| Summary: | CRASH when Consolidate | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | ign_christian <ign_christian> |
| Component: | Calc | Assignee: | Eike Rathke <erack> |
| Status: | VERIFIED FIXED | ||
| Severity: | normal | CC: | erack, kohei, markus.mohrhard, miguelangelrv, serval2412, sophi |
| Priority: | high | Keywords: | regression |
| Version: | 4.2.0.0.alpha0+ Master | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | target:4.3.0 target:4.2.5 target:6.2.0 | ||
| Crash report or crash signature: | Regression By: | ||
| Attachments: |
Test file
bt with symbols valgrind trace |
||
I do not reproduce with Version: 4.2.3.3 Build ID: 882f8a0a489bc99a9e60c7905a60226254cb6ff0 Ubuntu 13.10. Consolidation works as expected with your file - Sophie Strange.. I tried to reset & use default user profile, also did system update, but same result. Removing libreoffice-gtk & libreoffice-gnome makes no difference. Any suggestions ? On pc Debian x86-64 with master sources updated today, I've got a freeze (and not a crash, except if you must wait more than 30 seconds). Idem with 4.2 sources updated some days ago. Created attachment 97482 [details]
bt with symbols
bt => I put it at NEW Created attachment 97483 [details]
valgrind trace
Kohei/Markus/Eike: one for you? (bt + Valgrind trace included) Looking at Valgrind trace, I noticed this part void lcl_AddString<unsigned long>(rtl::OUString*&, unsigned long&, rtl::OUString const&) (consoli.cxx:80) which appears several times.
72 template< typename T >
73 static void lcl_AddString( OUString*& pData, T& nCount, const OUString& rInsert )
74 {
75 OUString* pOldData = pData;
76 pData = new OUString[ nCount+1 ];
77 if (pOldData)
78 {
79 memcpy( pData, pOldData, nCount * sizeof(OUString) );
80 delete[] pOldData;
81 }
82 pData[nCount] = rInsert;
83 ++nCount;
84 }
(see http://opengrok.libreoffice.org/xref/core/sc/source/core/tool/consoli.cxx#72)
I noticed this other lcl_AddString here:
http://opengrok.libreoffice.org/xref/core/svtools/source/config/extcolorcfg.cxx#238
Of course, this one doesn't use template but anyway, the first method is called at 3 places with the same type (SCSIZE), see http://opengrok.libreoffice.org/search?q=lcl_AddString&project=core&defs=&refs=&path=&hist=
Should the first one removed so the second one only would be used?
Hi.. Any good news in 4.2 ? I just checked with LO 4.1.5.3 & Ubuntu 12.04 x86, no crash/freeze. There's a memory corruption in the array of OUString handling. This hits sooner or later depending on memory layout and use. Taking over. (In reply to comment #9) > I noticed this other lcl_AddString here: > [...] > Should the first one removed so the second one only would be used? No, they are different (and local/static to different source files). The consoli.cxx one is supposed to append a string to an array of strings, the extcolorcfg.cxx one appends a string to each string element of a sequence of strings. Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e891afeccba8f20f8bdaeacb20f2215cfcb1abfd resolve fdo#77509 memory corruption / crash in Consolidate The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Pending review for 4-2 at https://gerrit.libreoffice.org/9282 Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=948728a4159a8ba74ecc663373d31f1840fed9ac&h=libreoffice-4-2 resolve fdo#77509 memory corruption / crash in Consolidate It will be available in LibreOffice 4.2.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Wow..thanks Eike for responding quickly & for the fix :) Thanks Eike, Verified with: Win7x64Ultimate Version: 4.2.5.0.0+ Build ID: 948728a4159a8ba74ecc663373d31f1840fed9ac TinderBox: Win-x86@42, Branch:libreoffice-4-2, Time: 2014-05-09_01:06:23 Version: 4.3.0.0.alpha1+ Build ID: e9b2787c2ece4c8260fbac6359257e1829c917d4 TinderBox: Win-x86@39, Branch:master, Time: 2014-05-09_06:36:37 I was having the issue with an own file that seems solved now. Zdeněk Crhonek committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=288878045e54651ffe96e5faa879ab3bbabf9510 uitest for bug tdf#77509 It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |
Created attachment 97443 [details] Test file LibreOffice crash while doing consolidate (LO 4.2.3.3 in Ubuntu 12.04 x86) Steps to reproduce: 1. Open attachment: Consolidate-test.xls 2. Select any empty cell, eg. cell D1 3. Tab: Data > Consolidate 4. Source data ranges: $Sheet1.$A$1:$B$7 5. Click 'Add' so that ranges appear in "Consolidation ranges" 6. Click 'Options' > check 'Row labels' > click OK After some testing, I notice that consolidate won't crash if we only select ranges A2:B6. But if we select A1:B6 or A2:B7, crash happens. Patterns in column A: I. AB_X , AB_XX , AB_XXX (all ranges prefixes with same 2 characters) -> no crash II. Mix pattern I with A_X and/or ABC_X (combined ranges with 1,2,3 characters prefix) -> crash This issue not happen with: - LO 4.0.6.2 Win7 x86 - LO 4.0.4.2 Kubuntu 12.04 x86 Note: Same result with ODS and XLSX