Summary: | VALGRIND corruption ( and sometimes coredump ) | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Noel Power <nopower> |
Component: | Calc | Assignee: | Noel Power <nopower> |
Status: | RESOLVED FIXED | ||
Severity: | critical | ||
Priority: | medium | ||
Version: | 3.5.0 release | ||
Hardware: | Other | ||
OS: | All | ||
Whiteboard: | target:3.6.0 target:3.5.1 | ||
Crash report or crash signature: | Regression By: | ||
Bug Depends on: | |||
Bug Blocks: | 37361 | ||
Attachments: | test document |
Description
Noel Power
2012-02-24 04:05:28 UTC
Created attachment 57583 [details]
test document
this document demonstrates the problem, however it doesn't show exactly the same valgrind trace as above. The document I was using when I was investigating this is a customer document ( I don't think it is confidential but I am not sure ) but.. actually what prompted me to create a new test document was that it took valgrind about 15 mins to load it. In anycase the valgrind trace happens when you open 'Insert|Names|Manage Names' ( and not when clicking on the entries ) This is maybe due to the number or spread of the types of name references in this document vrs the other one. Note: the customer document had hundreds of name references, additionally the customer document is an xlsm one so maybe how the data is populated goes through a different path or something ( honestly I don't know ) The new valgrind trace is below and although not the same it clearly points to the same problem
==27707== Invalid read of size 2
==27707== at 0x217703E0: ScRangeData::HasType(unsigned short) const (rangenam.hxx:175)
==27707== by 0x2176E15B: ScNameDlg::UpdateChecks(ScRangeData*) (namedlg.cxx:273)
==27707== by 0x2176E8FD: ScNameDlg::ShowOptions(ScRangeNameLine const&) (namedlg.cxx:337)
==27707== by 0x2176F4E2: ScNameDlg::SelectionChanged() (namedlg.cxx:470)
==27707== by 0x2176DB9E: ScNameDlg::Init() (namedlg.cxx:185)
==27707== by 0x2176CD3A: ScNameDlg::ScNameDlg(SfxBindings*, SfxChildWindow*, Window*, ScViewData*, ScAddress const&, boost::ptr_map<rtl::OUString, ScRangeName, std::less<rtl::OUString>, boost::heap_clone_allocator, std::allocator<std::pair<rtl::OUString const, void*> > >*) (namedlg.cxx:129)
==27707== by 0x2198D651: ScTabViewShell::CreateRefDialog(SfxBindings*, SfxChildWindow*, SfxChildWinInfo*, Window*, unsigned short) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2195F17D: ScNameDlgWrapper::ScNameDlgWrapper(Window*, unsigned short, SfxBindings*, SfxChildWinInfo*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2195F27A: ScNameDlgWrapper::CreateImpl(Window*, unsigned short, SfxBindings*, SfxChildWinInfo*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x701CD77: SfxChildWindow::CreateChildWindow(unsigned short, Window*, SfxBindings*, SfxChildWinInfo&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== by 0x7064BB8: ??? (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== by 0x7065CE6: ??? (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== Address 0x290c27b0 is 32 bytes inside a block of size 64 free'd
==27707== at 0x4C2562E: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==27707== by 0x2151B387: ScRangeName::erase(boost::ptr_map_iterator<std::_Rb_tree_iterator<std::pair<rtl::OUString const, void*> >, rtl::OUString, ScRangeData* const> const&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2151CC64: ScRangeName::erase(rtl::OUString const&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2176EF00: ScNameDlg::NameModified() (namedlg.cxx:418)
==27707== by 0x2176FADD: ScNameDlg::EdModifyHdl(void*) (namedlg.cxx:560)
==27707== by 0x2176FABE: ScNameDlg::LinkStubEdModifyHdl(void*, void*) (namedlg.cxx:558)
==27707== by 0x91BB2AD: Control::ImplCallEventListenersAndHandler(unsigned long, Link const&, void*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libvcllo.so)
==27707== by 0x2177032C: CheckBox::Check(unsigned char) (button.hxx:489)
==27707== by 0x2176E14A: ScNameDlg::UpdateChecks(ScRangeData*) (namedlg.cxx:272)
==27707== by 0x2176E8FD: ScNameDlg::ShowOptions(ScRangeNameLine const&) (namedlg.cxx:337)
==27707== by 0x2176F4E2: ScNameDlg::SelectionChanged() (namedlg.cxx:470)
==27707== by 0x2176DB9E: ScNameDlg::Init() (namedlg.cxx:185)
==27707==
==27707== Invalid read of size 2
==27707== at 0x217703E0: ScRangeData::HasType(unsigned short) const (rangenam.hxx:175)
==27707== by 0x2176E184: ScNameDlg::UpdateChecks(ScRangeData*) (namedlg.cxx:274)
==27707== by 0x2176E8FD: ScNameDlg::ShowOptions(ScRangeNameLine const&) (namedlg.cxx:337)
==27707== by 0x2176F4E2: ScNameDlg::SelectionChanged() (namedlg.cxx:470)
==27707== by 0x2176DB9E: ScNameDlg::Init() (namedlg.cxx:185)
==27707== by 0x2176CD3A: ScNameDlg::ScNameDlg(SfxBindings*, SfxChildWindow*, Window*, ScViewData*, ScAddress const&, boost::ptr_map<rtl::OUString, ScRangeName, std::less<rtl::OUString>, boost::heap_clone_allocator, std::allocator<std::pair<rtl::OUString const, void*> > >*) (namedlg.cxx:129)
==27707== by 0x2198D651: ScTabViewShell::CreateRefDialog(SfxBindings*, SfxChildWindow*, SfxChildWinInfo*, Window*, unsigned short) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2195F17D: ScNameDlgWrapper::ScNameDlgWrapper(Window*, unsigned short, SfxBindings*, SfxChildWinInfo*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2195F27A: ScNameDlgWrapper::CreateImpl(Window*, unsigned short, SfxBindings*, SfxChildWinInfo*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x701CD77: SfxChildWindow::CreateChildWindow(unsigned short, Window*, SfxBindings*, SfxChildWinInfo&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== by 0x7064BB8: ??? (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== by 0x7065CE6: ??? (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== Address 0x290c27b0 is 32 bytes inside a block of size 64 free'd
==27707== at 0x4C2562E: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==27707== by 0x2151B387: ScRangeName::erase(boost::ptr_map_iterator<std::_Rb_tree_iterator<std::pair<rtl::OUString const, void*> >, rtl::OUString, ScRangeData* const> const&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2151CC64: ScRangeName::erase(rtl::OUString const&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2176EF00: ScNameDlg::NameModified() (namedlg.cxx:418)
==27707== by 0x2176FADD: ScNameDlg::EdModifyHdl(void*) (namedlg.cxx:560)
==27707== by 0x2176FABE: ScNameDlg::LinkStubEdModifyHdl(void*, void*) (namedlg.cxx:558)
==27707== by 0x91BB2AD: Control::ImplCallEventListenersAndHandler(unsigned long, Link const&, void*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libvcllo.so)
==27707== by 0x2177032C: CheckBox::Check(unsigned char) (button.hxx:489)
==27707== by 0x2176E14A: ScNameDlg::UpdateChecks(ScRangeData*) (namedlg.cxx:272)
==27707== by 0x2176E8FD: ScNameDlg::ShowOptions(ScRangeNameLine const&) (namedlg.cxx:337)
==27707== by 0x2176F4E2: ScNameDlg::SelectionChanged() (namedlg.cxx:470)
==27707== by 0x2176DB9E: ScNameDlg::Init() (namedlg.cxx:185)
==27707==
==27707== Invalid read of size 2
==27707== at 0x217703E0: ScRangeData::HasType(unsigned short) const (rangenam.hxx:175)
==27707== by 0x2176E1AD: ScNameDlg::UpdateChecks(ScRangeData*) (namedlg.cxx:275)
==27707== by 0x2176E8FD: ScNameDlg::ShowOptions(ScRangeNameLine const&) (namedlg.cxx:337)
==27707== by 0x2176F4E2: ScNameDlg::SelectionChanged() (namedlg.cxx:470)
==27707== by 0x2176DB9E: ScNameDlg::Init() (namedlg.cxx:185)
==27707== by 0x2176CD3A: ScNameDlg::ScNameDlg(SfxBindings*, SfxChildWindow*, Window*, ScViewData*, ScAddress const&, boost::ptr_map<rtl::OUString, ScRangeName, std::less<rtl::OUString>, boost::heap_clone_allocator, std::allocator<std::pair<rtl::OUString const, void*> > >*) (namedlg.cxx:129)
==27707== by 0x2198D651: ScTabViewShell::CreateRefDialog(SfxBindings*, SfxChildWindow*, SfxChildWinInfo*, Window*, unsigned short) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2195F17D: ScNameDlgWrapper::ScNameDlgWrapper(Window*, unsigned short, SfxBindings*, SfxChildWinInfo*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2195F27A: ScNameDlgWrapper::CreateImpl(Window*, unsigned short, SfxBindings*, SfxChildWinInfo*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x701CD77: SfxChildWindow::CreateChildWindow(unsigned short, Window*, SfxBindings*, SfxChildWinInfo&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== by 0x7064BB8: ??? (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== by 0x7065CE6: ??? (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsfxlo.so)
==27707== Address 0x290c27b0 is 32 bytes inside a block of size 64 free'd
==27707== at 0x4C2562E: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==27707== by 0x2151B387: ScRangeName::erase(boost::ptr_map_iterator<std::_Rb_tree_iterator<std::pair<rtl::OUString const, void*> >, rtl::OUString, ScRangeData* const> const&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2151CC64: ScRangeName::erase(rtl::OUString const&) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libsclo.so)
==27707== by 0x2176EF00: ScNameDlg::NameModified() (namedlg.cxx:418)
==27707== by 0x2176FADD: ScNameDlg::EdModifyHdl(void*) (namedlg.cxx:560)
==27707== by 0x2176FABE: ScNameDlg::LinkStubEdModifyHdl(void*, void*) (namedlg.cxx:558)
==27707== by 0x91BB2AD: Control::ImplCallEventListenersAndHandler(unsigned long, Link const&, void*) (in /media/FreeAgent-3/LibreOffice-onegit/core/solver/unxlngx6.pro/lib/libvcllo.so)
==27707== by 0x2177032C: CheckBox::Check(unsigned char) (button.hxx:489)
==27707== by 0x2176E14A: ScNameDlg::UpdateChecks(ScRangeData*) (namedlg.cxx:272)
==27707== by 0x2176E8FD: ScNameDlg::ShowOptions(ScRangeNameLine const&) (namedlg.cxx:337)
==27707== by 0x2176F4E2: ScNameDlg::SelectionChanged() (namedlg.cxx:470)
==27707== by 0x2176DB9E: ScNameDlg::Init() (namedlg.cxx:185)
==27707==
I can't reproduce the core 3.4 not sure whether to call this a regression as the 'Manage Names' dialog doesn't exist ( but one with similar functionality 'Define Names' does ) Noel Power committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=22871f1af3be444e747f7adaad5221b9c8b0bebf fix core when clicking on entries in Manage Names dialog in calc fdo#46568 Noel Power committed a patch related to this issue. It has been pushed to "libreoffice-3-5": http://cgit.freedesktop.org/libreoffice/core/commit/?id=393bd0eebe09230ef90c5b343c93338526f3f4b7&g=libreoffice-3-5 fix core when clicking on entries in Manage Names dialog in calc fdo#46568 It will be available in LibreOffice 3.5.2. Noel Power committed a patch related to this issue. It has been pushed to "libreoffice-3-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=da7235196c138eed21065c94e2a855d6c3f217e0&g=libreoffice-3-5-1 fix core when clicking on entries in Manage Names dialog in calc fdo#46568 It will be available already in LibreOffice 3.5.1. marking as resolved |