Bug 85032

Summary: Crash on 4.4 master loading a particular file
Product: LibreOffice Reporter: Matthew Francis <fdbugs>
Component: WriterAssignee: Caolán McNamara <caolan.mcnamara>
Status: RESOLVED FIXED    
Severity: major CC: fdbugs
Priority: high Keywords: haveBacktrace
Version: 4.4.0.0.alpha0+ Master   
Hardware: Other   
OS: All   
See Also: https://bugs.freedesktop.org/show_bug.cgi?id=84752
Whiteboard: BSA target:4.4.0
Crash report or crash signature: Regression By:
Attachments: OSX backtrace
Linux backtrace
Linux memcheck log

Description Matthew Francis 2014-10-15 07:25:04 UTC 
Loading https://www.libreoffice.org/bugzilla/attachment.cgi?id=107496 (from bug 84752) on 4.4 master leads to a crash. This appears to be a separate issue to the performance regression on the aforementioned bug

The same backtrace was observed on:
- OSX just from loading the file
- Linux when running under valgrind, but not otherwise
Comment 1 Matthew Francis 2014-10-15 07:25:59 UTC 
Created attachment 107852 [details]
OSX backtrace
Comment 2 Matthew Francis 2014-10-15 07:35:35 UTC 
Created attachment 107854 [details]
Linux backtrace

Annoyingly I can't yet reproduce this on Linux under memcheck - but callgrind did abort with the attached backtrace which is clearly the same as the OSX crash
Comment 3 Matthew Francis 2014-10-15 07:50:48 UTC 
Created attachment 107855 [details]
Linux memcheck log

Not sure how I failed to get this to work the first time, but here's a nice clear memcheck trace showing a bunch of invalid reads which relate to the backtrace of the crash
Comment 4 Caolán McNamara 2014-10-15 12:38:45 UTC 
I think this is going wrong in Edit::ImplDelete at the maText.remove line
Comment 5 Caolán McNamara 2014-10-15 12:43:44 UTC 
hmm, setting a SetMaxTextLen of -1, these used to be unsigned shorts, so that would have meant "max length" in the old days