https://bugs.freedesktop.org/show_bug.cgi?id=53154
--- Comment #6 from Lionel Elie Mamane <lio...@mamane.lu> 2012-08-06 15:16:29 UTC --- (In reply to comment #5) > can't reproduce here either; the crash is in a Java finalizer, so timing may > vary significantly; freeUnoInterfaceProxy leading to __cxa_pure_virtual sounds > like either memory corruption or a ref-counted UNO object forcefully being > deleted before its ref-count is zero That's interesting... The line just before that is (*pThis->pBridge->getCppEnv()->revokeInterface)( pThis->pBridge->getCppEnv(), pThis->pCppI ); I wonder if that's the line that "forcefully deletes pThis->pCppI", and thus leads to the pure virtual: (gdb) break unointerfaceproxy.cxx:51 Breakpoint 1 at 0x7fffea2ff82d: file /home/master/src/libreoffice/workdirs/libreoffice-3.6/bridges/source/cpp_uno/shared/unointerfaceproxy.cxx, line 51. (gdb) commands 1 Type commands for breakpoint(s) 1, one per line. End with a line saying just "end". >print pThis->pCppI >continue >end (gdb) continue -----> big snip of many breakpoint hits <-------------- Breakpoint 1, bridges::cpp_uno::shared::freeUnoInterfaceProxy (pEnv=0x1ba5330, pProxy=0x2676e50) at /home/master/src/libreoffice/workdirs/libreoffice-3.6/bridges/source/cpp_uno/shared/unointerfaceproxy.cxx:51 51 (*pThis->pBridge->getCppEnv()->revokeInterface)( $94 = (reportdesign::OSection *) 0x23c45c0 pure virtual method called terminate called without an active exception (gdb) up 6 #6 0x00007fffea2ff880 in bridges::cpp_uno::shared::freeUnoInterfaceProxy (pEnv=0x1ba5330, pProxy=0x2676e50) at /home/master/src/libreoffice/workdirs/libreoffice-3.6/bridges/source/cpp_uno/shared/unointerfaceproxy.cxx:53 53 pThis->pCppI->release(); (gdb) print pThis->pCppI $95 = (com::sun::star::uno::XInterface *) 0x23c4610 Hmmm... The value (address pointed at) of pThis->pCppI has changed between line 51 and 53... I don't immediately understand how this could happen: print pThis->pBridge->getCppEnv()->revokeInterface $96 = (void (*)(_uno_ExtEnvironment *, void *)) revokeInterface takes a void*, not a &(void*), so how could it change its argument? Maybe it is a more subtle memory corruption issue? -- Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. _______________________________________________ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs