Bug#766788: libreoffice-writer: Crashes with "stack smashing detected"
On Po, říj 27 2014, Rene Engelhard wrote:
> On Mon, Oct 27, 2014 at 11:24:43AM +0100, Michal Sojka wrote:
>> >> I can reproduce this in both unstable and testing
>> >> (1:4.3.3~rc2~git20141011-1). I cannot reproduce this in the version
>> >
>> > And why are you then not marking it as such?
>>
>> How can I do that next time? https://www.debian.org/Bugs/Reporting does
>> not mention how to mark multiple version.
>
> You add 1:4.3.3~rc2~git20141011-1 in Version: and the BTS then knows
> it also affect 1:4.3.3~rc2-1 (see [1])
>
>> >> from libreoffice.org (LibreOffice_4.3.2_Linux_x86-64_deb.tar.gz).
>> >
>> > And with 4.3.3 rc1? (Or rc2 which would be in the next days)
>> > You right now compare a 4.3.2 with a -between-4.3.3-rc1-and-rc2
>> > or 4.3.3 rc2 ;)
>> >
>> >> After the crash the following information appears on the terminal:
>> >>
>> >> *** stack smashing detected ***: /usr/lib/libreoffice/program/soffice.bin terminated
>> >> ======= Backtrace: =========
>> >> /lib/x86_64-linux-gnu/libc.so.6(+0x72faf)[0x7fdd44a1ffaf]
>> >> /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fdd44aa30a7]
>> >> /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7fdd44aa3070]
>> >
>> > But given it runs into the fortify functions it probably won't appear
>> > in 4.3.3 rc1 upstream until it's a real crash also there; upstream doesn't
>> > use those hardening flags.
>>
>> I was able to reproduce this in my own build of libreoffice. Any hint
>
> But probably without hardening or with?
With. I run
eval $(dpkg-buildflags --export=sh)
which corresponds to
export CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security"
export CPPFLAGS="-D_FORTIFY_SOURCE=2"
export CXXFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security"
export FCFLAGS="-g -O2 -fstack-protector-strong"
export FFLAGS="-g -O2 -fstack-protector-strong"
export GCJFLAGS="-g -O2 -fstack-protector-strong"
export LDFLAGS="-Wl,-z,relro"
export OBJCFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security"
export OBJCXXFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security"
before compiling.
> Same backtrace or something else?
Probably the same, but with more information:
#0 0x0000003e6d435077 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x0000003e6d436458 in __GI_abort () at abort.c:89
#2 0x0000003e6d472fb4 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x3e6d56360b "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x0000003e6d4f60a7 in __GI___fortify_fail (msg=msg@entry=0x3e6d5635f3 "stack smashing detected") at fortify_fail.c:31
#4 0x0000003e6d4f6070 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x00007ffff3ea42c3 in HbLayoutEngine::layout (this=0x16cf0d0, rLayout=..., rArgs=...) at /home/wsh/src/libreoffice/vcl/generic/glyphs/gcach_layout.cxx:541
#6 0x00007ffff3be0f13 in OutputDevice::ImplLayout (this=this@entry=0xf2bf60, rOrigStr=..., nMinIndex=nMinIndex@entry=0, nLen=nLen@entry=130, rLogicalPos=...,
nLogicalWidth=nLogicalWidth@entry=0, pDXArray=0x0) at /home/wsh/src/libreoffice/vcl/source/outdev/text.cxx:1289
#7 0x00007ffff3be151d in OutputDevice::GetTextBreak (this=0xf2bf60, rStr=..., nTextWidth=nTextWidth@entry=9638, nIndex=nIndex@entry=0, nLen=nLen@entry=130, nCharExtra=nCharExtra@entry=0)
at /home/wsh/src/libreoffice/vcl/source/outdev/text.cxx:1336
#8 0x00007fffd68dd2fb in SwFont::GetTxtBreak (this=0x16f2290, rInf=..., nTextWidth=nTextWidth@entry=9638) at /home/wsh/src/libreoffice/sw/source/core/txtnode/fntcache.cxx:2455
#9 0x00007fffd6849b5f in SwTxtSizeInfo::GetTxtBreak (this=this@entry=0x7fffffff9b00, nLineWidth=nLineWidth@entry=9638, nMaxLen=nMaxLen@entry=130, nComp=nComp@entry=0)
at /home/wsh/src/libreoffice/sw/source/core/text/inftxt.cxx:421
#10 0x00007fffd6846aca in SwTxtGuess::Guess (this=this@entry=0x7fffffff8ca0, rPor=..., rInf=..., nPorHeight=<optimized out>) at /home/wsh/src/libreoffice/sw/source/core/text/guess.cxx:163
#11 0x00007fffd688d5dd in SwTxtPortion::_Format (this=0x7fffe401b000, rInf=...) at /home/wsh/src/libreoffice/sw/source/core/text/portxt.cxx:303
#12 0x00007fffd6863ded in SwTxtFormatter::BuildPortions (this=this@entry=0x7fffffff9d00, rInf=...) at /home/wsh/src/libreoffice/sw/source/core/text/itrform2.cxx:535
#13 0x00007fffd6865155 in SwTxtFormatter::FormatLine (this=this@entry=0x7fffffff9d00, nStartPos=<optimized out>) at /home/wsh/src/libreoffice/sw/source/core/text/itrform2.cxx:1545
#14 0x00007fffd6838957 in SwTxtFrm::FormatLine (this=this@entry=0x7fffdc112000, rLine=..., bPrev=bPrev@entry=true) at /home/wsh/src/libreoffice/sw/source/core/text/frmform.cxx:1126
#15 0x00007fffd683e814 in SwTxtFrm::_Format (this=this@entry=0x7fffdc112000, rLine=..., rInf=..., bAdjust=bAdjust@entry=false) at /home/wsh/src/libreoffice/sw/source/core/text/frmform.cxx:1488
#16 0x00007fffd683f7f9 in SwTxtFrm::_Format (this=this@entry=0x7fffdc112000, pPara=<optimized out>) at /home/wsh/src/libreoffice/sw/source/core/text/frmform.cxx:1662
#17 0x00007fffd6840ade in SwTxtFrm::Format (this=0x7fffdc112000) at /home/wsh/src/libreoffice/sw/source/core/text/frmform.cxx:1809
#18 0x00007fffd672247f in SwCntntFrm::MakeAll (this=0x7fffdc112000) at /home/wsh/src/libreoffice/sw/source/core/layout/calcmove.cxx:1330
#19 0x00007fffd672026d in SwFrm::PrepareMake (this=0x7fffdc112000) at /home/wsh/src/libreoffice/sw/source/core/layout/calcmove.cxx:337
#20 0x00007fffd6763131 in SwLayAction::_TurboAction (this=this@entry=0x7fffffffaac0, pCnt=0x7fffdc112000) at /home/wsh/src/libreoffice/sw/source/core/layout/layact.cxx:824
#21 0x00007fffd676345a in SwLayAction::TurboAction (this=0x7fffffffaac0) at /home/wsh/src/libreoffice/sw/source/core/layout/layact.cxx:878
#22 0x00007fffd67650dd in SwLayAction::Action (this=this@entry=0x7fffffffaac0) at /home/wsh/src/libreoffice/sw/source/core/layout/layact.cxx:356
#23 0x00007fffd6b24325 in SwViewShell::ImplEndAction (this=this@entry=0x14f58b0, bIdleEnd=bIdleEnd@entry=false) at /home/wsh/src/libreoffice/sw/source/core/view/viewsh.cxx:249
#24 0x00007fffd6449ce3 in EndAction (bIdleEnd=false, this=0x14f58b0) at /home/wsh/src/libreoffice/sw/inc/viewsh.hxx:600
#25 SwCrsrShell::EndAction (this=this@entry=0x14f58b0, bIdleEnd=bIdleEnd@entry=false) at /home/wsh/src/libreoffice/sw/source/core/crsr/crsrsh.cxx:251
#26 0x00007fffd66905b2 in SwEditShell::EndAllAction (this=this@entry=0x14f58b0) at /home/wsh/src/libreoffice/sw/source/core/edit/edws.cxx:87
#27 0x00007fffd6676288 in SwEditShell::Insert2 (this=this@entry=0x14f58b0, rStr=..., bForceExpandHints=bForceExpandHints@entry=false)
at /home/wsh/src/libreoffice/sw/source/core/edit/editsh.cxx:159
#28 0x00007fffd6ebfb22 in SwWrtShell::Insert (this=this@entry=0x14f58b0, rStr=...) at /home/wsh/src/libreoffice/sw/source/core/uibase/wrtsh/wrtsh1.cxx:226
#29 0x00007fffd6d0e72f in SwEditWin::FlushInBuffer (this=0x14ec1a0) at /home/wsh/src/libreoffice/sw/source/core/uibase/docvw/edtwin.cxx:942
#30 0x00007fffd6d16090 in SwEditWin::KeyInput (this=0x14ec1a0, rKEvt=...) at /home/wsh/src/libreoffice/sw/source/core/uibase/docvw/edtwin.cxx:2635
#31 0x00007ffff3b23775 in ImplHandleKey (pWindow=pWindow@entry=0x13f8130, nSVEvent=nSVEvent@entry=4, nKeyCode=<optimized out>, nCharCode=<optimized out>, nRepeat=<optimized out>,
bForward=bForward@entry=true) at /home/wsh/src/libreoffice/vcl/source/window/winproc.cxx:1034
#32 0x00007ffff3b26c97 in ImplWindowFrameProc (pWindow=0x13f8130, nEvent=<optimized out>, pEvent=0x7fffffffc300) at /home/wsh/src/libreoffice/vcl/source/window/winproc.cxx:2324
#33 0x00007fffed98fb82 in CallCallback (pEvent=0x7fffffffc300, nEvent=5, this=0x13216f0) at /home/wsh/src/libreoffice/vcl/inc/salframe.hxx:243
#34 GtkSalFrame::doKeyCallback (this=0x13216f0, state=16, keyval=<optimized out>, hardware_keycode=<optimized out>, group=<optimized out>, time=<optimized out>, aOrigCode=91, bDown=true,
bSendRelease=true) at /home/wsh/src/libreoffice/vcl/unx/gtk/window/gtksalframe.cxx:477
#35 0x00007fffed990601 in GtkSalFrame::IMHandler::signalIMCommit (pText=<optimized out>, im_handler=0x1697f70) at /home/wsh/src/libreoffice/vcl/unx/gtk/window/gtksalframe.cxx:4263
#36 0x0000003e71012ec0 in g_cclosure_marshal_VOID__STRINGv () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#37 0x0000003e71010474 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#38 0x0000003e7102a057 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#39 0x0000003e7102aefa in g_signal_emit_by_name () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#40 0x0000003e71012ec0 in g_cclosure_marshal_VOID__STRINGv () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#41 0x0000003e71010474 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#42 0x0000003e7102a057 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#43 0x0000003e7102aefa in g_signal_emit_by_name () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#44 0x00000039f25192a0 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#45 0x00000039f2519b7d in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#46 0x00000039f251ba03 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#47 0x00007fffed9908ed in GtkSalFrame::IMHandler::handleKeyEvent (this=0x1697f70, pEvent=pEvent@entry=0x146c0a0) at /home/wsh/src/libreoffice/vcl/unx/gtk/window/gtksalframe.cxx:4127
#48 0x00007fffed9910c7 in GtkSalFrame::signalKey (pEvent=0x146c0a0, frame=0x13216f0) at /home/wsh/src/libreoffice/vcl/unx/gtk/window/gtksalframe.cxx:3747
#49 0x00000039f253295f in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#50 0x0000003e71010245 in g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#51 0x0000003e71021f3c in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#52 0x0000003e7102a255 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#53 0x0000003e7102a9af in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#54 0x00000039f2649adc in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#55 0x00000039f253117f in gtk_propagate_event () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#56 0x00000039f253153b in gtk_main_do_event () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#57 0x00000039f5a5a77c in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
#58 0x0000003e6f049c5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#59 0x0000003e6f049f48 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#60 0x0000003e6f049ffc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#61 0x00007fffed95d509 in GtkData::Yield (this=0x645330, bWait=true, bHandleAllCurrentEvents=<optimized out>) at /home/wsh/src/libreoffice/vcl/unx/gtk/app/gtkdata.cxx:575
#62 0x00007ffff3dc4e1e in ImplYield (i_bAllEvents=false, i_bWait=true) at /home/wsh/src/libreoffice/vcl/source/app/svapp.cxx:359
#63 Application::Yield () at /home/wsh/src/libreoffice/vcl/source/app/svapp.cxx:391
#64 0x00007ffff3dc4ec5 in Application::Execute () at /home/wsh/src/libreoffice/vcl/source/app/svapp.cxx:340
#65 0x00007ffff7afbc26 in desktop::Desktop::Main (this=0x7fffffffdcd0) at /home/wsh/src/libreoffice/desktop/source/app/app.cxx:1682
#66 0x00007ffff3dcb132 in ImplSVMain () at /home/wsh/src/libreoffice/vcl/source/app/svmain.cxx:155
#67 0x00007ffff3dcb162 in SVMain () at /home/wsh/src/libreoffice/vcl/source/app/svmain.cxx:188
#68 0x00007ffff7b23f45 in soffice_main () at /home/wsh/src/libreoffice/desktop/source/app/sofficemain.cxx:85
#69 0x000000000040080b in sal_main () at /home/wsh/src/libreoffice/desktop/source/app/main.c:48
#70 main (argc=<optimized out>, argv=<optimized out>) at /home/wsh/src/libreoffice/desktop/source/app/main.c:47
>
>> how to best debug this with gdb?
>
> I've so far sucessfully avoided this except getting a bt - which we already
> have ;)
I may try looking at it.
> Job for upstream :)
Did you file it upstream?
Thanks,
-Michal
Reply to: