Apache OpenOffice (AOO) Bugzilla – Issue 12908
Segfault in Autopilot->Form, Resource not found with ID 1007
Last modified: 2013-07-30 02:15:02 UTC
First I get a Popup-Window with the error message: "Resource with id 1007 not found". Then a segfault: Program received signal SIGSEGV, Segmentation fault. 0x2ce293fc in SwClient::GetRegisteredIn() const (this=0x30) at ../../../inc/calbck.hxx:124 124 ../../../inc/calbck.hxx: No such file or directory. in ../../../inc/calbck.hxx Current language: auto; currently c++
And here is a backtrace ... #0 0x2ce293fc in SwClient::GetRegisteredIn() const (this=0x30) at ../../../inc/calbck.hxx:124 #1 0x2d25eefc in SwXShape::GetFrmFmt() const (this=0x0) at ../../../inc/unodraw.hxx:211 #2 0x2d257626 in SwXShape::getPropertyValue(rtl::OUString const&) (this=0x0, rPropertyName=@0x80a61c4) at /usr/ports/editors/openoffice-devel/work/oo_644_src/sw/source/core/unocore/unodraw.cxx:1160 #3 0x2b502505 in needLogicRectHack(SdrObject*) () from /usr/local/OpenOffice.org-644/program/libsvx644fi.so #4 0x2b502563 in getLogicRectHack(SdrObject*) () from /usr/local/OpenOffice.org-644/program/libsvx644fi.so #5 0x2b502929 in SvxShape::getSize() () from /usr/local/OpenOffice.org-644/program/libsvx644fi.so #6 0x2b51a41b in SvxShapeControl::getSize() () from /usr/local/OpenOffice.org-644/program/libsvx644fi.so #7 0x2c6e3e38 in Lcopy () from /usr/local/OpenOffice.org-644/program/libgcc3_uno.so #8 0x2c6e41a2 in gcc3::cpp_call(gcc3::cppu_unoInterfaceProxy*, long, _typelib_TypeDescriptionReference*, long, _typelib_MethodParameter*, void*, void**, _uno_Any**) () from /usr/local/OpenOffice.org-644/program/libgcc3_uno.so
SB->MBR: The stack trace doesn't look to enlightning to me, but I could imagine of of two scenarios: 1 "Resource not found" is always a bad sign. This means that something is missing in the .res files (in program/resources/). The resource manager crashes the program when resources are missing. (Though the stack trace doesn't fit well here.) 2 Some functions in the stack trace mention UNO, so this might be a result of #i12721#. Martin, have you re-checked this bug with #i12721# fixed?
> ------- Additional Comments From sb@openoffice.org 2003-04-01 05:47 PST ------- > SB->MBR: The stack trace doesn't look to enlightning to me, but I See better trace from OO1.02 ... in ticket 9462 > could imagine of of two scenarios: > 1 "Resource not found" is always a bad sign. This means that > something is missing in the .res files (in program/resources/). The > resource manager crashes the program when resources are missing. > (Though the stack trace doesn't fit well here.) Yeah. That's my opinion here too. > 2 Some functions in the stack trace mention UNO, so this might be a > result of #i12721#. Martin, have you re-checked this bug with > #i12721# fixed? I just noticed that a smilar crash happens in OO1.02, with good old gcc31. I even opened a call for this :( See ticket http://www.openoffice.org/project/www/issues/show_bug.cgi?id=9462 But there were no Resource missing warnings there. But the trace crashes almost at the same place. Martin
.
TM->SB: As mentioned via phone, please have a look, thanks !
SB->Martin Blapp: 1 I tried "File - AutoPilot - Form..." on a SRX644M9 Windows build, and also got a "Resource with ID = 1007 not found!" error box. After clicking OK, everything worked fine, though (no crash). So, I think the missing resource is an unrelated problem, and the crash you report in this bug is probably really the same as 9462. (The missing resource problem is a bug known to Berend Cornelius, who has already fixed it, but the fix is not yet re-integrated into SRX644.) 2 Concentrating on the crash, the two stacktraces (9462 and this bug) indeed look very similar: Class SvxShape has a member pointer SdrObject * pObj. SvxShape::getSize is called, which calls needLogicRectHack, handing in the member pObj. needLogicRectHack then calls the two virtual methods pObj->GetObjInventor and pObj->GetObjIdentifier. If pObj points to already deleted (and since re-used) memory, those virtual calls can go to anywhere (in one stacktrace, it goes to SwXShape::getPropertyValue with a null this pointer, which is further evidence that this is a broken call). So, my guess is that SvxShape's member pObj is already dead (pointing to garbage) within the call to SvxShape::getSize.
SB->Martin Blapp: The easiest way to verify my assumption (dead pObj) would be if you did the following patches and looked at the output: svx/source/svdraw/svdobj.cxx: SdrObject::SdrObject(): ... { ++ fprintf(stderr,"SdrObject %p\n",this); ... SdrObject::~SdrObject() { ++ fprintf(stderr,"~SdrObject %p\n",this); ... svx/source/unodraw/unoshape.cxx: awt::Size SAL_CALL SvxShape::getSize() throw(uno::RuntimeException) { ... if( oObj && pModel) { ++ fprintf(stderr,"SvxShape::getSize, pObj = %p\n",pObj); ...
This is all I get. These Obj. do not look dead unfortunalty. # openoffice SdrObject 0x8779400 SvxShape::getSize, pObj = 0x2ca69a78 Abort (core dumped)
And here is some gdb output ... (gdb) frame 1 #1 0x2a26c150 in SdrObject (this=0x877b000) at /usr/ports/editors/openoffice/work/oo_1.0.3_src/svx/source/svdraw/svdobj.cxx:1250 1250 fprintf(stderr,"SdrObject %p\n",this); Current language: auto; currently c++ (gdb) list 1245 pUserCall(NULL), 1246 pPlusData(NULL), 1247 nOrdNum(0), 1248 nLayerId(0) 1249 { 1250 fprintf(stderr,"SdrObject %p\n",this); 1251 1252 DBG_CTOR(SdrObject,NULL); 1253 bVirtObj =FALSE; 1254 bBoundRectDirty =TRUE; (gdb) p this $1 = (SdrObject * const) 0x877b000 (gdb) p *this $2 = {<> = {<No data fields>}, static mpEmptyItemSet = 0x0, aOutRect = {nLeft = 0, nTop = 0, nRight = -32767, nBottom = -32767}, aAnchor = {<Pair> = {nA = 0, nB = 0}, <No data fields>}, pObjList = 0x0, pPage = 0x0, pModel = 0x0, pUserCall = 0x0, pPlusData = 0x0, nOrdNum = 0, nLayerId = 0, bVirtObj = 0 '\0', bBoundRectDirty = 0 '\0', bSnapRectDirty = 0 '\0', bNetLock = 0 '\0', bInserted = 0 '\0', bGrouped = 0 '\0', bMovProt = 0 '\0', bSizProt = 0 '\0', bNoPrint = 0 '\0', bEmptyPresObj = 0 '\0', bNotPersistent = 0 '\0', bNeedColorRestore = 0 '\0', bNotVisibleAsMaster = 0 '\0', bClosedObj = 0 '\0', bWriterFlyFrame = 0 '\0', bIsEdge = 0 '\0', bIs3DObj = 0 '\0', bMarkProt = 0 '\0', bIsUnoObj = 0 '\0', bNotMasterCachable = 0 '\0', static mpGlobalItemPool = 0x0, mxUnoShape = {<WeakReferenceHelper> = {m_pImpl = 0x0}, <No data fields>}} And the next one ... (gdb) frame 1 #1 0x2a13cc3c in SvxShape::getSize() (this=0xbfbfd244) at /usr/ports/editors/openoffice/work/oo_1.0.3_src/svx/source/unodraw/unoshape.cxx:1181 1181 fprintf(stderr,"SvxShape::getSize, pObj = %p\n",pObj); (gdb) list 1176 { 1177 OGuard aGuard( Application::GetSolarMutex() ); 1178 1179 if( pObj && pModel) 1180 { 1181 fprintf(stderr,"SvxShape::getSize, pObj = %p\n",pObj); 1182 1183 Rectangle aRect( getLogicRectHack(pObj) ); 1184 Size aObjSize( aRect.GetWidth(), aRect.GetHeight() ); 1185 ForceMetricTo100th_mm(aObjSize); (gdb) p pObj warning: can't find linker symbol for virtual table for `SvxShape' value warning: found `stoc_corefl::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&)' instead $3 = (class SdrObject *) 0x2cfc6df0 (gdb) p *pObj warning: can't find linker symbol for virtual table for `SvxShape' value warning: found `stoc_corefl::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&)' instead $4 = {<> = {<No data fields>}, static mpEmptyItemSet = 0x0, aOutRect = {nLeft = -1, nTop = 742518868, nRight = 0, nBottom = 742518896}, aAnchor = {<Pair> = { nA = 742518924, nB = 742518972}, <No data fields>}, pObjList = 0x2c41f0e0, pPage = 0x2c41f108, pModel = 0x2c41f128, pUserCall = 0x2c41f140, pPlusData = 0x0, nOrdNum = 0, nLayerId = 65504, bVirtObj = 1 '\001', bBoundRectDirty = 1 '\001', bSnapRectDirty = 1 '\001', bNetLock = 1 '\001', bInserted = 1 '\001', bGrouped = 1 '\001', bMovProt = 1 '\001', bSizProt = 1 '\001', bNoPrint = 1 '\001', bEmptyPresObj = 1 '\001', bNotPersistent = 1 '\001', bNeedColorRestore = 1 '\001', bNotVisibleAsMaster = 1 '\001', bClosedObj = 1 '\001', bWriterFlyFrame = 1 '\001', bIsEdge = 1 '\001', bIs3DObj = 0 '\0', bMarkProt = 0 '\0', bIsUnoObj = 0 '\0', bNotMasterCachable = 0 '\0', static mpGlobalItemPool = 0x0, mxUnoShape = {<WeakReferenceHelper> = {m_pImpl = 0x2ca61fdc}, <No data fields>}}
<quote> # openoffice SdrObject 0x8779400 SvxShape::getSize, pObj = 0x2ca69a78 Abort (core dumped) </quote> But if the only SdrObject ever constructed is at address 0x8779400, how can an SvxShape instance have a pObj (pointing to an SdrObject instance) pointing to address 0x2ca69a78? This probably indicates that the SvxShape instance on which getSize is called is corrupted (already destoyed?). Maybe it would help to also track the constructors/destructors of SvxShape instances, and the address of the SvxShape on which getSize is called.
OpenOffice.org Issue Tracker - Feedback Request. The Issue you raised has the status 'New' pending further action, but has not been updated within the last 4 years. Please consider re-testing with one of the latest versions of OOo, as the problem(s) may have already been addressed. Either use the recent stable version: http://download.openoffice.org/index.html or consider trying the new OOo 3 BETA (still in testing): http://download.openoffice.org/3.0beta/ Please report back the outcome so this Issue may be Closed or Progressed as necessary - otherwise it may be Resolved as Invalid in the future. You may also wish to search for (and note) any duplicates of this Issue that may have advanced further by checking the Issue Tracker: http://www.openoffice.org/issues/query.cgi Many thanks, Andrew Cleaning-up and Closing old Issues as part of: ~ The Grand Bug Squash, pre v3 ~ http://marketing.openoffice.org/3.0/announcementbeta.html
Reset assignee on issues not touched by assignee in more than 2000 days.