Bug 38502

Summary: crash in /opt/libreoffice3.4/basis3.4/program/libvclplug_genli.so when adding new screen
Product: LibreOffice Reporter: csaba.keszei
Component: BASICAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: 3.4.0 release   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description csaba.keszei 2011-06-20 10:43:32 UTC 
I use nvdia driver 260.19.36. Libreoffice always crashes when I change from internal display to external DVI on my laptop. I ran libreoffice from gdb once, here come the backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb50a56d0 (LWP 12955)]
0xb34f6dc3 in SalDisplay::addXineramaScreenUnique(int, long, long, long, long) ()
   from /opt/libreoffice3.4/basis3.4/program/libvclplug_genli.so
(gdb) bt
#0  0xb34f6dc3 in SalDisplay::addXineramaScreenUnique(int, long, long, long, long) ()
   from /opt/libreoffice3.4/basis3.4/program/libvclplug_genli.so
#1  0xb3b46041 in ?? () from /opt/libreoffice3.4/basis3.4/program/libvclplug_gtkli.so
#2  0xb360fcac in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#3  0xb360213a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#4  0xb361861d in ?? () from /usr/lib/libgobject-2.0.so.0
#5  0xb3619bfc in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#6  0xb3619ebd in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#7  0xb371b1d2 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#8  0xb370f2d9 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#9  0xb370f992 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#10 0xb370fdaf in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#11 0xb3569305 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#12 0xb356cfe8 in ?? () from /lib/libglib-2.0.so.0
#13 0xb356d1c8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#14 0xb3b44d86 in ?? () from /opt/libreoffice3.4/basis3.4/program/libvclplug_gtkli.so
#15 0xb34faa5d in X11SalInstance::Yield(bool, bool) () from /opt/libreoffice3.4/basis3.4/program/libvclplug_genli.so
#16 0xb6918ee5 in ?? () from /opt/libreoffice3.4/program/../basis-link/program/libvclli.so
#17 0xb6915ff2 in Application::Yield(bool) () from /opt/libreoffice3.4/program/../basis-link/program/libvclli.so
#18 0xb6917e51 in Application::Execute() () from /opt/libreoffice3.4/program/../basis-link/program/libvclli.so
#19 0xb7fef207 in ?? () from /opt/libreoffice3.4/program/../basis-link/program/libsofficeapp.so
#20 0xb691cdcb in ?? () from /opt/libreoffice3.4/program/../basis-link/program/libvclli.so
#21 0xb691ceba in SVMain() () from /opt/libreoffice3.4/program/../basis-link/program/libvclli.so
#22 0xb800e262 in soffice_main () from /opt/libreoffice3.4/program/../basis-link/program/libsofficeapp.so
#23 0x08048ca4 in main ()

this is a null pointer dereference baed on the below code:

0xb34f6da9 <_ZN10SalDisplay23addXineramaScreenUniqueEillll+175>:        mov    0xc(%ebp),%esi
0xb34f6dac <_ZN10SalDisplay23addXineramaScreenUniqueEillll+178>:        sub    $0xc,%esp
0xb34f6daf <_ZN10SalDisplay23addXineramaScreenUniqueEillll+181>:        mov    0x8(%ebp),%eax
0xb34f6db2 <_ZN10SalDisplay23addXineramaScreenUniqueEillll+184>:        shl    $0x2,%esi
0xb34f6db5 <_ZN10SalDisplay23addXineramaScreenUniqueEillll+187>:        add    0x308(%eax),%esi
0xb34f6dbb <_ZN10SalDisplay23addXineramaScreenUniqueEillll+193>:        pushl  -0x44(%ebp)
0xb34f6dbe <_ZN10SalDisplay23addXineramaScreenUniqueEillll+196>:        call   0xb34cdec8 <_ZNKSt6vectorI9RectangleSaIS0_EE4sizeEv>
0xb34f6dc3 <_ZN10SalDisplay23addXineramaScreenUniqueEillll+201>:        mov    %eax,(%esi) !NULL pointer deref <<<<<<<<<<<<<<<<<<<<
0xb34f6dc5 <_ZN10SalDisplay23addXineramaScreenUniqueEillll+203>:        lea    -0x34(%ebp),%esi
0xb34f6dc8 <_ZN10SalDisplay23addXineramaScreenUniqueEillll+206>:        mov    0x18(%ebp),%edx
Comment 1 Björn Michaelsen 2011-12-23 12:23:12 UTC 
[This is an automated message.]
This bug was filed before the changes to Bugzilla on 2011-10-16. Thus it
started right out as NEW without ever being explicitly confirmed. The bug is
changed to state NEEDINFO for this reason. To move this bug from NEEDINFO back
to NEW please check if the bug still persists with the 3.5.0 beta1 or beta2 prereleases.
Details on how to test the 3.5.0 beta1 can be found at:
http://wiki.documentfoundation.org/QA/BugHunting_Session_3.5.0.-1

more detail on this bulk operation: http://nabble.documentfoundation.org/RFC-Operation-Spamzilla-tp3607474p3607474.html
Comment 2 csaba.keszei 2011-12-24 23:53:27 UTC 
Issue is gone in 3.5.0 beta 2.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.