Created attachment 121948 [details] Patch to fix the data races We saw SEGVs in case a an object dies due to its refcount reaching 0, while at the same in other thread the WeakReference referencing this object also gets destructed. We traced it down due to data races in weak.cxx a) OWeakObject::disposeWeakConnectionPoint(): needs to take the weak mutex before really accessing m_pWeakConnectionPoint member, because m_pWeakConnectionPoint member might have been written by another thread some time before (ie. assignment of WeakReference in another thread than destruction) b) WeakReferenceHelper::clear(): also needs to take the weak mutex before accessing m_pImpl->m_XWeakConnectionPoint for the same reasons c) OWeakConnectionPoint::dispose(): needs to clear m_pObject member so to ensure that OWeakConnectionPoint::queryAdapted() doesn't try to increment the ref count after it has been disposed. The attached patch resolves our SEGVs.
4.X versions are EOL (see https://wiki.documentfoundation.org/ReleasePlan), could you give a try to a newer LO version (5.0.4 is last stable one)?
The attached patch applies to libreoffice-5.0.3.1 with some fuzz but without rejections, so I assume the data races also occur in the current release.
Thank you Straub for your feedback. Since I don't have question and can't help here, I'll put this one back to UNCONFIRMED and uncc myself.
Please submit your patch to gerrit: https://wiki.documentfoundation.org/Development/gerrit/setup Patches are not collected from Bugzilla.
Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping-20170131
Dear Bug Submitter, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-20170301