https://bugs.documentfoundation.org/show_bug.cgi?id=155197
Bug ID: 155197
Summary: crash on startup in libuno
Product: LibreOffice
Version: 7.5.2.2 release
Hardware: All
OS: FreeBSD
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: [email protected]
Reporter: [email protected]
The official package 7.5.2.2 always crashes on my FreeBSD 14-CURRENT system.
Self built libreoffice shows same behavior.
#6 0x0000000821c260d9 in thr_sighandler (sig=11, info=0x820384130,
_ucp=0x820383dc0) at /usr/src/FreeBSD/lib/libthr/thread/thr_sig.c:246
#7 0x000000082040a8f3 in <signal handler called> ()
#8 0x000000082a394c57 in cppu::_copyConstructAnyFromData(_uno_Any*, void*,
_typelib_TypeDescriptionReference*, _typelib_TypeDescription*, void (*)(void*),
_uno_Mapping*) (pDestAny=0x820384640, pSource=0x820384618, pType=0x88139fb00,
pTypeDescr=0x0, acquire=0x837c0db80, mapping=0x0)
at cppu/source/uno/copy.hxx:211
#9 0x000000082a394574 in cppu::_copyConstructAny(_uno_Any*, void*,
_typelib_TypeDescriptionReference*, _typelib_TypeDescription*, void (*)(void*),
_uno_Mapping*) (pDestAny=0x820384640, pSource=0x820384618, pType=0x88139fb00,
pTypeDescr=0x0, acquire=0x837c0db80, mapping=0x0)
at cppu/source/uno/copy.hxx:288
#10 0x000000082a394130 in uno_type_any_construct(uno_Any*, void*,
typelib_TypeDescriptionReference*, uno_AcquireFunc)
(pDest=0x820384640, pSource=0x820384618, pType=0x88139fb00,
acquire=0x837c0db80)
at
/usr/ports/editors/libreoffice/work/libreoffice-7.5.2.2/cppu/source/uno/any.cxx:72
#11 0x0000000837c3d928 in () at /usr/local/lib/libreoffice/program/libutllo.so
#12 0x0000000837c3bed2 in () at /usr/local/lib/libreoffice/program/libutllo.so
#13 0x0000000837c3cb1f in () at /usr/local/lib/libreoffice/program/libutllo.so
#14 0x0000000837c27f09 in utl::ConfigItem::ConfigItem(rtl::OUString,
ConfigItemMode) () at /usr/local/lib/libreoffice/program/libutllo.so
#15 0x0000000837cbceea in () at /usr/local/lib/libreoffice/program/libutllo.so
#16 0x0000000837cc13d0 in () at /usr/local/lib/libreoffice/program/libutllo.so
#17 0x0000000837cc122c in () at /usr/local/lib/libreoffice/program/libutllo.so
#18 0x0000000837cc0d1b in () at /usr/local/lib/libreoffice/program/libutllo.so
#19 0x0000000837cbfc5c in SvtSysLocaleOptions::SvtSysLocaleOptions() () at
/usr/local/lib/libreoffice/program/libutllo.so
#20 0x000000083d42161f in InitVCL() () at
/usr/local/lib/libreoffice/program/libvcllo.so
#21 0x000000083d4210b7 in ImplSVMain() () at
/usr/local/lib/libreoffice/program/libvcllo.so
#22 0x000000083d422469 in SVMain() () at
/usr/local/lib/libreoffice/program/libvcllo.so
#23 0x0000000820f49934 in soffice_main () at
/usr/local/lib/libreoffice/program/libsofficeapp.so
#24 0x000000000020172d in ()
#25 0x0000000000201707 in ()
#26 0x000000082302582b in __libc_start1 (argc=2, argv=0x8203850a8,
env=0x8203850c0, cleanup=<optimized out>, mainX=0x2016e0)
at /usr/src/FreeBSD/lib/libc/csu/libc_start1.c:155
So what happens here is that in cppu::_copyConstructAnyFromData() at
copy.hxx:210 TYPELIB_DANGER_GET( &pTypeDescr, pType ) fails to initialize
pTypeDescr. Next line we segfault trying to dereference it.
A debugging session that may provide some clue. In my case it is the 4th call
to
typelib_typedescription_getByName is the one that fails. The function goes
through
all possible ways to initialize *ppRet and fails. I really don't have any idea
which one should normally succeed.
Thread 1 hit Breakpoint 1, typelib_typedescription_getByName
(ppRet=0x7fffffffcc20, pName=0x80c1deb20)
at
/usr/ports/editors/libreoffice/work/libreoffice-7.5.2.2/cppu/source/typelib/typelib.cxx:1877
1877 if( *ppRet )
(gdb) frame 2
#2 0x00000008014fbc53 in cppu::_copyConstructAnyFromData
(pDestAny=0x7fffffffce90, pSource=0x7fffffffce68, pType=0x80c1a9b00,
pTypeDescr=0x0,
acquire=0x805ac6b80, mapping=0x0) at cppu/source/uno/copy.hxx:210
210 TYPELIB_DANGER_GET( &pTypeDescr, pType );
(gdb) p *pType
$9 = {nRefCount = 2, nStaticRefCount = 1, eTypeClass =
typelib_TypeClass_STRUCT, pTypeName = 0x80c1deb20, pType = 0x80c1a9b00,
pUniqueIdentifier = 0x0, pReserved = 0x0}
(gdb) frame 0
(gdb) p *pName
$1 = {refCount = 1, length = 29, buffer = u"c"}
The full value in the pName->buffer is "com.sun.star.beans.NamedValue".
(gdb) next
1884 TypeDescriptor_Init_Impl &rInit = Init();
(gdb)
1886 if( !bInited )
(gdb)
1930 typelib_TypeDescriptionReference * pTDR = nullptr;
(gdb)
1931 typelib_typedescriptionreference_getByName( &pTDR, pName );
(gdb)
1932 if( pTDR )
(gdb)
1936 MutexGuard aGuard( rInit.maMutex );
(gdb)
1938 if( pTDR->pType && pTDR->pType->pWeakRef )
(gdb)
1943 }
(gdb) p *pTDR
$5 = {nRefCount = 3, nStaticRefCount = 1, eTypeClass =
typelib_TypeClass_STRUCT, pTypeName = 0x80c1deb20, pType = 0x80c1a9b00,
pUniqueIdentifier = 0x0, pReserved = 0x0}
(gdb) next
1944 typelib_typedescriptionreference_release( pTDR );
(gdb)
1947 if (nullptr != *ppRet)
(gdb)
1951 OUString const & name = OUString::unacquired( &pName );
(gdb)
1952 if (2 < name.getLength() && '[' == name[ 0 ])
(gdb) p name.getStr()
$7 = (const sal_Unicode *) 0x80c1deb28 u"com.sun.star.beans.NamedValue"
(gdb)
(gdb) next
1965 if (nullptr == *ppRet)
(gdb)
1968 sal_Int32 i1 = name.lastIndexOf(":@");
(gdb)
1969 if (i1 >= 0) {
(gdb)
2005 }
(gdb)
2006 if (nullptr == *ppRet)
(gdb)
2009 rInit.callChain( ppRet, pName );
(gdb)
2010 }
(gdb)
2012 if( !(*ppRet) )
(gdb)
2013 return;
(gdb)
2043 }
(gdb)
typelib_typedescriptionreference_getDescription (ppRet=0x7fffffffcc20,
pRef=0x80c1a9b00)
at
/usr/ports/editors/libreoffice/work/libreoffice-7.5.2.2/cppu/source/typelib/typelib.cxx:2226
2226 OSL_ASSERT( !*ppRet || rtl_ustr_compare( pRef->pTypeName->buffer,
(*ppRet)->pTypeName->buffer ) == 0 );
(gdb) p *ppRet
$8 = (typelib_TypeDescription *) 0x0
If the assertions were enabled we would crash here. Since they are not we crash
at copy.hxx:211.
--
You are receiving this mail because:
You are the assignee for the bug.
