Bug 12871

Summary: Segfault at dl-lookup.c:98 when opening a presentation with libreoffice
Product: glibc Reporter: Octoploid <cryptooctoploid>
Component: dynamic-linkAssignee: Ulrich Drepper <drepper.fsp>
Status: RESOLVED DUPLICATE    
Severity: normal CC: carlos_odonell, j
Priority: P2 Keywords: glibc_2.15
Version: 2.15Flags: fweimer: security-
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: unmangled gdb output
Mike Frysinger's patch
Updated patch

Description Octoploid 2011-06-10 05:24:50 UTC 
Created attachment 5784 [details]
unmangled gdb output

Just run into the following segfault. This happens when I try to open:
http://www.math.upenn.edu/StringMath2011/notes/Vafa_StringMath2011_public.ppt
with libreoffice-3.3.2.

Jun 10 06:29:47 x4 kernel: soffice.bin[2025]: segfault at 28 ip 00007f0f1170edcd sp 00007fffdbe41df0 error 4 in ld-2.14.so[7f0f11706000+1f000]

% gdb /usr/lib/libreoffice/program/soffice.bin
GNU gdb (GDB) 7.2.50.20110217-cvs
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/libreoffice/program/soffice.bin...(no debugging symbols found)...done.
(gdb) run -impress Vafa_StringMath2011_public.ppt
Starting program: /usr/lib/libreoffice/program/soffice.bin -impress Vafa_StringMath2011_public.ppt
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff33d3700 (LWP 2160)]
[New Thread 0x7fffed63e700 (LWP 2173)]
[New Thread 0x7fffece3d700 (LWP 2174)]
[New Thread 0x7fffebb09700 (LWP 2179)]
[New Thread 0x7fffe8854700 (LWP 2202)]
[Thread 0x7fffed63e700 (LWP 2173) exited]
[New Thread 0x7fffed63e700 (LWP 2218)]
[Thread 0x7fffed63e700 (LWP 2218) exited]
[Thread 0x7fffe8854700 (LWP 2202) exited]
[New Thread 0x7fffe8854700 (LWP 2229)]

Program received signal SIGSEGV, Segmentation fault.
do_lookup_x (new_hash=1970759491, old_hash=0x7fffffff92d0, result=0x7fffffff92e0, scope=Unhandled dwarf expression opcode 0xf3
) at dl-lookup.c:98
98            const struct link_map *map = list[i]->l_real;
(gdb) bt
#0  do_lookup_x (new_hash=1970759491, old_hash=0x7fffffff92d0, result=0x7fffffff92e0, scope=Unhandled dwarf expression opcode 0xf3
) at dl-lookup.c:98
#1  0x00007ffff7de7804 in _dl_lookup_symbol_x (undef_name=0x19af348 "component_getImplementationEnvironmentExt", undef_map=0x7ffff7e02a40,
    ref=0x7fffffff93e8, symbol_scope=0x7ffff7e02dc8, version=0x0, type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:739
#2  0x00007ffff75f56fc in do_sym (handle=0x7ffff7e02a40, name=0x19af348 "component_getImplementationEnvironmentExt", who=0x7ffff7e3479b, vers=0x0,
    flags=2) at dl-sym.c:177
#3  0x00007ffff72e9014 in dlsym_doit (a=0x7fffffff9600) at dlsym.c:51
#4  0x00007ffff7deb9a3 in _dl_catch_error (objname=0x408bc0, errstring=0x408bc8, mallocedp=0x408bb8, operate=0x7ffff72e9000 <dlsym_doit>,
    args=0x7fffffff9600) at dl-error.c:178
#5  0x00007ffff72e94ac in _dlerror_run (operate=0x7ffff72e9000 <dlsym_doit>, args=0x7fffffff9600) at dlerror.c:164
#6  0x00007ffff72e906a in __dlsym (handle=Unhandled dwarf expression opcode 0xf3
) at dlsym.c:71
#7  0x00007ffff7e3479b in osl_getFunctionSymbol () from /usr/lib/libreoffice/program/../basis-link/ure-link/lib/libuno_sal.so.3
#8  0x00007ffff6eef98f in ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
#9  0x00007ffff6ef1624 in cppu::loadSharedLibComponentFactory(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory> const&, com::sun::star::uno::Reference<com::sun::star::registry::XRegistryKey> const&) ()
   from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
#10 0x00007fffee5e5b25 in ?? () from /usr/lib/libreoffice/ure/lib/bootstrap.uno.so
#11 0x00007ffff6ed979c in ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
#12 0x00007ffff6eda375 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
#13 0x00007ffff6ed784a in ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
#14 0x00007ffff6ed8ea9 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3
#15 0x00007fffee5c0e2d in ?? () from /usr/lib/libreoffice/ure/lib/bootstrap.uno.so
#16 0x00007fffee5bd674 in ?? () from /usr/lib/libreoffice/ure/lib/bootstrap.uno.so
#17 0x00007ffff5995735 in Graphic::GetXGraphic() const () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#18 0x00007ffff59990d6 in Image::GetXGraphic() const () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#19 0x00007fffec19a565 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#20 0x00007fffec218a73 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#21 0x00007fffec288789 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#22 0x00007fffec290e90 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#23 0x00007fffec29785d in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#24 0x00007fffec1f679f in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#25 0x00007fffec297e25 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#26 0x00007fffec2b0846 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#27 0x00007fffec1c187a in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#28 0x00007fffec1dd1c5 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#29 0x00007fffec1d5f98 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#30 0x00007ffff6b0e2f5 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#31 0x00007ffff6b0e681 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#32 0x00007ffff6c63eeb in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#33 0x00007ffff6c4ebec in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#34 0x00007ffff6c4ffe4 in SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) ()
   from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#35 0x00007ffff6c2515f in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#36 0x00007ffff6c26921 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsfxlx.so
#37 0x00007fffec1f049d in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#38 0x00007fffec1f23a0 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#39 0x00007fffec1e7f70 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#40 0x00007fffec1e84b8 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libfwklx.so
#41 0x00007ffff702db15 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
   from /usr/lib/libreoffice/program/../basis-link/program/libcomphelp4gcc3.so
#42 0x00007ffff7da0d33 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsofficeapp.so
#43 0x00007ffff7dadfc4 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsofficeapp.so
#44 0x00007ffff7d889e2 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsofficeapp.so
#45 0x00007ffff7d8a260 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsofficeapp.so
#46 0x00007ffff5b53930 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#47 0x00007ffff1cb66ea in SalDisplay::DispatchInternalEvent() () from /usr/lib/libreoffice/basis3.3/program/libvclplug_genlx.so
#48 0x00007ffff2b7f04f in ?? () from /usr/lib/libreoffice/basis3.3/program/libvclplug_gtklx.so
#49 0x00007ffff1d3fd61 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#50 0x00007ffff1d405d0 in ?? () from /usr/lib/libglib-2.0.so.0
#51 0x00007ffff1d4083b in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#52 0x00007ffff2b7cd15 in ?? () from /usr/lib/libreoffice/basis3.3/program/libvclplug_gtklx.so
#53 0x00007ffff595e3a0 in Application::Yield(bool) () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#54 0x00007ffff595e467 in Application::Execute() () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#55 0x00007ffff7d8ba1f in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libsofficeapp.so
#56 0x00007ffff5964c41 in ?? () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#57 0x00007ffff5964ce5 in SVMain() () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so
#58 0x00007ffff7db102e in soffice_main () from /usr/lib/libreoffice/program/../basis-link/program/libsofficeapp.so
#59 0x0000000000400eeb in main ()
(gdb)
Comment 1 Octoploid 2011-06-10 12:53:21 UTC 
Created attachment 5785 [details]
Mike Frysinger's patch

OK. I've read the mailinglist and have found the patch
by Mike Frysinger. It fixes the problem for me.
Comment 2 Octoploid 2011-10-21 12:58:07 UTC 
Ping. 
This bug is still present in todays glibc. 
Can someone please aplly Mike's patch?

Thanks.
Comment 3 Octoploid 2011-10-21 13:00:50 UTC 
Created attachment 6024 [details]
Updated patch
Comment 4 Carlos O'Donell 2012-04-21 20:36:58 UTC 
I've already done the analysis of this bug and we're going to use 13579 to track the issue. I've added the glibc_2.15 tag to 13579.

*** This bug has been marked as a duplicate of bug 13579 ***