Summary: | With NVDA active launching Special Character dialog using Insert -> Special Character, or via F7 Spell check causes a fatal error. With using Standard Toolbar button it also hangs but without crash. | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | am_dxer <am_dxer> |
Component: | Writer | Assignee: | Not Assigned <libreoffice-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | aron.budea, caolan.mcnamara, fdbugs, jamie, marcozehe, michael.stahl, noelgrandin, quikee, serval2412, sleeping.pillow, vsfoote, xiscofauli |
Priority: | highest | Keywords: | bibisected, bisected, haveBacktrace |
Version: | 5.0.0.5 release | ||
Hardware: | All | ||
OS: | Windows (All) | ||
Whiteboard: | target:5.4.0 target:5.2.6 target:5.3.1 | ||
Crash report or crash signature: | Regression By: | ||
Bug Depends on: | |||
Bug Blocks: | 60251 | ||
Attachments: | WinDbg 64-bit w symbols StackTrace of DMP taken via Taskmanager |
Description
am_dxer
2017-02-02 18:28:21 UTC
I can't reproduce it in Version: 5.4.0.0.alpha0+ Build ID: fc53cce64400430cdc21f79c959d75fb9a26d13d CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: x11; Locale: ca-ES (ca_ES.UTF-8); Calc: group I forgot to mansion one step. When focus with tab lands on the Paste button, you have to press the right arrow to focus the Special Character button. I have the issue in: Version: 5.4.0.0.alpha0+ Build ID: d7736283aae4a79aa497bd2196a076ff402e671f CPU Threads: 4; OS Version: Windows 6.1; UI Render: default; TinderBox: Win-x86@42, Branch:master, Time: 2017-02-02_00:30:31 Locale: en-US (en_US); Calc: group (In reply to am_dxer from comment #2) > I forgot to mansion one step. When focus with tab lands on the Paste button, > you have to press the right arrow to focus the Special Character button. In my case, tab never lands on the paste button. Could you please record a screencast ? Hello, I am blind so a screen cast is difficult. I do think the version you tested with is too old to reproduce this bug. The commit that caused the bug occurred only a day ago. Can you try with the latest version of master? I can reproduce it as well in: Version: 5.4.0.0.alpha0+ Build ID: 789ed159fb03eef26c991f361380d0eb7b509cd9 CPU Threads: 4; OS Version: Windows 6.1; UI Render: default; TinderBox: Win-x86@42, Branch:master, Time: 2017-02-03_01:06:06 Locale: en-US (en_US); Calc: group On pc Debian x86-64 with master sources updated today + gen rendering, I don't reproduce this. Do you reproduce this on a brand new empty document or with a specific document? If specific, would it be possible you attach it by using this link: https://bugs.documentfoundation.org/attachment.cgi?bugid=105712&action=enter ? (have in mind that any attachment is automatically made public, so remove any private/confidential part from it) It could be useful to retrieve a backtrace by following this link: https://wiki.documentfoundation.org/QA/BugReport/Debug_Information#GNU.2FLinux:_How_to_get_a_backtrace I tested this on Linux and can confirm that the bug does not appear on Linux. I could reproduce it on two Windows machines. Can anyone reproduce this on Windows? I can't reproduce it in Versión: 5.3.0.3 Id. de compilación: 7074905676c47b82bbcfbea1aeefc84afe1c50e1 Subpr. de CPU: 1; Versión de SO: Windows 6.1; Repr. de IU: predet.; Motor de trazado: HarfBuzz; Configuración regional: es-ES (es_ES); Calc: group This bug doesn't exist in 5.3. Can you try with a tinderbox build of 5.4? (In reply to am_dxer from comment #11) > This bug doesn't exist in 5.3. Can you try with a tinderbox build of 5.4? The special character dialog is open when pressing OK in Version: 5.4.0.0.alpha0+ Build ID: a296a69c984b17cfbcd249cf6bdc191d08dff2a6 CPU Threads: 1; OS Version: Windows 6.1; UI Render: default; TinderBox: Win-x86@42, Branch:master, Time: 2017-02-06_00:00:55 Locale: es-ES (es_ES); Calc: group That should be new enough. The commit that causes this problem was in response to bugg 100438. Before that, the Special Character button was not in the tab order. Could you explain more clearly what you mean by pressing the OK Button, To reproduce this, I first open the spell check dialog. Next I use the Shift+Tab key and focus is placed in the edit box for making a correction. Next, I press Shift+Tab again, my screen reader NVDA says "Toolbar, Special Character button". I do not press an OK button at any time during the steps that cause a crash. I will add a11y to this in case its only an accessibility bug. Sorry, I meant press key instead of OK... I can reproduce it when NVDA is running Version: 5.4.0.0.alpha0+ Build ID: a296a69c984b17cfbcd249cf6bdc191d08dff2a6 CPU Threads: 1; OS Version: Windows 6.1; UI Render: default; TinderBox: Win-x86@42, Branch:master, Time: 2017-02-06_00:00:55 Locale: es-ES (es_ES); Calc: group Created attachment 131194 [details] WinDbg 64-bit w symbols StackTrace of DMP taken via Taskmanager Confirming on Windows 8.1 Ent 64-bit en-US with AT NVDA 2016.4 screen reader active and Version: 5.3.0.3 (x64) Build ID: 7074905676c47b82bbcfbea1aeefc84afe1c50e1 CPU Threads: 8; OS Version: Windows 6.29; UI Render: default; Layout Engine: new; Locale: en-US (en_US); Calc: group STR as reported. 1. NVDA a11y screen reader enabled and sounding 2. New Writer document with a few typos. 3. F7 to launch spell check dialog 4. select first mispelling, the "Special Character" button activates 5. select the "Special Character" button action 6. immediate message dialog "LibreOffice 5.3 - Fatal Error" 7. use Taskmanager to "Create dump file" 8. OK to close LibreOffice 9. Open the DMP file in WinDbg and pull StackTrace with "~* kp" 10. run "analyze -v" against the DMP. Attaching StackTrace (here) and next the DMP file, below is WinDbg analyze -v of the DMP file. Look to be hitting a breakpoint. For some reason, with NVDA running the google_breakpad::ExceptionHandler::ExceptionHandlerThreadMain does not run. Disabling NVDA 2016.4 and repeating a new document with spelling errors, F7 and the Special Character dialog immediately pops-open and can be selected. =-WinDbg analyze -v of crash dump-= Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\gof509\AppData\Local\Temp\soffice (3).DMP] User Mini Dump File with Full Memory: Only application data is available 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* FAULTING_IP: +8bcad30650 00000000`00000000 ?? ??? EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 0000000000000000 ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 0 CONTEXT: 0000000000000000 -- (.cxr 0x0;r) rax=0000000000000040 rbx=0000000000000000 rcx=00007ff8f2fde51b rdx=00007ff8f1120000 rsi=0000000000000001 rdi=00000000002e09e6 rip=00007ff91bad104a rsp=0000004c92d9b918 rbp=0000004c936ae9e0 r8=0000000000000000 r9=0000000000000000 r10=0000004c92d9b680 r11=0000004c92d88000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000001 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 user32!NtUserWaitMessage+0xa: 00007ff9`1bad104a c3 ret FAULTING_THREAD: 0000000000000b24 DEFAULT_BUCKET_ID: STATUS_BREAKPOINT PROCESS_NAME: _socket.pyd ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached. EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: _socket.pyd ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT LAST_CONTROL_TRANSFER: from 00007ff91bb05b77 to 00007ff91bad104a STACK_TEXT: 0000004c`92d9b918 00007ff9`1bb05b77 : 00000000`00000000 0000004c`936ae9e0 00000000`00000001 00000000`00000001 : user32!NtUserWaitMessage+0xa 0000004c`92d9b920 00007ff9`1bb076e2 : 00000000`00000000 00007ff9`1bb08b10 00000000`00000000 00007ff9`1badb7cd : user32!DialogBox2+0x212 0000004c`92d9b9b0 00007ff9`1bb099a2 : 00000000`00010005 0000004c`92d9bae9 0000004c`92d9bd20 00000000`00000000 : user32!InternalDialogBox+0x132 0000004c`92d9ba10 00007ff9`1bb0913d : 00007ff9`000000c4 00007ff9`00000103 0000004c`a4156590 00000000`00000001 : user32!SoftModalMessageBox+0xee1 0000004c`92d9bb50 00007ff9`1bb581ba : 00007ff9`0904e188 00000000`00000000 0000004c`9d39c6d0 00007ff9`0902c018 : user32!MessageBoxWorker+0x2eb 0000004c`92d9bd00 00007ff9`1bb5822e : 00007ff8`f2c0c70a 00007ff8`f2fd995e 0000004c`9d39c6d0 0000004c`9d34b870 : user32!MessageBoxTimeoutW+0xba 0000004c`92d9be00 00007ff8`f1f71ce4 : 0000004c`92d9e450 00000000`00000000 0000004c`92d9e450 0000004c`92fc99a0 : user32!MessageBoxW+0x4e 0000004c`92d9be40 00007ff8`f3cb88dc : 00000000`00000000 0000004c`9d34b868 0000004c`9d39c6c8 00007ff9`0f4e3403 : mergedlo!desktop::`anonymous namespace'::FatalError+0x114 0000004c`92d9bea0 00007ff9`0f526920 : 00007ff8`f3cb88b5 0000004c`92d9f520 0000004c`92d9f520 00000000`00000000 : mergedlo!`desktop::Desktop::Main'::`1'::catch$2+0x27 0000004c`92d9bef0 00007ff9`0f51e36d : 00007ff8`f3cb88b5 0000004c`92d9d268 00000000`00000100 00000000`00000000 : msvcr120!_CallSettingFrame+0x20 0000004c`92d9bf20 00007ff9`1bce2a63 : 00000000`00000000 0000004c`92d9e2e0 00000000`00000000 00000000`00000000 : msvcr120!__CxxCallCatchBlock+0xf5 0000004c`92d9bff0 00007ff8`f1f74c99 : 0000004c`00000000 0000004c`96c79718 00000000`00000000 00000000`00000000 : ntdll!RcConsolidateFrames+0x3 0000004c`92d9f520 00007ff8`f2f1062e : 0000004c`95811530 00000000`00000000 00000000`00000001 00007ff8`f582f720 : mergedlo!desktop::Desktop::Main+0x10f9 0000004c`92d9f7a0 00007ff8`f2f109d2 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : mergedlo!ImplSVMain+0x6e 0000004c`92d9f7e0 00007ff8`f1f92cfd : 00000000`00000000 00000000`00000001 0000004c`93175328 00000000`00000000 : mergedlo!SVMain+0x32 0000004c`92d9f810 00007ff7`4151102e : 0000004c`92f44350 00007ff9`1bc557d0 0000004c`92f237c5 00000000`00000001 : mergedlo!soffice_main+0x11d 0000004c`92d9fa60 00007ff7`4151139d : 0000004c`92f237c3 00000000`00000001 00000000`00000001 00000000`00000000 : soffice+0x102e 0000004c`92d9fa90 00007ff9`193a13d2 : 00007ff7`41511240 00007ff7`40c6c000 00000000`00000000 00000000`00000000 : soffice!main+0x35d 0000004c`92d9fad0 00007ff9`1bc654e4 : 00007ff9`193a13b0 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x22 0000004c`92d9fb00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34 STACK_COMMAND: ~0s; .ecxr ; kb FOLLOWUP_IP: mergedlo!`desktop::Desktop::Main'::`1'::catch$2+27 [c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx @ 1697] 00007ff8`f3cb88dc 90 nop FAULTING_SOURCE_LINE: c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx FAULTING_SOURCE_FILE: c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx FAULTING_SOURCE_LINE_NUMBER: 1697 SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: mergedlo!`desktop::Desktop::Main'::`1'::catch$2+27 FOLLOWUP_NAME: MachineOwner MODULE_NAME: mergedlo IMAGE_NAME: mergedlo.dll DEBUG_FLR_IMAGE_TIMESTAMP: 588aff17 FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_mergedlo.dll!_desktop::Desktop::Main_::_1_::catch$2 BUCKET_ID: APPLICATION_FAULT_STATUS_BREAKPOINT_mergedlo!_desktop::Desktop::Main_::_1_::catch$2+27 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_mergedlo.dll!_desktop::desktop::main_::_1_::catch$2 FAILURE_ID_HASH: {bbe234ab-30de-fc54-9338-6cfc4773366d} Followup: MachineOwner --------- This is Windows only while the NVDA screen reader 2016.4 (or 2016.3) is enabled and sounding. Launching Special Character dialog button, Insert -> Special Character, or via F7 Spell check causes a fatal error. While using the Standard toolbar "Special Character" button hangs the UI but without the error popup although the Breakpad Exception Handler is kicked off. Any chance of the Python instances coliding? =-WinDbg 64 while using Standard TB button-= 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* FAULTING_IP: +8920be9660 00000000`00000000 ?? ??? EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 0000000000000000 ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 0 CONTEXT: 0000000000000000 -- (.cxr 0x0;r) rax=00007ff8f582f720 rbx=0000008060b5f440 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000001 rdi=0000000000000000 rip=00007ff91bad26ba rsp=0000008060b5f3d8 rbp=0000000000000000 r8=0000008060b5f3d8 r9=0000000000000000 r10=0000000000000000 r11=0000000000000246 r12=0000000000000000 r13=0000000000000001 r14=0000000000000000 r15=0000000000001244 iopl=0 nv up ei pl zr na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 user32!NtUserGetMessage+0xa: 00007ff9`1bad26ba c3 ret FAULTING_THREAD: 0000000000001244 DEFAULT_BUCKET_ID: STATUS_BREAKPOINT PROCESS_NAME: _socket.pyd ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached. EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: _socket.pyd ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT LAST_CONTROL_TRANSFER: from 00007ff91bad2685 to 00007ff91bad26ba STACK_TEXT: 00000080`60b5f3d8 00007ff9`1bad2685 : 00000000`00000000 00007ff9`18e4155c ffffffff`fffffffe 00007ff8`f2f0f42c : user32!NtUserGetMessage+0xa 00000080`60b5f3e0 00007ff8`f2fddf89 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : user32!GetMessageW+0x25 00000080`60b5f410 00007ff8`f2fddcf1 : 00000000`00000001 00000000`00000001 00000000`00000206 00007ff8`f2fddc1f : mergedlo!ImplSalYield+0xc9 00000080`60b5f480 00007ff8`f2f0a126 : 00000080`60d752f0 00007ff8`f582f720 00000000`00000000 00000080`60cd1ba0 : mergedlo!WinSalInstance::DoYield+0xf1 00000080`60b5f4e0 00007ff8`f2f0871d : 00000080`66885400 00000080`6aec0420 00007ff9`09053750 00000080`60d75440 : mergedlo!ImplYield+0x86 00000080`60b5f540 00007ff8`f1f74c99 : 00000080`00000000 00000080`64a29718 00000000`00000000 00000000`00000000 : mergedlo!Application::Execute+0x13d 00000080`60b5f5a0 00007ff8`f2f1062e : 00000080`635312b0 00000000`00000000 00000000`00000001 00007ff8`f582f720 : mergedlo!desktop::Desktop::Main+0x10f9 00000080`60b5f820 00007ff8`f2f109d2 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : mergedlo!ImplSVMain+0x6e 00000080`60b5f860 00007ff8`f1f92cfd : 00000000`00000000 00000000`00000001 00000080`60f35328 00000000`00000000 : mergedlo!SVMain+0x32 00000080`60b5f890 00007ff7`4151102e : 00000080`60cf4350 00007ff9`1bc557d0 00000080`60cd37c5 00000000`00000001 : mergedlo!soffice_main+0x11d 00000080`60b5fae0 00007ff7`4151139d : 00000080`60cd37c3 00000000`00000001 00000000`00000001 00000000`00000000 : soffice+0x102e 00000080`60b5fb10 00007ff9`193a13d2 : 00007ff7`41511240 00007ff7`406ef000 00000000`00000000 00000000`00000000 : soffice!main+0x35d 00000080`60b5fb50 00007ff9`1bc654e4 : 00007ff9`193a13b0 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x22 00000080`60b5fb80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34 STACK_COMMAND: ~0s; .ecxr ; kb FOLLOWUP_IP: mergedlo!ImplSalYield+c9 [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 602] 00007ff8`f2fddf89 85c0 test eax,eax FAULTING_SOURCE_LINE: c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx FAULTING_SOURCE_FILE: c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx FAULTING_SOURCE_LINE_NUMBER: 602 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: mergedlo!ImplSalYield+c9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: mergedlo IMAGE_NAME: mergedlo.dll DEBUG_FLR_IMAGE_TIMESTAMP: 588aff17 FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_mergedlo.dll!ImplSalYield BUCKET_ID: APPLICATION_FAULT_STATUS_BREAKPOINT_mergedlo!ImplSalYield+c9 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_mergedlo.dll!implsalyield FAILURE_ID_HASH: {bfc47c5c-6d65-cfef-e6c1-f325ca858a1a} Followup: MachineOwner --------- Issue of hanging the LO UI opening the Special Character dialog are present "with NVDA running" on earlier builds of 5.x, no crash noted on a 4.4 install. Setting bibisect request. @Jamie - reluctant to NOB this, but any thoughts on why this would only happen with NVDA active and sounding? =-Tested-= LO hangs with NVDA 2016.4 with Windows 8.1 Ent 64-bit with these builds. Version: 5.3.0.0.beta2+ (x64) Build ID: 371f0f6770add78ae81e0f769d0490874bca353c CPU Threads: 8; OS Version: Windows 6.29; UI Render: GL; Layout Engine: new; TinderBox: Win-x86_64@62-TDF, Branch:libreoffice-5-3, Time: 2016-12-22_13:59:31 Locale: en-US (en_US); Calc: CL 9 Jun 2016 Version: 5.3.0.0.beta2 (x64) Build ID: a7e30712ad6d8bc9286007b37aa581983e0caba3 CPU Threads: 8; OS Version: Windows 6.29; UI Render: default; Layout Engine: new; Locale: en-US (en_US); Calc: CL 31 Oct 2016 Version: 5.2.3.3 (x64) Build ID: d54a8868f08a7b39642414cf2c8ef2f228f780cf CPU Threads: 8; OS Version: Windows 6.29; UI Render: default; Locale: en-US (en_US); Calc: CL 5 May 2016 Version: 5.0.6.3 (x64) Build ID: 490fc03b25318460cfc54456516ea2519c11d1aa Locale: en-US (en_US) NVDA is nowhere in the call stack here, so this is almost certainly not related to NVDA code. Most likely, it's a bug in the accessibility code (which doesn't run while NVDA isn't running, hence the lack of crash when NVDA isn't running). Debugging this is painful because LO catches unhandled C++ exceptions and displays a fatal error dialog, but in WinDBG, we lose the exception that was caught (or at least, I don't know how to get to it). Catching first chance C++ exceptions helps, but there are quite a lot of them, so knowing which one triggered the fatal error is tricky. Any advice on this? I *think* the following is the exception in question and it is indeed related to accessibility code. Here's the stack trace: # ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 00 0171e968 662b9339 KERNELBASE!RaiseException+0x62 01 0171e9a8 639231c2 msvcr120!_CxxThrowException(void * pExceptionObject = 0x0171e9c4, struct _s__ThrowInfo * pThrowInfo = 0x654eeb58)+0x5b [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152] 02 0171e9e4 61cf637b mergedlo!svx::SvxShowCharSetVirtualAcc::getAccessibleChild(long i = 0n0)+0x172 [c:\cygwin64\home\buildslave\source\libo-core\svx\source\accessibility\charmapacc.cxx @ 131] 03 0171ea28 61cf63b0 winaccessibility!AccTopWindowListener::AddAllListeners(class com::sun::star::accessibility::XAccessible * pAccessible = 0x093741cc, class com::sun::star::accessibility::XAccessible * pParentXAcc = 0x09373c64, struct HWND__ * pWND = 0x000b0652)+0xfb [c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx @ 174] 04 0171ea6c 61cf63b0 winaccessibility!AccTopWindowListener::AddAllListeners(class com::sun::star::accessibility::XAccessible * pAccessible = 0x09373c64, class com::sun::star::accessibility::XAccessible * pParentXAcc = 0x093741cc, struct HWND__ * pWND = 0x000b0652)+0x130 [c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx @ 183] 05 0171eab0 61cf63b0 winaccessibility!AccTopWindowListener::AddAllListeners(class com::sun::star::accessibility::XAccessible * pAccessible = 0x09373c04, class com::sun::star::accessibility::XAccessible * pParentXAcc = 0x09373c64, struct HWND__ * pWND = 0x000b0652)+0x130 [c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx @ 183] 06 0171eaf4 61cf6529 winaccessibility!AccTopWindowListener::AddAllListeners(class com::sun::star::accessibility::XAccessible * pAccessible = 0x08d47320, class com::sun::star::accessibility::XAccessible * pParentXAcc = 0x09373c04, struct HWND__ * pWND = 0x000b0652)+0x130 [c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx @ 183] 07 0171eb38 61cf75ba winaccessibility!AccTopWindowListener::HandleWindowOpened(class com::sun::star::accessibility::XAccessible * pAccessible = 0x083998f8)+0xe9 [c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx @ 79] 08 0171eb64 63e4cebe winaccessibility!AccTopWindowListener::windowOpened(struct com::sun::star::lang::EventObject * e = 0x0171eba0)+0x6a [c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx @ 127] 09 0171ebb4 63e4e339 mergedlo!`anonymous namespace'::VCLXToolkit::callTopWindowListeners(class VclSimpleEvent * pEvent = 0x1402a090, <function> * pFn = 0x63e492a6)+0xde [c:\cygwin64\home\buildslave\source\libo-core\toolkit\source\awt\vclxtoolkit.cxx @ 1828] 0a 0171ebc4 63e4c08e mergedlo!`anonymous namespace'::VCLXToolkit::eventListenerHandler(class VclSimpleEvent * rEvent = 0x0171ec40)+0x29 [c:\cygwin64\home\buildslave\source\libo-core\toolkit\source\awt\vclxtoolkit.cxx @ 1793] 0b 0171ebd0 643d0090 mergedlo!`anonymous namespace'::VCLXToolkit::LinkStubeventListenerHandler(void * instance = 0x09f6ec08, class VclSimpleEvent * data = 0x0171ec40)+0xe [c:\cygwin64\home\buildslave\source\libo-core\toolkit\source\awt\vclxtoolkit.cxx @ 1754] 0c 0171ec10 643c80a7 mergedlo!VclEventListeners::Call(class VclSimpleEvent * rEvent = 0x0171ec40)+0xd0 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\vclevent.cxx @ 61] 0d 0171ec1c 64138d53 mergedlo!Application::ImplCallEventListeners(class VclSimpleEvent * rEvent = 0x0171ec40)+0x17 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 839] 0e 0171ec98 641b2071 mergedlo!vcl::Window::CallEventListeners(unsigned long nEvent = 0x3eb, void * pData = 0x13f44258)+0x63 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\event.cxx @ 214] 0f 0171ecac 641b3dec mergedlo!vcl::Window::ImplSetReallyVisible(void)+0x61 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\window.cxx @ 1307] 10 0171ed08 64127122 mergedlo!vcl::Window::Show(bool bVisible = true, ShowFlags nFlags = NONE (0n0))+0x3ec [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\window.cxx @ 2314] 11 0171ed40 64125e50 mergedlo!Dialog::ImplStartExecuteModal(void)+0x172 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\dialog.cxx @ 832] 12 0171ed8c 5fa2cfd3 mergedlo!Dialog::Execute(void)+0x40 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\dialog.cxx @ 896] 13 0171edf4 60ab5741 cuilo!SvxCharacterMap::Execute(void)+0x33 [c:\cygwin64\home\buildslave\source\libo-core\cui\source\dialogs\cuicharmap.cxx @ 154] 14 0171eefc 60ab7d20 swlo!SwTextShell::InsertSymbol(class SfxRequest * rReq = 0x0171f49c)+0x3c1 [c:\cygwin64\home\buildslave\source\libo-core\sw\source\uibase\shells\textsh.cxx @ 947] 15 0171f2ec 60ab5f2e swlo!SwTextShell::Execute(class SfxRequest * rReq = 0x0171f49c)+0x8e0 [c:\cygwin64\home\buildslave\source\libo-core\sw\source\uibase\shells\textsh1.cxx @ 454] 16 0171f2f8 634223a4 swlo!SfxStubSwTextShellExecute(class SfxShell * pShell = 0x0a2dc278, class SfxRequest * rReq = 0x0171f49c)+0xe [c:\cygwin64\home\buildslave\r\workdir\sditarget\sw\sdi\swslots.hxx @ 2877] 17 0171f34c 63423d08 mergedlo!SfxDispatcher::Call_Impl(class SfxShell * rShell = 0x0a2dc278, class SfxSlot * rSlot = 0x0001c800, class SfxRequest * rReq = 0x0171f49c, bool bRecord = true)+0x204 [c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\dispatch.cxx @ 376] 18 0171f380 63417af1 mergedlo!SfxDispatcher::Execute_(class SfxShell * rShell = 0x0a2dc278, class SfxSlot * rSlot = 0x60f00318, class SfxRequest * rReq = 0x0171f49c, SfxCallMode eCallMode = RECORD (0n4))+0x68 [c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\dispatch.cxx @ 944] 19 0171f3f0 63454610 mergedlo!SfxBindings::Execute_Impl(class SfxRequest * aReq = 0x0171f49c, class SfxSlot * pSlot = 0x60f00318, class SfxShell * pShell = 0x0a2dc278)+0x2b1 [c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\bindings.cxx @ 1172] 1a 0171f504 6345499a mergedlo!SfxDispatchController_Impl::dispatch(struct com::sun::star::util::URL * aURL = 0x0171f55c, class com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> * aArgs = 0x0171f5b8, class com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> * rListener = 0x0171f540)+0x720 [c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\unoctitm.cxx @ 753] 1b 0171f538 631047c8 mergedlo!SfxOfficeDispatch::dispatch(struct com::sun::star::util::URL * aURL = 0x0171f55c, class com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> * aArgs = 0x0171f5b8)+0x5a [c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\unoctitm.cxx @ 231] 1c 0171f5c8 631034de mergedlo!framework::MenuBarManager::Select(class Menu * pMenu = 0x00000001)+0x288 [c:\cygwin64\home\buildslave\source\libo-core\framework\source\uielement\menubarmanager.cxx @ 1034] 1d 0171f5d4 64158579 mergedlo!framework::MenuBarManager::LinkStubSelect(void * instance = 0x08d8f0e0, class Menu * data = 0x0a3cb1e0)+0xe [c:\cygwin64\home\buildslave\source\libo-core\framework\source\uielement\menubarmanager.cxx @ 969] 1e 0171f604 641bbf3e mergedlo!Menu::Select(void)+0x99 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\menu.cxx @ 305] 1f 0171f628 641bc486 mergedlo!ImplHandleUserEvent(struct ImplSVEvent * pSVEvent = 0x0a726cd8)+0x3e [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\winproc.cxx @ 1957] 20 0171f694 644b78aa mergedlo!ImplWindowFrameProc(class vcl::Window * _pWindow = 0x0a04cc10, SalEvent nEvent = UserEvent (0n19), void * pEvent = 0x0a726cd8)+0x3c6 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\winproc.cxx @ 2507] 21 0171f6f0 644b7ea0 mergedlo!SalFrameWndProc(struct HWND__ * hWnd = 0x000b05a4, unsigned int nMsg = 0x482, unsigned int wParam = 0, long lParam = 0n175271128, int * rDef = 0x0171f71c)+0x75a [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @ 5771] 22 0171f73c 73cfafcb mergedlo!SalFrameWndProcW(struct HWND__ * hWnd = 0x000b05a4, unsigned int nMsg = 0x482, unsigned int wParam = 0, long lParam = 0n175271128)+0x60 [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @ 5905] 23 0171f768 73cec948 user32!AddClipboardFormatListener+0x11eb 24 0171f850 73cec1c7 user32!DispatchMessageW+0xc78 25 0171f8c4 73cebce0 user32!DispatchMessageW+0x4f7 26 0171f8d0 64482144 user32!DispatchMessageW+0x10 27 0171f904 64481f9a mergedlo!ImplSalYield(bool bWait = false, bool bHandleAllCurrentEvents = false)+0x64 [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 592] 28 0171f92c 643c6dd7 mergedlo!WinSalInstance::DoYield(bool bWait = false, bool bHandleAllCurrentEvents = false, unsigned long nReleased = 0)+0xca [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 657] 29 0171f96c 63626939 mergedlo!Application::Execute(void)+0x177 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 469] 2a 0171facc 643cdb7a mergedlo!desktop::Desktop::Main(void)+0xd59 [c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx @ 1683] 2b 0171faf4 643cdf39 mergedlo!ImplSVMain(void)+0x6a [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 185] 2c 0171fb00 63640114 mergedlo!SVMain(void)+0x29 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 224] 2d 0171fc54 00ce101e mergedlo!soffice_main(void)+0x104 [c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\sofficemain.cxx @ 166] 2e 0171fca8 74368724 soffice+0x101e 2f 0171fcbc 771d83c7 kernel32!BaseThreadInitThunk+0x24 30 0171fd04 771d8397 ntdll!ApiSetQueryApiSetPresence+0xd7 31 0171fd14 00000000 ntdll!ApiSetQueryApiSetPresence+0xa7 It would seem svx::SvxShowCharSetVirtualAcc::getAccessibleChild throws an IndexOutOfBoundsException: https://github.com/LibreOffice/core/blob/libreoffice-5.3.0.3/svx/source/accessibility/charmapacc.cxx#L131 from builds on hand, bisected the LO crash on launch of Special Character dialog down to between 2015-05-10 and 2015-05-15 so between 5.0.0.0alpha1+ and 5.0.0.0beta1 Simple STR of running NVDA and creating a new Writer document. Type anything so not a blank line, and then Insert -> Special Character to launch the dialog. https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=2796bc31e90c87cee10d832a67b1fd9dcab6e51f..9d0c51daea67104349cac26de9839afa8baeb099 could still use a tighter bibisect Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=b3098d239f46c8d5965754f275bc62216dcb4f4f Related: tdf#105712 inconsistency with num of a11y children in special char It will be available in 5.4.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. There is a buggy inconsistency in the accessibility of that special character widget, it claims to have one child if there is no scrollbar, but if you request the accessibility context of child index 0 then it throws that its an invalid index which is nonsense. Perhaps that's is the root problem here. Hopefully someone can check in the next daily that has this problem if this helps out or not. Either way, its worth fixing so backports to 5-3 and 5-2 in gerrit Bibisected with repo bibisect-win32-5.0. 359460a340b464279df842b39623f542002264cc is the first bad commit commit 359460a340b464279df842b39623f542002264cc Author: Norbert Thiebaud <nthiebaud@gmail.com> Date: Thu Jun 4 11:28:59 2015 -0500 source 613ead6d876508b0da32a4511b140b7f2abdac73 # bad: [3be908b5afc41ef1d7c31ede95c5ed2c0ab8eafc] source 9d0c51daea67104349cac26de9839afa8baeb099 # good: [1c46cfe94db1d2df77490c4148334039f313ac4a] source 2796bc31e90c87cee10d832a67b1fd9dcab6e51f git bisect start '3be908b5afc41ef1d7c31ede95c5ed2c0ab8eafc' '1c46cfe94db1d2df77490c4148334039f313ac4a' # bad: [dad5ed92573521c8264f64fa805bac9b63967ab7] source 2a5ef299cecc56978dbd15fa4df8d145bae08d33 git bisect bad dad5ed92573521c8264f64fa805bac9b63967ab7 # good: [1c4b5679b05f3a5109d54666b933e6ff97132a57] source 36c2e811539cd1a32a7a6f9a71c8ec996e250b14 git bisect good 1c4b5679b05f3a5109d54666b933e6ff97132a57 # good: [d0192bdd810c2ba285212f0a70ead80a5f995d1d] source 083b54c7d198ae402e9038a930a66be818475ac3 git bisect good d0192bdd810c2ba285212f0a70ead80a5f995d1d # good: [168b1c2ab59630bb290e04123188b68ad4ed0af4] source ceac38106de4f2657e854d5e1d657d6df9321032 git bisect good 168b1c2ab59630bb290e04123188b68ad4ed0af4 # bad: [82be0f75a6789020013739d31e4b7af3568d11f1] source 49cbb78f78d6263ef73655a30c85a720f3db7027 git bisect bad 82be0f75a6789020013739d31e4b7af3568d11f1 # good: [f1fddee6660a1f9f6641b4e634bfb60c21fd6c73] source d28e29c8de39b88699765e7ea96afd5e5100dc7c git bisect good f1fddee6660a1f9f6641b4e634bfb60c21fd6c73 # bad: [a9f93aa0d7ee561b4a1e8e9d2f06c8c315e43507] source 9130c6111b79ff67d26089ce75300d818e2999e5 git bisect bad a9f93aa0d7ee561b4a1e8e9d2f06c8c315e43507 # bad: [e7f8e7150e112ed7468da6a04ff4c4216422b124] source eee24f6c5deec1a1dff30597567f6ae121d880fc git bisect bad e7f8e7150e112ed7468da6a04ff4c4216422b124 # bad: [359460a340b464279df842b39623f542002264cc] source 613ead6d876508b0da32a4511b140b7f2abdac73 git bisect bad 359460a340b464279df842b39623f542002264cc # first bad commit: [359460a340b464279df842b39623f542002264cc] source 613ead6d876508b0da32a4511b140b7f2abdac73 I bibisected it to have this information as well, and it points to the commit referenced below. Adding Cc: to Tomaž Vajngerl. https://cgit.freedesktop.org/libreoffice/core/commit/?id=613ead6d876508b0da32a4511b140b7f2abdac73 author Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> 2015-05-12 06:54:38 (GMT) committer Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> 2015-05-12 23:36:29 (GMT) "refactor SvxShowCharSet to use RenderContext" (In reply to Caolán McNamara from comment #21) > ... Hopefully someone can check in the next daily that has this > problem if this helps out or not. > > Either way, its worth fixing so backports to 5-3 and 5-2 in gerrit Thanks, that seems to have fixed the crash. Can not reproduce from Insert menu, Toolbar or the Spell check button. But curious if there is still something to adjust with the commit picked up in the bibisect. Also, shouldn't the issue in svx in accessibility and the charmapacc also have affected Orca users? =-testing-= On Windows 10 Pro 64-bit en-US with Version: 5.4.0.0.alpha0+ Build ID: 6de3688cc6bd52ce08ff8a4327e59dbbc8a5c7d4 CPU Threads: 8; OS Version: Windows 6.19; UI Render: GL; TinderBox: Win-x86@42, Branch:master, Time: 2017-02-15_23:33:50 Locale: en-US (en_US); Calc: CL Seeing as its reportedly works now I'll close this. Wrt ORCA I didn't see any similar problem there, no idea why, perhaps its just a timing thing with NVDA just requesting the child at a different point along the resize sequence than orca or the gtk ally integration catches different exceptions or something like that. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2247313b0aec80306e7f67926810cf004d5b4d1d&h=libreoffice-5-2 Related: tdf#105712 inconsistency with num of a11y children in special char It will be available in 5.2.6. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-3": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ba8ac3843790226385e55bdf222de0d3aecc281d&h=libreoffice-5-3 Related: tdf#105712 inconsistency with num of a11y children in special char It will be available in 5.3.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. I also confirm no more crash on either of my windows machines. Version: 5.4.0.0.alpha0+ Build ID: 6de3688cc6bd52ce08ff8a4327e59dbbc8a5c7d4 CPU Threads: 4; OS Version: Windows 6.1; UI Render: default; TinderBox: Win-x86@42, Branch:master, Time: 2017-02-15_23:33:50 Locale: en-US (en_US); Calc: group |