Bug#429473: openoffice.org-gnome: openoffice crashes in 'Save As' dialog on entering subdirectory of samba share
Package: openoffice.org-gnome
Version: 2.0.4.dfsg.2-7etch1
Severity: grave
Justification: renders package unusable
To reproduce this bug, I load oowriter, create a new empty document,
go to File->Save As and type in a samba share e.g.
'smb://machine/myshare' and hit enter.
When the samba share loads up in the dialog, I then double-click on any
subdirectory. At this point openoffice crashes with error. Sometimes it
crashes e.g.:
*** glibc detected *** free(): invalid pointer: 0xb74f76e0 ***
N.B. I can reproduce this bug identically on two etch machines (and have
personally observed similar symptoms back on sarge). Also please note
the pointer address stated may sometimes be slightly different.
gdb reports the following backtrace:
[New Thread -1388995664 (LWP 5808)]
*** glibc detected *** free(): invalid pointer: 0xb744c6e0 ***
Program received signal SIGABRT, Aborted.
[Switching to Thread -1245353760 (LWP 5766)]
0xb6b4a947 in raise () from /lib/tls/libc.so.6
(gdb) backtrace
#0 0xb6b4a947 in raise () from /lib/tls/libc.so.6
#1 0xb6b4c0c9 in abort () from /lib/tls/libc.so.6
#2 0xb6b8008a in __fsetlocking () from /lib/tls/libc.so.6
#3 0xb6b8794f in mallopt () from /lib/tls/libc.so.6
#4 0xb6b879f2 in free () from /lib/tls/libc.so.6
#5 0xb5567b31 in g_free () from /usr/lib/libglib-2.0.so.0
#6 0xb1f2b885 in gnome_vfs_file_info_clear () from
/usr/lib/libgnomevfs-2.so.0
#7 0xb1f29489 in gnome_vfs_directory_read_next () from
/usr/lib/libgnomevfs-2.so.0
#8 0xb1f905f5 in gvfs::DataSupplier::getData () from
/usr/lib/openoffice/program/ucpgvfs1.uno.so
#9 0xb1f90a57 in gvfs::DataSupplier::getResult () from
/usr/lib/openoffice/program/ucpgvfs1.uno.so
#10 0xb74736a2 in ucb::ResultSet::next () from
/usr/lib/openoffice/program/libucbhelper3gcc3.so
#11 0xb799aa4e in TTProperties::IsA () from
/usr/lib/openoffice/program/libsvt680li.so
#12 0xb799c664 in TTProperties::IsA () from
/usr/lib/openoffice/program/libsvt680li.so
#13 0xb79a609b in svtools::QueryDeleteDlg_Impl::QueryDeleteDlg_Impl ()
from /usr/lib/openoffice/program/libsvt680li.so
#14 0xb79a64a6 in svtools::QueryDeleteDlg_Impl::QueryDeleteDlg_Impl ()
from /usr/lib/openoffice/program/libsvt680li.so
#15 0xb79a65f9 in SvtFileView::ExecuteFilter () from
/usr/lib/openoffice/program/libsvt680li.so
#16 0xb79a6675 in SvtFileView::Initialize () from
/usr/lib/openoffice/program/libsvt680li.so
#17 0xad387ca3 in ?? () from /usr/lib/openoffice/program/fps_office.uno.so
#18 0xad3a0f1d in component_writeInfo () from
/usr/lib/openoffice/program/fps_office.uno.so
#19 0xad3a1095 in component_writeInfo () from
/usr/lib/openoffice/program/fps_office.uno.so
#20 0xad3a45f9 in component_writeInfo () from
/usr/lib/openoffice/program/fps_office.uno.so
#21 0xad3a5295 in component_writeInfo () from
/usr/lib/openoffice/program/fps_office.uno.so
#22 0xad3a52d4 in component_writeInfo () from
/usr/lib/openoffice/program/fps_office.uno.so
#23 0xb79adeb2 in SvLBox::DoubleClickHdl () from
/usr/lib/openoffice/program/libsvt680li.so
#24 0xb799d61d in SvtFileView::GetHelpId () from
/usr/lib/openoffice/program/libsvt680li.so
#25 0xb79ba9a6 in non-virtual thunk to
SvHeaderTabListBox::CreateAccessibleCell(long, unsigned short) () from
/usr/lib/openoffice/program/libsvt680li.so
#26 0xb79e580a in SvTreeListBox::MouseButtonDown () from
/usr/lib/openoffice/program/libsvt680li.so
#27 0xb7e3761c in Window::~Window () from
/usr/lib/openoffice/program/libvcl680li.so
#28 0xb7e386c0 in Window::~Window () from
/usr/lib/openoffice/program/libvcl680li.so
#29 0xb5b1c110 in atk_object_wrapper_ref () from
/usr/lib/openoffice/program/libvclplug_gtk680li.so
#30 0xb5927250 in _gtk_marshal_BOOLEAN__BOXED () from
/usr/lib/libgtk-x11-2.0.so.0
#31 0xb562498b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#32 0xb5634f2d in g_signal_chain_from_overridden () from
/usr/lib/libgobject-2.0.so.0
#33 0xb5636208 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#34 0xb56365d9 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#35 0xb5a10f64 in gtk_widget_get_default_style () from
/usr/lib/libgtk-x11-2.0.so.0
#36 0xb5920bd3 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#37 0xb5921e07 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#38 0xb57baeea in _gdk_events_init () from /usr/lib/libgdk-x11-2.0.so.0
#39 0xb5560731 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#40 0xb55637a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#41 0xb5563d27 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#42 0xb5af636d in ?? () from
/usr/lib/openoffice/program/libvclplug_gtk680li.so
#43 0x00000000 in ?? ()
!!! Single-stepping with gdb indicated a crash on g_free (info->mime_type);
I added the following debug logging to gnome-vfs-file-info.c (which may
explain why I find the stated pointer address is sometimes different):
fprintf(stderr, "--- info = %lx: ", (long unsigned)info);
fprintf(stderr, "name = %lx; ", (long unsigned)info->name);
fprintf(stderr, "symlink_name = %lx; ", (long
unsigned)info->symlink_name);
fprintf(stderr, "mime_type = %lx\n", (long unsigned)info->mime_type);
[example output available on request]
This reveals that the 'info' value passed to gnome_vfs_file_info_clear
references a memory location with info->name = 0, info->symlink_name =
0, but info->mime_type = <a probably meaningless memory location>.
This suggests to me that the problem in gnome_vfs_file_info_clear is
either that it is being called with a dud 'info' value, or else that the
info->mime_type variable has previously been mis-set.
Incidentally, gdb also indicated that gnome_vfs_file_info_new is not the
function called for creating the info data structures employed by the
'save as' file dialog - gnome_vfs_file_info_new is never caller - which
is why I don't see this as a gnomevfs bug.
Instead my guess is that we have a bug in the structures created by
/usr/lib/openoffice/program/ucpgvfs1.uno.so - which would make this an
openoffice.org-gnome bug.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.20.4-1
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages openoffice.org-gnome depends on:
ii gconf2 2.16.1-1 GNOME configuration
database syste
ii libbonobo2-0 2.14.0-3 Bonobo CORBA interfaces library
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libgcc1 1:4.1.1-21 GCC support library
ii libgconf2-4 2.16.1-1 GNOME configuration
database syste
ii libglib2.0-0 2.12.4-2 The GLib library of C routines
ii libgnomevfs2-0 1:2.14.2-7 GNOME virtual file-system
(runtime
ii liborbit2 1:2.14.7-0.1 libraries for ORBit2 - a
CORBA ORB
ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3
ii libstlport4.6c2 4.6.2-3 STLport C++ class library
ii openoffice.org-core 2.0.4.dfsg.2-7etch1 OpenOffice.org office suite
archit
ii openoffice.org-gtk 2.0.4.dfsg.2-7etch1 GTK Integration for
OpenOffice.org
openoffice.org-gnome recommends no packages.
-- no debconf information
Reply to: