Captured by running OpenOffice1.1beta1 under valgrind, and loading FR0453p.doc. As soon as the document finished loading we got this error, much earlier than without valgrind (where you have to then click on the first page, do Format/Arrange/send-to-back, and edit/undo, before you see a crash). ==8258== Invalid memory access of size 2 ==8258== at 0x41020329: (within /usr/X11R6/lib/libX11.so.6.2) ==8258== by 0x4101F934: (within /usr/X11R6/lib/libX11.so.6.2) ==8258== by 0x4102043A: XSubtractRegion (in /usr/X11R6/lib/libX11.so.6.2) ==8258== by 0x4102049B: XXorRegion (in /usr/X11R6/lib/libX11.so.6.2) ==8258== Address 0x46B5B1B4 is 0 bytes after a block of size 16 alloc'd ==8258== at 0x40150F59: realloc (vg_clientfuncs.c:276) ==8258== by 0x4101A78A: (within /usr/X11R6/lib/libX11.so.6.2) ==8258== by 0x4101AEB7: XPolygonRegion (in /usr/X11R6/lib/libX11.so.6.2) ==8258== by 0x40590A17: SalGraphics::DrawPolyPolygon(unsigned long, unsigned long const*, SalPoint const**, OutputDevice const*) (in /home/dank/opt/OpenOffice.org1.1Beta/program/libvcl644li.so) ==8258== (gdb) #0 vg_do_syscall3 (syscallno=8193, arg1=8196, arg2=1186458872, arg3=192) at vg_mylibc.c:92 #1 0x00002055 in ?? () at eval.c:41 #2 0x41020329 in XUnionRegion () at eval.c:41 #3 0x4101f935 in XIntersectRegion () at eval.c:41 #4 0x4102043b in XSubtractRegion () at eval.c:41 #5 0x4102049c in XXorRegion () at eval.c:41 #6 0x40590a45 in SalGraphics::DrawPolyPolygon(unsigned long, unsigned long const*, SalPoint const**, OutputDevice const*) () at eval.c:41 #7 0x404c56a9 in SalGraphicsLayout::DrawPolyPolygon(unsigned long, unsigned long const*, SalPoint const**, OutputDevice const*) () at eval.c:41 #8 0x40472a94 in OutputDevice::ImplDrawPolyPolygon(unsigned short, PolyPolygon const&) () at eval.c:41 #9 0x40476403 in OutputDevice::DrawPolyPolygon(PolyPolygon const&) () at eval.c:41 #10 0x4045e9e1 in MetaPolyPolygonAction::Execute(OutputDevice*) () at eval.c:41 #11 0x4043981f in GDIMetaFile::Play(OutputDevice*, unsigned long) () at eval.c:41 #12 0x40439a53 in GDIMetaFile::Play(OutputDevice*, Point const&, Size const&, unsigned long) () at eval.c:41 #13 0x457e91ec in GraphicManager::ImplDraw(OutputDevice*, Point const&, Size const&, GDIMetaFile const&, GraphicAttr const&) () from /opt/OpenOffice.org1.1Beta/program/libgo644li.so #14 0x457e4a6e in GraphicManager::ImplCreateOutput(OutputDevice*, Point const&, Size const&, GDIMetaFile const&, GraphicAttr const&, unsigned long, GDIMetaFile*) () from /opt/OpenOffice.org1.1Beta/program/libgo644li.so #15 0x457e3a22 in GraphicManager::ImplDraw(OutputDevice*, Point const&, Size const&, GraphicObject&, GraphicAttr const&, unsigned long, unsigned char&) () from /opt/OpenOffice.org1.1Beta/program/libgo644li.so #16 0x457e3704 in GraphicManager::DrawObj(OutputDevice*, Point const&, Size const&, GraphicObject&, GraphicAttr const&, unsigned long, unsigned char&) () from /opt/OpenOffice.org1.1Beta/program/libgo644li.so #17 0x457e21d8 in GraphicObject::Draw(OutputDevice*, Point const&, Size const&, GraphicAttr const*, unsigned long) () from /opt/OpenOffice.org1.1Beta/program/libgo644li.so #18 0x4868711f in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #19 0x48685dfb in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #20 0x4859efd5 in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #21 0x4859fbbf in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #22 0x485003a0 in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #23 0x484737fc in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #24 0x484736fd in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #25 0x4527068f in SdrObjList::Paint(ExtOutputDevice&, SdrPaintInfoRec const&, int, unsigned short) const () from /opt/OpenOffice.org1.1Beta/program/libsvx644li.so #26 0x4526ff36 in SdrObjList::Paint(ExtOutputDevice&, SdrPaintInfoRec const&, int) const () from /opt/OpenOffice.org1.1Beta/program/libsvx644li.so #27 0x4527c905 in SdrPageView::RedrawOneLayer(unsigned char, Rectangle const&, OutputDevice*, unsigned short, Link const*) const () from /opt/OpenOffice.org1.1Beta/program/libsvx644li.so #28 0x48473666 in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #29 0x4859e553 in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #30 0x48478451 in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #31 0x484524bd in cppu::WeakImplHelper1::s_cd () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #32 0x489a8744 in CreateObjSwDocShellDll () from /opt/OpenOffice.org1.1Beta/program/libsw644li.so #33 0x4051633a in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #34 0x40516408 in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #35 0x40516408 in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #36 0x40516408 in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #37 0x40516408 in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #38 0x40516408 in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #39 0x40516408 in Window::ImplCallPaint(Region const*, unsigned short) () at eval.c:41 #40 0x4051651c in Window::ImplCallOverlapPaint() () at eval.c:41 #41 0x405165c7 in Window::ImplHandlePaintHdl(void*) () at eval.c:41 #42 0x4051658d in Window::LinkStubImplHandlePaintHdl(void*, void*) () at eval.c:41 #43 0x4040b6bc in Timer::Timeout() () at eval.c:41 #44 0x4040b3c0 in ImplTimerCallbackProc() () at eval.c:41 #45 0x405ab5e2 in SalData::Timeout() const () at eval.c:41 #46 0x405aafcf in SalXLib::CheckTimeout(bool) () at eval.c:41 #47 0x405ab41a in SalXLib::Yield(unsigned char) () at eval.c:41 #48 0x405b40ec in SalInstance::Yield(unsigned char) () at eval.c:41 #49 0x40405ae3 in Application::Yield() () at eval.c:41 #50 0x404059e5 in Application::Execute() () at eval.c:41 #51 0x08064e87 in desktop::Desktop::Main() () at eval.c:41 #52 0x4040a767 in SVMain() () at eval.c:41 #53 0x405aa01a in main () at eval.c:41 #54 0x412645d7 in __libc_start_main () from /lib/libc.so.6