Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1353199 - [abrt] libreoffice-core: g_pointer_bit_lock(): soffice.bin killed by SIGSEGV - Infinite recursion in GTK3 clipboard handling
Summary: [abrt] libreoffice-core: g_pointer_bit_lock(): soffice.bin killed by SIGSEGV ...
Keywords:
Status: CLOSED DUPLICATE of bug 1352965
Alias: None
Product: Fedora
Classification: Fedora
Component: libreoffice
Version: 24
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:43b972b64616b7de1e3782c1cce...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-06 13:42 UTC by Tomáš Trnka
Modified: 2016-07-06 19:41 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-06 19:41:16 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (60.04 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: cgroup (242 bytes, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: core_backtrace (85.72 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: dso_list (28.47 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: environ (1.96 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: exploitable (95 bytes, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: limits (1.29 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: maps (124.05 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: mountinfo (3.08 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: namespaces (102 bytes, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: open_fds (3.54 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: proc_pid_status (1.11 KB, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
File: var_log_messages (322 bytes, text/plain)
2016-07-06 13:42 UTC, Tomáš Trnka 		no flags Details
View All

Description Tomáš Trnka 2016-07-06 13:42:17 UTC 
Description of problem:
There is a recursion cycle in the GTK3 clipboard handling code:

VclToGtkHelper::setSelectionData -> GtkClipboardTransferable::getTransferData -> gtk_clipboard_wait_for_text -> VclToGtkHelper::setSelectionData

This leads to infinite recursion and a crash due to stack exhaustion.

I can reproduce it every time:
1. Open new Calc spreadsheet
2. Add a new sheet
3. On Sheet1, fill cells A1:E10 with numbers (using autofill)
4. Select cells A2:E3 (using mouse) and press Ctrl-X to cut
5. Switch to Sheet2 by clicking its tab handle at the bottom
6. Crash!

Version-Release number of selected component:
libreoffice-core-5.1.4.2-4.fc24

Additional info:
reporter:       libreport-2.7.1
backtrace_rating: 4
cmdline:        /usr/lib64/libreoffice/program/soffice.bin --calc '/home/tootea/Sta\xc5\xbeen\xc3\xa9/Vyvoj_hodnoty_fond\xc5\xaf_2.xls'
crash_function: g_pointer_bit_lock
executable:     /usr/lib64/libreoffice/program/soffice.bin
global_pid:     4866
kernel:         4.6.3-300.fc24.x86_64
pkg_fingerprint: 73BD E983 81B4 6521
pkg_vendor:     Fedora Project
reproducible:   The problem occurs regularly
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 g_pointer_bit_lock at gbitlock.c:402
 #1 g_datalist_lock at gdataset.c:209
 #2 g_datalist_id_dup_data at gdataset.c:852
 #3 g_datalist_id_get_data at gdataset.c:798
 #4 g_object_notify_queue_freeze at gobject.c:232
 #5 g_object_init at gobject.c:975
 #6 g_type_create_instance at gtype.c:1869
 #7 g_object_new_internal at gobject.c:1781
 #10 _gdk_display_create_window at gdkdisplay.c:2190
 #11 gdk_window_new at gdkwindow.c:1317
Comment 1 Tomáš Trnka 2016-07-06 13:42:23 UTC 
Created attachment 1176901 [details]
File: backtrace
Comment 2 Tomáš Trnka 2016-07-06 13:42:25 UTC 
Created attachment 1176902 [details]
File: cgroup
Comment 3 Tomáš Trnka 2016-07-06 13:42:27 UTC 
Created attachment 1176903 [details]
File: core_backtrace
Comment 4 Tomáš Trnka 2016-07-06 13:42:29 UTC 
Created attachment 1176904 [details]
File: dso_list
Comment 5 Tomáš Trnka 2016-07-06 13:42:31 UTC 
Created attachment 1176905 [details]
File: environ
Comment 6 Tomáš Trnka 2016-07-06 13:42:32 UTC 
Created attachment 1176906 [details]
File: exploitable
Comment 7 Tomáš Trnka 2016-07-06 13:42:34 UTC 
Created attachment 1176907 [details]
File: limits
Comment 8 Tomáš Trnka 2016-07-06 13:42:37 UTC 
Created attachment 1176908 [details]
File: maps
Comment 9 Tomáš Trnka 2016-07-06 13:42:38 UTC 
Created attachment 1176909 [details]
File: mountinfo
Comment 10 Tomáš Trnka 2016-07-06 13:42:40 UTC 
Created attachment 1176910 [details]
File: namespaces
Comment 11 Tomáš Trnka 2016-07-06 13:42:42 UTC 
Created attachment 1176911 [details]
File: open_fds
Comment 12 Tomáš Trnka 2016-07-06 13:42:44 UTC 
Created attachment 1176912 [details]
File: proc_pid_status
Comment 13 Tomáš Trnka 2016-07-06 13:42:45 UTC 
Created attachment 1176913 [details]
File: var_log_messages
Comment 14 Caolan McNamara 2016-07-06 15:22:56 UTC 
wayland or X ?
Comment 15 Tomáš Trnka 2016-07-06 18:50:33 UTC 
X (KDE Plasma)
Comment 16 Caolan McNamara 2016-07-06 19:41:16 UTC 

*** This bug has been marked as a duplicate of bug 1352965 ***
Note You need to log in before you can comment on or make changes to this bug.