[New LWP 2715524] [New LWP 2715891] [New LWP 2715725] [New LWP 2720559] [New LWP 2763087] [New LWP 2715892] [New LWP 2715728] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/home/buildslave/build/instdir/program/soffice.bin -env:UserInstallation=file:/'. Program terminated with signal SIGABRT, Aborted. #0 0x00007efcfebb9ebc in ?? () from /lib/x86_64-linux-gnu/libc.so.6 [Current thread is 1 (Thread 0x7efcf8552e00 (LWP 2715524))] Thread 7 (Thread 0x7efcef5026c0 (LWP 2715728)): #0 0x00007efcfec3969f in accept () at /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007efcfef1e27a in osl_acceptPipe(oslPipe) (pPipe=0x7efce4001570) at /home/buildslave/source/libo-core/sal/osl/unx/pipe.cxx:388 s = pAcceptedPipe = socket = 12 __PRETTY_FUNCTION__ = "oslPipeImpl* osl_acceptPipe(oslPipe)" aGuard = {_M_device = 0x7efce4001570, _M_owns = false} flags = #2 0x00007efcf0d38ad1 in osl::Pipe::accept(osl::StreamPipe&) (this=this@entry=0x7efcef5004f8, Connection=...) at /home/buildslave/source/libo-core/include/osl/pipe.hxx:155 #3 0x00007efcf0d385b2 in io_acceptor::PipeAcceptor::accept() (this=0x7efce4000d50) at /home/buildslave/source/libo-core/io/source/acceptor/acc_pipe.cxx:157 pipe = {m_handle = 0x7efce4001570} pConn = rtl::Reference to 0x7efce4009530 status = #4 0x00007efcf0d3e510 in (anonymous namespace)::OAcceptor::accept(rtl::OUString const&) (this=0x5565edcf4300, sConnectionDescription="pipe,name=pytest85fe10fa-e003-11ef-8430-98f2b32c495c") at /home/buildslave/source/libo-core/io/source/acceptor/acceptor.cxx:198 guard = {m_pFlag = 0x5565edcf4378} r = empty uno::Reference #5 0x00007efcf0d89a2d in desktop::Acceptor::run() (this=this@entry=0x5565edcf51d0) at /home/buildslave/source/libo-core/desktop/source/offacc/acceptor.cxx:110 g = {_M_device = 0x5565edcf5208, _M_owns = true} rConnection = empty uno::Reference aDescription = "pipe,name=pytest85fe10fa-e003-11ef-8430-98f2b32c495c,uniqueValue=139624622069072" rInstanceProvider = uno::Reference to (desktop::AccInstanceProvider *) 0x7efce4000d38 #6 0x00007efcf0d89ed9 in desktop::offacc_workerfunc(void*) (acc=0x5565edcf51d0) at /home/buildslave/source/libo-core/desktop/source/offacc/acceptor.cxx:46 #7 0x00007efcfef2f41d in osl_thread_start_Impl(void*) (pData=0x5565edcfa790) at /home/buildslave/source/libo-core/sal/osl/unx/thread.cxx:237 terminate = false pImpl = 0x5565edcfa790 __PRETTY_FUNCTION__ = "void* osl_thread_start_Impl(void*)" #8 0x00007efcfebb81c4 in () at /lib/x86_64-linux-gnu/libc.so.6 #9 0x00007efcfec3885c in () at /lib/x86_64-linux-gnu/libc.so.6 Thread 6 (Thread 0x7efced68e6c0 (LWP 2715892)): #0 0x00007efcfec398e4 in recv () at /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007efcfef1e751 in osl_receivePipe(oslPipe, void*, sal_Int32) (pPipe=pPipe@entry=0x7efce4000f00, pBuffer=pBuffer@entry=0x7efcc078c728, BytesToRead=BytesToRead@entry=8) at /home/buildslave/source/libo-core/sal/osl/unx/pipe.cxx:453 socket = 13 nRet = #2 0x00007efcfef1ea36 in osl_readPipe(oslPipe, void*, sal_Int32) (pPipe=0x7efce4000f00, pBuffer=0x7efcc078c728, n=) at /home/buildslave/source/libo-core/sal/osl/unx/pipe.cxx:527 RetVal = BytesRead = 0 BytesToRead = 8 #3 0x00007efcf0d388ff in osl::StreamPipe::read(void*, int) const (n=8, pBuffer=, this=0x7efce4001550) at /home/buildslave/source/libo-core/include/osl/pipe.hxx:200 n = #4 io_acceptor::(anonymous namespace)::PipeConnection::read(com::sun::star::uno::Sequence&, sal_Int32) (this=0x7efce4001520, aReadBytes=uno::Sequence of length 8 = {...}, nBytesToRead=8) at /home/buildslave/source/libo-core/io/source/acceptor/acc_pipe.cxx:83 n = #5 0x00007efcef534555 in binaryurp::(anonymous namespace)::read(com::sun::star::uno::Reference const&, sal_uInt32, bool) (connection=uno::Reference to (io_acceptor::(anonymous namespace)::PipeConnection *) 0x7efce4001548, size=size@entry=8, eofOk=eofOk@entry=true) at /home/buildslave/source/libo-core/binaryurp/source/reader.cxx:70 __PRETTY_FUNCTION__ = "com::sun::star::uno::Sequence binaryurp::{anonymous}::read(const com::sun::star::uno::Reference&, sal_uInt32, bool)" buf = uno::Sequence of length 8 = {0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000'} n = #6 0x00007efcef5364f2 in binaryurp::Reader::execute() (this=0x7efce4006a80) at /home/buildslave/source/libo-core/binaryurp/source/reader.cxx:105 s = uno::Sequence of length 8 = {0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000'} count = block = {bridge_ = rtl::Reference to 0x7efce4000fb0, state_ = @0x7efce4006ac8, buffer_ = uno::Sequence of length 32507 = {-27 '\345', -88 '\250', -116 '\214', -95 '\241', 56 '8', -118 '\212', -99 '\235', -114 '\216', 102 'f', 99 'c', 99 'c', 48 '0', 55 '7', 57 '9', 53 '5', 100 'd', 51 '3', 48 '0', 59 ';', 103 'g', 99 'c', 99 'c', 51 '3', 91 '[', 48 '0', 93 ']', 59 ';', 52 '4', 48 '0', 57 '9', 55 '7', 54 '6', 57 '9', 99 'c', 97 'a', 102 'f', 99 'c', 54 '6', 51 '3', 52 '4', 49 '1', 52 '4', 54 '6', 98 'b', 97 'a', 53 '5', 100 'd', 54 '6', 102 'f', 102 'f', 52 '4', 52 '4', 52 '4', 55 '7', 101 'e', 99 'c', 99 'c', 97 'a', 48 '0', 0 '\000', -26 '\346', 0 '\000', 0 '\000', 0 '\000', 69 'E', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 10 '\n', 38 '&', -51 '\315', 51 '3', -5 '\373', 126 '~', 0 '\000', 0 '\000', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', -103 '\231', 64 '@', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 85 'U', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', -16 '\360', -70 '\272', 8 '\b', -13 '\363', -4 '\374', 126 '~', 0 '\000', 0 '\000', -62 '\302', -70 '\272', 8 '\b', -13 '\363', -4 '\374', 126 '~', 0 '\000', 0 '\000', 36 '$', -96 '\240', 8 '\b', -13 '\363', -4 '\374', 126 '~', 0 '\000', 0 '\000', 1 '\001', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', -128 '\200', 61 '=', -39 '\331', -19 '\355', 101 'e', 85 'U', 0 '\000', 0 '\000', -96 '\240', -124 '\204', -48 '\320', -19 '\355', 101 'e', 85 'U', 0 '\000', 0 '\000', -128 '\200', -34 '\336', -46 '\322', -19 '\355', 101 'e', 85 'U', 0 '\000', 0 '\000', -64 '\300', 57 '9', 1 '\001', -36 '\334', -4 '\374', 126 '~', 0 '\000', 0 '\000'...}, data_ = 0x7efcdc00a485 "", end_ = 0x7efcdc00a485 ""} header = {bridge_ = rtl::Reference to 0x7efce4000fb0, state_ = @0x7efce4006ac8, buffer_ = uno::Sequence of length 8 = {0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000', 0 '\000'}, data_ = 0x7efcc078c730 "\020{/\300\374~", end_ = 0x7efcc078c730 "\020{/\300\374~"} size = con = uno::Reference to (io_acceptor::(anonymous namespace)::PipeConnection *) 0x7efce4001548 #7 0x00007efcfea1f121 in salhelper::Thread::run() (this=0x7efce4006a80) at /home/buildslave/source/libo-core/salhelper/source/thread.cxx:39 g = {m_func = {__this = 0x7efce4006a80}, m_bDismissed = false} #8 0x00007efcfea1f3c7 in osl::threadFunc(void*) (param=0x7efce4006a90) at /home/buildslave/source/libo-core/include/osl/thread.hxx:189 pObj = 0x7efce4006a90 #9 0x00007efcfef2f41d in osl_thread_start_Impl(void*) (pData=0x7efce4008f70) at /home/buildslave/source/libo-core/sal/osl/unx/thread.cxx:237 terminate = false pImpl = 0x7efce4008f70 __PRETTY_FUNCTION__ = "void* osl_thread_start_Impl(void*)" #10 0x00007efcfebb81c4 in () at /lib/x86_64-linux-gnu/libc.so.6 #11 0x00007efcfec3885c in () at /lib/x86_64-linux-gnu/libc.so.6 Thread 5 (Thread 0x7efcc9bff6c0 (LWP 2763087)): #0 0x00007efcfebb512b in () at /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007efcfebbb4aa in pthread_mutex_lock () at /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007efcfef1cc53 in osl_acquireMutex(oslMutex) (pMutex=0x5565ecd4a1f0) at /home/buildslave/source/libo-core/sal/osl/unx/mutex.cxx:99 nRet = #3 0x00007efcf92539b5 in osl::Mutex::acquire() (this=0x5565ecd4a4f8) at /home/buildslave/source/libo-core/include/osl/mutex.hxx:63 pInst = 0x5565ecd4a3c0 __PRETTY_FUNCTION__ = "virtual void SvpSalYieldMutex::doAcquire(sal_uInt32)" #4 SvpSalYieldMutex::doAcquire(unsigned int) (this=0x5565ecd4a4f0, nLockCount=1) at /home/buildslave/source/libo-core/vcl/headless/svpinst.cxx:356 pInst = 0x5565ecd4a3c0 __PRETTY_FUNCTION__ = "virtual void SvpSalYieldMutex::doAcquire(sal_uInt32)" #5 0x00007efcfd71f31a in comphelper::SolarMutex::acquire(unsigned int) (this=, nLockCount=nLockCount@entry=1) at /home/buildslave/source/libo-core/include/comphelper/solarmutex.hxx:86 __PRETTY_FUNCTION__ = "void comphelper::SolarMutex::acquire(sal_uInt32)" #6 0x00007efcfd71f357 in osl::Guard::Guard(comphelper::SolarMutex&) (t=, this=0x7efcc9bfc560) at /home/buildslave/source/libo-core/include/osl/mutex.hxx:144 #7 SolarMutexGuard::SolarMutexGuard() (this=) at /home/buildslave/source/libo-core/include/vcl/svapp.hxx:1339 #8 0x00007efcfd8230ca in (anonymous namespace)::XFrameImpl::getContainerWindow() (this=0x7efcc020f1c0) at /home/buildslave/source/libo-core/framework/source/services/frame.cxx:840 g = {> = {pT = 0x5565ecd4a4f0}, } #9 0x00007efcfd80650a in framework::LoadEnv::impl_reactForLoadingState() (this=this@entry=0x7efcc9bfc9e0) at /home/buildslave/source/libo-core/framework/source/loadenv/loadenv.cxx:1600 bMinimized = bStartPres = pFrameName = xWindow = uno::Reference to (com::sun::star::uno::XInterface *) 0x1d bHidden = pWindow = {m_rInnerRef = empty rtl::Reference} aReadLock = {pT = 0x7efcc9bfc9e0} aRequest = Python Exception : bThrow = #10 0x00007efcfd806adb in framework::LoadEnv::impl_setResult(bool) (this=this@entry=0x7efcc9bfc9e0, bResult=) at /home/buildslave/source/libo-core/framework/source/loadenv/loadenv.cxx:535 g = {pT = 0x7efcc9bfc9e0} #11 0x00007efcfd80b716 in framework::LoadEnv::impl_loadContent() (this=this@entry=0x7efcc9bfc9e0) at /home/buildslave/source/libo-core/framework/source/loadenv/loadenv.cxx:1183 xTargetFrameProps = uno::Reference to ((anonymous namespace)::XFrameImpl *) 0x7efcc020f280 bResult = aWriteLock = {pT = 0x7efcc9bfc9e0} sTarget = "_blank" xTargetFrame = uno::Reference to ((anonymous namespace)::XFrameImpl *) 0x7efcc020f230 xTargetLock = uno::Reference to ((anonymous namespace)::XFrameImpl *) 0x7efcc020f258 bHidden = bMinimized = false bPreview = false bStartPres = lDescriptor = uno::Sequence of length 12 = {{Name = "URL", Handle = 0, Value = uno::Any("string": "file:///srv/crashtestdata/current/srv/crashtestdata/files/caolan/swfntobj_drawtext_heap_buffer_overflow.docx"), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "UCBContent", Handle = 0, Value = uno::Any("com.sun.star.ucb.XContent": { = {_vptr.XInterface = 0x7efcc0044fe8}, }), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "UpdateDocMode", Handle = 0, Value = uno::Any("short": 0), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "InteractionHandler", Handle = 0, Value = uno::Any("com.sun.star.task.XInteractionHandler": { = {_vptr.XInterface = 0x7efcdc00a838}, }), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "Hidden", Handle = 0, Value = uno::Any("boolean": 1 '\001'), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "AuthenticationHandler", Handle = 0, Value = uno::Any("com.sun.star.task.XInteractionHandler": { = {_vptr.XInterface = 0x7efcdc00a838}, }), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "InputStream", Handle = 0, Value = uno::Any("com.sun.star.io.XInputStream": { = {_vptr.XInterface = 0x7efcc00fcba8}, }), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "TypeName", Handle = 0, Value = uno::Any("string": "writer_OOXML"), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "AbortOnLoadFailure", Handle = 0, Value = uno::Any("boolean": 1 '\001'), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "ReadOnly", Handle = 0, Value = uno::Any("boolean": 1 '\001'), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "MacroExecutionMode", Handle = 0, Value = uno::Any("short": 0), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}, {Name = "FilterName", Handle = 0, Value = uno::Any("string": "Office Open XML Text"), State = com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE}} sURL = "file:///srv/crashtestdata/current/srv/crashtestdata/files/caolan/swfntobj_drawtext_heap_buffer_overflow.docx" xLoader = uno::Reference to ((anonymous namespace)::SfxFrameLoader_Impl *) 0x7efcc05cb6d0 xAsyncLoader = empty uno::Reference xSyncLoader = uno::Reference to ((anonymous namespace)::SfxFrameLoader_Impl *) 0x7efcc05cb6f8 #12 0x00007efcfd80b9f2 in framework::LoadEnv::start() (this=this@entry=0x7efcc9bfc9e0) at /home/buildslave/source/libo-core/framework/source/loadenv/loadenv.cxx:415 bStarted = #13 0x00007efcfd80c0fb in framework::LoadEnv::startLoading(rtl::OUString const&, com::sun::star::uno::Sequence const&, com::sun::star::uno::Reference const&, rtl::OUString const&, int, LoadEnvFeatures) (this=this@entry=0x7efcc9bfc9e0, sURL="file:///srv/crashtestdata/current/srv/crashtestdata/files/caolan/swfntobj_drawtext_heap_buffer_overflow.docx", lMediaDescriptor=uno::Sequence of length 3 = {...}, xBaseFrame=uno::Reference to (framework::Desktop *) 0x5565ed00aa98, sTarget="_blank", nSearchFlags=nSearchFlags@entry=0, eFeature=LoadEnvFeatures::NONE) at /home/buildslave/source/libo-core/framework/source/loadenv/loadenv.cxx:311 g = {pT = 0x7efcc9bfc9e0} aRealURL = "file:///srv/crashtestdata/current/srv/crashtestdata/files/caolan/swfntobj_drawtext_heap_buffer_overflow.docx" xParser = uno::Reference to ((anonymous namespace)::URLTransformer *) 0x7efcc021b6c8 pIt = {, true>> = {_M_cur = 0x0}, } bUIMode = false #14 0x00007efcfd80c345 in framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference const&, com::sun::star::uno::Reference const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence const&) (xLoader=uno::Reference to (framework::Desktop *) 0x5565ed00aaa8, xContext=uno::Reference to (cppu::(anonymous namespace)::ComponentContext *) 0x5565ecd46f28, sURL="file:///srv/crashtestdata/current/srv/crashtestdata/files/caolan/swfntobj_drawtext_heap_buffer_overflow.docx", sTarget="_blank", nSearchFlags=0, lArgs=uno::Sequence of length 3 = {...}) at /home/buildslave/source/libo-core/framework/source/loadenv/loadenv.cxx:167 aEnv = Python Exception : No type named std::__detail::_Hash_node, true>. {m_mutex = {mutex = 0x7efcc01dd510}, m_xContext = uno::Reference to (class cppu::(anonymous namespace)::ComponentContext *) 0x5565ecd46f28, m_xBaseFrame = uno::Reference to (class framework::Desktop *) 0x5565ed00aa98, m_xTargetFrame = uno::Reference to (class (anonymous namespace)::XFrameImpl *) 0x7efcc020f230, m_sTarget = "_blank", m_nSearchFlags = 0, m_lMediaDescriptor = { = {m_aMap = std::__debug::unordered_map with 12 elements}, static PROP_ABORTED = {pData = 0x7efcfda1c9f0