Attachment 139127 Details for Bug 113755 – some rough notes / code-reading.

some rough notes / code-reading.

sfx-slot-pool-crash.txt (text/plain), 6.84 KB, created by Michael Meeks on 2018-01-16 12:10:58 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Meeks

Created: 2018-01-16 12:10:58 UTC

Size: 6.84 KB

patch

obsolete

>
>
>http://crashreport.libreoffice.org/stats/crash_details/a7d8fd19-0512-4292-b3a0-140dcff204c8
>
>GDIHandles	128
>Language	en-SG
>BuildID	2524958677847fb3bb44820e40380acbe820f960
>OpenGLDriver	22.20.16.4691
>ProductName	LibreOffice
>ShutDown	true
>OpenGLVendor	0x8086
>UseOpenGL	false
>OpenGLDevice	0x1916
>
>Crash|EXCEPTION_ACCESS_VIOLATION_READ|0x14|0
>	+ ie. a NULL ptr de-reference ...
>
>sal_Bool SAL_CALL Desktop::terminate()
>...
>framework/source/services/desktop.cxx:        CrashReporter::AddKeyValue("ShutDown", OUString::boolean(true));
>
>
>Frame	Module	Signature	Source
>0	mergedlo.dll	SfxSlotPool::GetSlotPool(SfxViewFrame *)	sfx2/source/control/msgpool.cxx:282
>
>SfxSlotPool& SfxSlotPool::GetSlotPool( SfxViewFrame *pFrame )
>{
>    SfxModule *pMod = SfxModule::GetActiveModule( pFrame );
>    if ( pMod && pMod->GetSlotPool() )
>        return *pMod->GetSlotPool();
>    else
>        return *SfxGetpApp()->Get_Impl()->pSlotPool;
>}
>
>include/sfx2/app.hxx:inline SfxApplication* SfxGetpApp()
>include/sfx2/app.hxx-{
>include/sfx2/app.hxx-    return SfxApplication::Get();
>include/sfx2/app.hxx-}
>
>SfxApplication* SfxApplication::Get()
>{
>    return g_pSfxApplication;
>}
>
>// null'd by this guy:
>SfxApplication::SfxApplication()
>    : pImpl( new SfxAppData_Impl )
>
>sfx2/source/appl/app.cxx:        g_pSfxApplication = new SfxApplication;
>	=> apparently never deleted - so ... shoudl be live forever & leaked.
>	*** Check wrt. valgrind etc. ? ***
>
>    std::unique_ptr<SfxAppData_Impl>            pImpl;
>    SAL_DLLPRIVATE SfxAppData_Impl* Get_Impl() const { return pImpl.get(); }
>
>	+ pImpl appears never to be reset or cleared either.
>
>class SVL_DLLPUBLIC SfxBroadcaster
>{
>    struct Impl;
>    std::unique_ptr<Impl> mpImpl;					0x00
>
>class SFX2_DLLPUBLIC SfxShell: public SfxBroadcaster
>{
>    friend class SfxObjectItem;
>
>    std::unique_ptr< SfxShell_Impl >              pImpl;		0x04
>    SfxItemPool*                pPool;					0x08
>    ::svl::IUndoManager*        pUndoMgr;				0x10
>
>class SFX2_DLLPUBLIC SfxApplication: public SfxShell
>{
>    std::unique_ptr<SfxAppData_Impl>            pImpl;			0x14 ? ... [ huh? ] ...
>	+ could that be 0x14 offset on a 32bit build ?
>
>    SfxSlotPool*                pSlotPool;
>	+ this guy is NULL [!] ... (deep into the struct - is not 0x14 offset)
>
>sfx2/inc/msgpoolhxx:
>class SFX2_DLLPUBLIC SfxSlotPool ...
>
>	+ re-referencing a NULL ptr though (?) this * ...
>
>* Surely we have a NULL SfxApplication (somehow)
>	+ how can that happen !? ... =)
>	+ some headless / scripting case or ? ...
>
>***	+ check the lifecycle of that beastie. ***
>
>1	mergedlo.dll	TransformItems(unsigned short,SfxItemSet const &,com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &,SfxSlot const *)	sfx2/source/appl/appuno.cxx:914
>
>    if ( !pSlot )
>        pSlot = SFX_SLOTPOOL().GetSlot( nSlotId );
>
>    if ( !pSlot)
>        return;
>
>2	mergedlo.dll	SfxBaseModel::getArgs()	sfx2/source/doc/sfxbasemodel.cxx:954
>
>
>        TransformItems( SID_OPENDOC, *(m_pData->m_pObjectShell->GetMedium()->GetItemSet()), seqArgsNew );
>        TransformParameters( SID_OPENDOC, m_pData->m_seqArguments, aSet );
>        TransformItems( SID_OPENDOC, aSet, seqArgsOld );
>
>3	swlo.dll	SwXTextDocument::getArgs()	sw/source/uibase/uno/unotxdoc.cxx:594
>4	ucptdoc1lo.dll	tdoc_ucp::OfficeDocumentsManager::isDocumentPreview(com::sun::star::uno::Reference<com::sun::star::frame::XModel> const &)	ucb/source/ucp/tdoc/tdoc_docmgr.cxx:572
>5	ucptdoc1lo.dll	tdoc_ucp::OfficeDocumentsManager::isOfficeDocument(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const &)	ucb/source/ucp/tdoc/tdoc_docmgr.cxx:681
>6	ucptdoc1lo.dll	tdoc_ucp::OfficeDocumentsManager::documentEventOccured(com::sun::star::document::DocumentEvent const &)	ucb/source/ucp/tdoc/tdoc_docmgr.cxx:241
>7	ucptdoc1lo.dll	tdoc_ucp::OfficeDocumentsManager::OfficeDocumentsCloseListener::notifyClosing(com::sun::star::lang::EventObject const &)	ucb/source/ucp/tdoc/tdoc_docmgr.cxx:68
>
>	* Do we really need this listening ? after desktop::terminate ?
>
>8	mergedlo.dll	SfxBaseModel::close(unsigned char)	sfx2/source/doc/sfxbasemodel.cxx:1355
>9	swlo.dll	SwXTextDocument::close(unsigned char)	sw/source/uibase/uno/unotxdoc.cxx:617
>
>void SwXTextDocument::close( sal_Bool bDeliverOwnership )
>{
>    SolarMutexGuard aGuard;
>    if(IsValid() && m_pHiddenViewFrame)
>        lcl_DisposeView( m_pHiddenViewFrame, pDocShell);
>    SfxBaseModel::close(bDeliverOwnership);
>}
>
>10	mergedlo.dll	SfxObjectShell::CloseInternal()	sfx2/source/doc/objxtor.cxx:408
>11	mergedlo.dll	SfxObjectShell::Close()	sfx2/source/doc/objxtor.cxx:389
>12	swlo.dll	SwTransferable::~SwTransferable()	sw/source/uibase/dochdl/swdtflvr.cxx:256
>
>        SwDocShell* pDocSh = static_cast<SwDocShell*>(pObj);
>        pDocSh->DoClose();
>
>13	swlo.dll	SwTransferable::`vector deleting destructor'(unsigned int)
>14	cppuhelper3MSC.dll	cppu::OWeakObject::release()	cppuhelper/source/weak.cxx:232
>15	sysdtrans.dll	`anonymous namespace'::AsyncDereference::notify	dtrans/source/win32/dtobj/XTDataObject.cxx:99
>16	mergedlo.dll	`anonymous namespace'::AsyncCallback::Notify_Impl	toolkit/source/awt/asynccallback.cxx:106
>17	mergedlo.dll	ImplHandleUserEvent	vcl/source/window/winproc.cxx:1949
>18	mergedlo.dll	ImplWindowFrameProc(vcl::Window *,SalEvent,void const *)	vcl/source/window/winproc.cxx:2499
>19	mergedlo.dll	SalFrameWndProc(HWND__ *,unsigned int,unsigned int,long,int &)	vcl/win/window/salframe.cxx:5766
>20	mergedlo.dll	SalFrameWndProcW(HWND__ *,unsigned int,unsigned int,long)	vcl/win/window/salframe.cxx:5892
>
>sfx2/source/doc/sfxbasemodel.cxx
>
>sfx2/source/inc/docundomanager.hxx:class SfxModelGuard
>    SolarMutexResettableGuard  m_aGuard;
>	    + is the solar mutex ...
>
>
>--- Transient Documents foo ---
>
>  <implementation name="com.sun.star.comp.ucb.TransientDocumentsContentProvider">
>    <service name="com.sun.star.ucb.TransientDocumentsContentProvider"/>
>
>scripting/java/com/sun/star/script/framework/provider/ScriptProvider.java:                              "com.sun.star.frame.TransientDocumentsDocu
>
>scripting/source/inc/util/MiscUtils.hxx-        xDocFac.set(xMCF->createInstanceWithContext(
>scripting/source/inc/util/MiscUtils.hxx:                        "com.sun.star.frame.TransientDocumentsDocumentContentFactory",
>scripting/source/inc/util/MiscUtils.hxx-                        xContext ),
>scripting/source/inc/util/MiscUtils.hxx-                    css::uno::UNO_QUERY );
>
>    Reference<rdf::XDocumentMetadataAccess> GetDMA()
>	...
>sfx2/source/doc/sfxbasemodel.cxx-            const Reference<frame::
>sfx2/source/doc/sfxbasemodel.cxx:                XTransientDocumentsDocumentContentFactory> xTDDCF(
>sfx2/source/doc/sfxbasemodel.cxx-                    xMsf->createInstanceWithContext(
>sfx2/source/doc/sfxbasemodel.cxx:                        "com.sun.star.frame.TransientDocumentsDocumentContentFactory",
>sfx2/source/doc/sfxbasemodel.cxx-                    xContext),
>sfx2/source/doc/sfxbasemodel.cxx-                UNO_QUERY_THROW);
>
>	* Documents with RDF meta-data create this thing ...
>

Actions: View

Attachments on bug 113755: 139127 | 139132