104407 – EDITING: LO crashes when pasting a lot of RTF

Bug 104407 - EDITING: LO crashes when pasting a lot of RTF

Summary: EDITING: LO crashes when pasting a lot of RTF

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	5.2.0.0.alpha0+
Hardware:	All All

Importance:	medium major
Assignee:	Michael Stahl (allotropia)

URL:
Whiteboard:	target:5.4.0 target:5.3.4
Keywords:	bibisected, bisected, haveBacktrace, regression

Depends on:
Blocks:	Paste
	Show dependency tree / graph

Reported:	2016-12-05 08:53 UTC by Luke Kendall
Modified:	2017-05-09 07:52 UTC (History)
CC List:	6 users (show)

See Also:	65642
Crash report or crash signature:	["writerfilter::dmapper::SectionPropertyMap::CloseSectionGroup(writerfilter::dmapper::DomainMapper_Impl%20&)"]

Attachments
Example document which reliably causes the crash (294.64 KB, application/vnd.oasis.opendocument.text) 2016-12-05 08:53 UTC, Luke Kendall	Details
backtrace (127.21 KB, text/x-log) 2017-04-24 17:59 UTC, Xisco Faulí	Details
backtrace (25.05 KB, text/plain) 2017-04-26 12:46 UTC, Xisco Faulí	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Kendall 2016-12-05 08:53:09 UTC

Created attachment 129309 [details]
Example document which reliably causes the crash

I have a corrupted LO document (bug 103078), and tried copying the entire document as RTF into an empty document. It immediately crashes LO.

Steps to reproduce:

1. Open the attached file HarshLessons-CS-4x7-obfus.odt
2. Select all
3. Copy
4. File->New text document
5. Edit->Paste special; choose RTF

Results:
LO crashes

Expected result:
LO does not crash

Comment 1 Telesto 2016-12-05 14:04:49 UTC

Confirming with:
Version: 5.4.0.0.alpha0+
Build ID: 33f5bc54aaa7fe7aa9335726e30f9c349155e04d
CPU Threads: 4; OS Version: Windows 6.2; UI Render: default; 
TinderBox: Win-x86@62-merge-TDF, Branch:MASTER, Time: 2016-12-01_23:21:05
Locale: nl-NL (nl_NL); Calc: CL

Comment 2 Telesto 2017-04-23 18:07:04 UTC

Confirming crash with
Version: 5.4.0.0.alpha0+
Build ID: 4354f0e9ef4a5538729a2a6f2d1745e247f6c5cd
CPU threads: 4; OS: Windows 6.19; UI render: default; 
TinderBox: Win-x86@42, Branch:master, Time: 2017-04-21_06:05:57
Locale: nl-NL (nl_NL); Calc: CL

No crash - but only incomplete paste - with:
Version: 5.0.2.2
Build ID: 37b43f919e4de5eeaca9b9755ed688758a8251fe-GL
Locale: en-US (nl_NL)

--------
RTF paste is also broken in:
Versie: 4.1.0.4 
Build ID: 89ea49ddacd9aa532507cbf852f2bb22b1ace28

but not in
LibreOffice 3.5.7.2 
Build ID: 3215f89-f603614-ab984f2-7348103-1225a5b

Comment 3 Xisco Faulí 2017-04-24 17:45:08 UTC

Regression introduced in range https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=15b53976e5d119877e53f34b34cee33a5f2883fd..19567deb49cdb4a49f251b1aacb305f68aee3c4a

Comment 4 Xisco Faulí 2017-04-24 17:59:49 UTC

Created attachment 132801 [details]
backtrace

Comment 5 Xisco Faulí 2017-04-26 12:46:45 UTC

Created attachment 132861 [details]
backtrace

Comment 6 Xisco Faulí 2017-04-28 11:55:19 UTC

@Raal, @Aron, Could any of you please bisect this one ? Thanks

Comment 7 Aron Budea 2017-04-30 02:27:11 UTC Comment hidden (bibisection)

Bibisected using repo bibisect-win32-5.2.
 800c0db9f1d5491a49f40b580603b78856489333 is the first bad commit
commit 800c0db9f1d5491a49f40b580603b78856489333
Author: Norbert Thiebaud <nthiebaud@gmail.com>
Date:   Sun Mar 27 19:31:16 2016 -0700

    source abaf6bde4ee91c628bd55a7ec2e876a5d0ecff6e
	
# bad: [0dd2351ad5126be07112c87933218c3860545ea1] source f3d1ac75c4b7fa63022e54a9cbff46ba99535076
# good: [1f670510f08cb800cbae2a1dd6ea70d3542e4721] source 49c2b9808df8a6b197dec666dfc0cda6321a4306
git bisect start '0dd2351ad5126be07112c87933218c3860545ea1' 'oldest'
# good: [26d7348dc9209bfbb6d5ea010035d01c1fbab020] source 9925881003cb4f8055e32e23e51feb7fbef751f8
git bisect good 26d7348dc9209bfbb6d5ea010035d01c1fbab020
# good: [81bc06d623771022b72ef3464f829aae08131a25] source 224ecda045f49a0e96d3117233b667de6d5c6837
git bisect good 81bc06d623771022b72ef3464f829aae08131a25
# good: [25d47718f1d223a8d616a765c4d19a40fa0aab98] source ecc7f698b5f080530f006218fa3dd82da43d9abb
git bisect good 25d47718f1d223a8d616a765c4d19a40fa0aab98
# good: [655faae3e30443ab934130a93ad23d2d7869f051] source a0d5f0896ed7f2de8ceffd664ee469a383ce7d53
git bisect good 655faae3e30443ab934130a93ad23d2d7869f051
# good: [c1e1d6be43f61fad0e4a87354b70ed3499174789] source 7342baff976f2bbd5ccf2444fc1b5e19e003b238
git bisect good c1e1d6be43f61fad0e4a87354b70ed3499174789
# good: [1059d2ec05c7c057272913b8a61ffe28f57c671e] source cd210a450e3c5e2ed7e273550ac56be9ced3e706
git bisect good 1059d2ec05c7c057272913b8a61ffe28f57c671e
# good: [ab4ab083fefaa805a4e4be9bed0b60ccd3d57bbb] source a7ba6358eec442aaa28fdd952102dbd10ca2569e
git bisect good ab4ab083fefaa805a4e4be9bed0b60ccd3d57bbb
# bad: [995ab7579a6a9d617d80bf7e2b7ca88a237a9f75] source b3443e16c75704e547abd57e91156b76a5e5d218
git bisect bad 995ab7579a6a9d617d80bf7e2b7ca88a237a9f75
# bad: [3d9c3e28544b28698e3ecf8191bb30fa8b2808f0] source 011e65c93053c88eb752e50ef47c69872608cbcd
git bisect bad 3d9c3e28544b28698e3ecf8191bb30fa8b2808f0
# bad: [c3ac67452626a6fcefed8feff791209e67614c4a] source 9585c8b8c8d8724cc1bad4a2060c828c15599929
git bisect bad c3ac67452626a6fcefed8feff791209e67614c4a
# bad: [61e88b114d2fb0fbf5d48eafd9e2e2e60552fb97] source 0f0cea28c75a6565c7803b54536d4a8720ead160
git bisect bad 61e88b114d2fb0fbf5d48eafd9e2e2e60552fb97
# bad: [800c0db9f1d5491a49f40b580603b78856489333] source abaf6bde4ee91c628bd55a7ec2e876a5d0ecff6e
git bisect bad 800c0db9f1d5491a49f40b580603b78856489333
# first bad commit: [800c0db9f1d5491a49f40b580603b78856489333] source abaf6bde4ee91c628bd55a7ec2e876a5d0ecff6e

Comment 8 Aron Budea 2017-04-30 02:28:49 UTC

My bibisect results point to slightly earlier than the range in comment 3, to the comment referenced below. Adding Cc: to Miklos Vajna, please take a look.

https://cgit.freedesktop.org/libreoffice/core/commit/?id=abaf6bde4ee91c628bd55a7ec2e876a5d0ecff6e
author		Miklos Vajna <vmiklos@collabora.co.uk>	2016-03-22 07:09:01 (GMT)
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2016-03-22 07:09:29 (GMT)

"tdf#65642 RTF filter: import \pgnrestart and \pgnucltr"

Comment 9 Michael Stahl (allotropia) 2017-05-05 20:12:36 UTC

fixed on master

Comment 10 Commit Notification 2017-05-05 20:13:49 UTC

Michael Stahl committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=e4da2e5dfa9e462e0d9c23a1a60caf4b3ef2dc56

tdf#104407 writerfilter: fix crash with null xRangeProperties

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 11 Commit Notification 2017-05-09 07:52:40 UTC

Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=8521f4c8fb08aa37912f73a73ba1a34c2ccc97ed&h=libreoffice-5-3

tdf#104407 writerfilter: fix crash with null xRangeProperties

It will be available in 5.3.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.