Bug 69173

Summary:	crash when "My Macros/Standard" empty on closing last document the Basic IDE was using, and then giving IDE window the focus
Product:	LibreOffice	Reporter:	Lionel Elie Mamane <lionel>
Component:	BASIC	Assignee:	Not Assigned <libreoffice-bugs>
Status:	RESOLVED FIXED	QA Contact:
Severity:	blocker
Priority:	high	CC:	noel.power, nopower, sbergman, serval2412, uray.janos
Version:	4.2.0.0.alpha0+ Master
Hardware:	All
OS:	All
Whiteboard:	target:4.2.0 target:4.1.3 target:4.0.6
i915 platform:		i915 features:
Attachments:	reproduction case GDB log bt about disposing message

Description Lionel Elie Mamane 2013-09-10 11:05:43 UTC

Created attachment 85544 [details]
reproduction case

Reproduction Instructions:

1) Close all LibreOffice windows (except Start Center).

2) Open attached document in LibreOffice.

3) (If asked) "Disable macros"
   (the bug is also reproducible with "enable macros")

4) Menu Tools / Macros / Manage Macros / Basic

5) navigate to "just opened document" / Standard / Module1 / Main

6) Click Edit
   Basic IDE opens

7) Close the *document* window (Writer window)

8) Give Focus to Basic IDE window
   (I have sloppy focus (focus follows the mouse),
    so I just have to point the mouse at the IDE window.
    Other settings or OSs may have to click in the Window,
    press ALT-TAB, click on Icon in Task Bar / Expose, ...)
    

Reproduced with my own debug build of (master branch)

commit b090cbdf82e0827234caf5969124f6631311ef35
Author: Lionel Elie Mamane <lionel@mamane.lu>
Date:   Fri Aug 30 18:00:21 2013 +0200

plus some local patches on top.


Full gdb log attached. Most interesting part:



(gdb) thread 1
[Switching to thread 1 (Thread 0x7f6cc0cc2800 (LWP 25812))]
#0  x86_64_fallback_frame_state (fs=0x7fff07b34480, context=<optimized out>) at ./md-unwind-support.h:53
53	in ./md-unwind-support.h
(gdb) frame 28
#28 0x00007f6cbb153662 in Window::ImplGrabFocus (this=this@entry=0x2dc3d70, nFlags=nFlags@entry=0)
    at /home/master/src/libreoffice/workdirs/libreoffice-4.2/vcl/source/window/window.cxx:3967
3967	    if( mpWindowImpl->mbInDtor )
(gdb) print mpWindowImpl
$1 = (WindowImpl *) 0x9999999999999999


0x9999999999999999 is our special canary for memory that has been malloc()d, but not initialised (in GNU/Linux debug builds).

Comment 1 Lionel Elie Mamane 2013-09-10 11:06:16 UTC

Created attachment 85545 [details]
GDB log

Comment 2 Noel Power 2013-09-10 19:01:48 UTC

tried quite a few times to reproduce ( master with head at b090cbdf82e0827234caf5969124f6631311ef35 ), no luck :-( Also wonder whats going on with all that java activity? valgrind also not showing anything bad ( in my setup ) either :/

Comment 3 Lionel Elie Mamane 2013-09-10 19:10:54 UTC

Cannot reproduce on another machine with:

commit 98f08e463d2ddb80441493a6d7529b015025eebb
Author: Lionel Elie Mamane <lionel@mamane.lu>
Date:   Sat Sep 7 09:39:47 2013 +0200


Will update my other machine and retest.

Comment 4 Julien Nabet 2013-09-11 19:55:34 UTC

Created attachment 85665 [details]
bt about disposing message

On pc Debian x86-64 with master sources updated today, I haven't reproduced the crash.
However, I noticed this log when closing Writer window:
warn:legacy.osl:6535:1:basic/source/basmgr/basicmanagerrepository.cxx:581: ImplRepository::_disposing: where does this come from?
I attached the bt if it might help.

Comment 5 Lionel Elie Mamane 2013-09-11 22:08:44 UTC

Can still reproduce on

commit 8243dd551e47182e4be429ab61f0a398044d3aa1
Author: Stephan Bergmann <sbergman@redhat.com>
Date:   Tue Sep 10 20:50:39 2013 +0200

    const
    
    Change-Id: I0fdc9fd7592bae44e54c8e68c67f31ee0767d26e

*but* only if I delete the "My Macros / Standard / Module1" Basic module, and leave the "My Macros / Standard" library container completely empty. I have no other library container loaded when doing the test. Start LibreOffice straight on attachment 85544 [details] (I do it from the command-line: "soffice Untitled\ 1.odt").

My guess is that what's happening is that the Basic IDE window has nothing to display (because no non-empty library container loaded), and it does not expect that.

Noel & Julien, could you try again with the above additional conditions?

Comment 6 Noel Power 2013-09-12 20:50:22 UTC

(In reply to comment #5)
> Can still reproduce on
> My guess is that what's happening is that the Basic IDE window has nothing
> to display (because no non-empty library container loaded), and it does not
> expect that.
> 
> Noel & Julien, could you try again with the above additional conditions?

I can reproduce this with the modified instructions, doubt this is a blocker though it seems this is around from at least 4.0 ( at least around when the docked object browser appeared ) The almost certainly stems from that feature, I've noticed strange ( but random ) behaviours around this area in the past. My basic IDE knowledge though is quite sparse, valgrind points to access of a deleted object somewhere in the framework code. I see at least some code that seems to be related ( and seems modified a bit in relation to the feature mentioned above... currently trying to wrap my head around it and trying to see how/why it might be causing the  problem seen

Although as far as I am concerned not a blocker certainly it imho is a MAB

Comment 7 Commit Notification 2013-09-13 09:20:18 UTC

Noel Power committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=751e238c78247bec81c1c7c50bc4758b1faea151

fix for fdo#69173 crasher



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Comment 8 Noel Power 2013-09-13 09:21:31 UTC

(In reply to comment #7)
> Noel Power committed a patch related to this issue.
> It has been pushed to "master":
> 
> http://cgit.freedesktop.org/libreoffice/core/commit/
> ?id=751e238c78247bec81c1c7c50bc4758b1faea151
> 
> fix for fdo#69173 crasher
> 
be nice to see some more testing around this ( and then fold it into 4.0 & 4.1 )

Comment 9 Lionel Elie Mamane 2013-09-15 14:58:04 UTC

Retested with:

commit be3e037b38be4c6bd821bc5261dcd85f18196214
Author: Lionel Elie Mamane <lionel@mamane.lu>
Date:   Fri Sep 13 07:36:50 2013 +0200

Cannot reproduce anymore. So the commit
"fix for fdo#69173 crasher"
seems to be working, although it feels
like an ugly work-around to me
(as Noel basically says in the commit
message...).

Comment 10 Lionel Elie Mamane 2013-09-15 15:10:17 UTC

Pushed to 4-0 and 4-1

Comment 11 Commit Notification 2013-09-15 15:10:49 UTC

Noel Power committed a patch related to this issue.
It has been pushed to "libreoffice-4-1":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=2c0cc6fac2437c864a90270eadfe005dfc707726&h=libreoffice-4-1

fix for fdo#69173 crasher


It will be available in LibreOffice 4.1.3.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Comment 12 Commit Notification 2013-09-15 15:11:10 UTC

Noel Power committed a patch related to this issue.
It has been pushed to "libreoffice-4-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=2a151b7e3258f24299f885d020b07ab50582e7df&h=libreoffice-4-0

fix for fdo#69173 crasher


It will be available in LibreOffice 4.0.6.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.