Thanks in advance.

description: updated
Changed in libreoffice (Ubuntu):
importance: Undecided → Medium
status: Incomplete → Triaged
Revision history for this message
In , Andreas Petlund (andreas-petlund) wrote :

Created attachment 61594
.docx document

Problem description:
Crashes when opening a .docx document

Steps to reproduce:
1. open attached document

Current behavior:
Crashes

Expected behavior:
Document opens

Platform (if different from the browser):
Tried on Windows (Win7 64bit) and Linux.

Browser: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.151 Chrome/18.0.1025.151 Safari/535.19

Revision history for this message
Andreas Petlund (andreas-petlund) wrote : Re: [Bug 983751] Re: soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()
Download full text (6.1 KiB)

Hi

I've now submitted the bug to bugzilla:
https://www.libreoffice.org/bugzilla/show_bug.cgi?id=49890

Cheers,
Andreas

On 05/11/2012 05:17 PM, Christopher M. Penalver wrote:
> Andreas Petlund, thank you for taking the time to report this bug and
> helping to make Ubuntu better. The issue you are reporting is an
> upstream one and it would be nice if somebody having it could send the
> bug to the developers of the software by following the instructions at
> http://wiki.documentfoundation.org/BugReport . If you have done so,
> please tell us the number of the upstream bug (or the link), so we can
> add a bugwatch that will inform us about the status. Thanks in advance.
>
> ** Description changed:
>
> - Crashed when trying to open a .docx file
> + 1) lsb_release -rd
> + Description: Ubuntu 12.04 LTS
> + Release: 12.04
> +
> + 2) apt-cache policy libreoffice-writer
> + libreoffice-writer:
> + Installed: 1:3.5.2-2ubuntu1
> + Candidate: 1:3.5.3-0ubuntu1
> + Version table:
> + 1:3.5.3-0ubuntu1 0
> + 500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main i386 Packages
> + *** 1:3.5.2-2ubuntu1 0
> + 500 http://us.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
> + 100 /var/lib/dpkg/status
> +
> + 3) What is expected to happen in Writer is when one opens
> + https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/983751/+attachment/3141520/+files
> + /fratredelse-skjema.docx
> +
> + it does so successfully.
> +
> + 4) What happens instead is is crashes consistently.
>
> ProblemType: Crash
> DistroRelease: Ubuntu 12.04
> Package: libreoffice-core 1:3.5.2-2ubuntu1 [modified: usr/share/doc/libreoffice-core/copyright]
> ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
> Uname: Linux 3.2.0-23-generic x86_64
> ApportVersion: 2.0.1-0ubuntu4
> Architecture: amd64
> CrashCounter: 1
> Date: Tue Apr 17 10:13:22 2012
> ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
> InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
> ProcCmdline: /usr/lib/libreoffice/program/soffice.bin --writer /tmp/fratredelse-skjema-1.docx --splash-pipe=6
> ProcEnviron:
> - PATH=(custom, user)
> - LANG=en_US.UTF-8
> - SHELL=/bin/bash
> + PATH=(custom, user)
> + LANG=en_US.UTF-8
> + SHELL=/bin/bash
> SegvAnalysis:
> - Segfault happened at: 0x7f9374daabed <_ZN10SwTableBoxC2EP13SwTableBoxFmtRK11SwStartNodeP11SwTableLine+125>: mov 0x68(%rax),%rdi
> - PC (0x7f9374daabed) ok
> - source "0x68(%rax)" (0x00000068) not located in a known VMA region (needed readable region)!
> - destination "%rdi" ok
> + Segfault happened at: 0x7f9374daabed <_ZN10SwTableBoxC2EP13SwTableBoxFmtRK11SwStartNodeP11SwTableLine+125>: mov 0x68(%rax),%rdi
> + PC (0x7f9374daabed) ok
> + source "0x68(%rax)" (0x00000068) not located in a known VMA region (needed readable region)!
> + destination "%rdi" ok
> SegvReason: reading NULL VMA
> Signal: 11
> SourcePackage: libreoffice
> StacktraceTop:
> - SwTableBox::SwTableBox(SwTableBoxFmt*, SwStartNode const&, SwTableLine*) () from /usr/lib/libreoffice/program/../program/libswlo.so
> - SwNodes::TextToTable(std::vector<std::vector<S...

Read more...

penalvch (penalvch)
Changed in df-libreoffice:
importance: Undecided → Unknown
status: New → Unknown
summary: - soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()
+ [Upstream] soffice.bin crashed with SIGSEGV in SwTableBox::SwTableBox()
Revision history for this message
In , S-joyemusequna (s-joyemusequna) wrote :

Works for me with LOdev 3.6 (master - 14-May-2012 02h55 x86@6-fast; Build ID: 347e345) and LibO 3.4.5 on Windows Vista 64. No crash (but two pages instead of one).

Bug Watch Updater (bug-watch-updater)
Changed in df-libreoffice:
importance: Unknown → Critical
status: Unknown → Confirmed
Revision history for this message
In , julien2412 (serval2412-6) wrote :

Created attachment 61649
bt with symbols with 3.5 + console messages

On pc Debian x86-64, branch 3.5 updated today, I reproduced the problem.
I attached backtrace + console logs.

Revision history for this message
In , Bfo (bfo) wrote :

Confirmed with:
LOdev 3.5.3rc1+
Build ID: 51648779-22e3d74-d554af7
Windows 7 Professional SP1 64 bit

Instant crash.

Revision history for this message
In , julien2412 (serval2412-6) wrote :

On pc Debian x86-64, with master (so not 3.5 branch this time) updated today (last commit 03764e29978bcf0b59a3738166b5af31d0af582a), I don't reproduce the crash.

Revision history for this message
In , julien2412 (serval2412-6) wrote :

On Pc Debian x86-64, again with 3.5 branch (updated today), I don't reproduce the crash but I've got a freeze now.
Last console logs :
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/sw/source/core/doc/tblrwcl.cxx:3477: Boxen der Line zu klein/gross
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/oox/source/vml/vmlshapecontainer.cxx:58: lclMapShapesById - shape identifier already used
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/oox/source/helper/propertyset.cxx:176: PropertySet::implSetPropertyValue - cannot set property "FillColor"
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/oox/source/helper/propertyset.cxx:176: PropertySet::implSetPropertyValue - cannot set property "FillStyle"
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/oox/source/helper/propertyset.cxx:176: PropertySet::implSetPropertyValue - cannot set property "LineColor"
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/oox/source/helper/propertyset.cxx:176: PropertySet::implSetPropertyValue - cannot set property "LineJoint"
warn:legacy.osl:30303:1:/home/julien/compile-libreoffice/libo_3_5/sw/source/core/bastyp/bparr.cxx:141: operator[]: Index aussserhalb

I had to "ctrl-C" the process to quit.

Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 50028 has been marked as a duplicate of this bug. ***

Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 50310 has been marked as a duplicate of this bug. ***

Björn Michaelsen (bjoern-michaelsen)
visibility: private → public
Revision history for this message
In , Bfo-bugmail (bfo-bugmail) wrote :

Created attachment 62266
Bug 49890 - WinDbg session with FAILED_SOURCE_CODE

Confirmed with:
LO 3.5.4.2
Build ID: own W7 debug build
Windows 7 Professional SP1 64 bit

Attached full WinDbg session with FAILED_SOURCE_CODE.

Revision history for this message
In , Lo-bugs (lo-bugs) wrote :

Created attachment 67161
gdb session with `thread apply all backtrace full`

LibreOffice is id 741c56a, pulled 2012-09-13.

autogen.lastrun:
    --enable-symbols
    --enable-dbgutil
    --enable-crashdump
    --disable-build-mozilla
    --without-system-postgresql
    --enable-debug
    --enable-werror

Build and execution environment:
    $ uname -a
    Linux cougar-natty 2.6.38-15-generic #64-Ubuntu SMP Fri Jul 6 17:18:17 UTC 2012 i686 athlon i386 GNU/Linux
    $ gcc --version
    gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2

Revision history for this message
In , Björn Michaelsen (bjoern-michaelsen) wrote :

doesnt crash on a LibreOffice 3.6.4 build here.

Changed in libreoffice (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Björn Michaelsen (bjoern-michaelsen) wrote :

fixed as per https://bugs.freedesktop.org/show_bug.cgi?id=49890#c10

Bug Watch Updater (bug-watch-updater)
Changed in df-libreoffice:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.