-
Notifications
You must be signed in to change notification settings - Fork 654
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segmentation faults when using shapes with automated user Debug Tools #9352
Comments
Great catch. If you've built yourself; did you build with debugging symbols - and can you walk back through your stack-trace with: addr2line -e + /usr/src/instdir/program/libmergedlo.so 0x7f117359d782 etc. - up the stack-trace; sadly it's not so easy to do stack unwinding and symbol resolution reliably in the signal handler where the trace is dumped, and source file offsets are very dependent on compiler version & options. |
With a self-build here: Writer: survives minutes with no problems. |
Eventually got it: |
in frame #10 SdrObjEditView::SdrEndTextEdit(bool) (this=0x55e75135ace0, bDontDeleteReally=) at svx/source/svdraw/svdedxv.cxx:1798 (gdb) p pTECursorBuffer Quite why we duplicate the member pointer into a local variable and then use it later is not clear to me at a glance. Interesting that dates back to the 1st checkin in 2000 when it was:
I guess new tests find old problems :-) Potentially a reference counted type would help here. |
Thanks for the investigation. I will try and recompile with debug symbols enabled and use The file you were referencing with the addr2line command is part of this file:
And I think that's not build with symbols? Just to set expectations, I have no experience writing C++ or debugging it so I may need elementary school level instructions to help you. |
It's fine - I have the trace now :-) The hope was that:
would fix it. But it seems it's a tougher nut. Perhaps @quikee has some ideas - but we prolly need to run this under ASAN or do a chunk more code-reading & analysis it seems. |
==25265==ERROR: AddressSanitizer: heap-use-after-free on address 0x606026819b74 at pc 0x7f4c66961cd2 bp 0x7ffd4b931eb0 sp 0x7ffd4b931ea8 @timar staging has a terrible number of context frames configured in ASAN for allocations & frees - can we bump that up to at least 10 frames ? what we have here is not that helpful. |
Describe the Bug
This issue originates from this forum thread
During our investigation on our Staging/Acceptance environment for another stability issue, we found out we can reproducibly crash coolwsd with a segmentation fault, when we run the automated typer with two simultaneous users in the same document.
Per instruction on the forum thread, I've tried to collect information with gdb (see attachments). Please note that I'm inexperienced with gdb and may require additional guidance to collect the information you need to troubleshoot this issue.
Steps to Reproduce
Expected Behavior
No crash / segmentation faults.
Actual Behavior
As the second user enables the automated user and the 'insert and delete shape' option in the debug tools, it takes mere seconds to 'crash' coolwsd / cooforkit.
Attachments
make-run-output.txt.zip
coolwsd-SIGSEGV-snippet.txt
coolwsd-gdb-trace.txt
Desktop
This issue is also confirmed on ubuntu 22.04 with .deb from collabora mirror: 24.04.4-1
The text was updated successfully, but these errors were encountered: