Bug 104383 - FILEOPEN: Crash of LibreOffice Calc when activating macros
Summary: FILEOPEN: Crash of LibreOffice Calc when activating macros
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
4.4 all versions
Hardware: All All
: highest critical
Assignee: Kohei Yoshida
URL:
Whiteboard: target:5.4.0 target:5.3.3 target:5.2.7
Keywords: bibisected, bisected, haveBacktrace, regression
Depends on:
Blocks: Macro-UNOAPI
  Show dependency treegraph
 
Reported: 2016-12-04 08:29 UTC by Esteban DUGUEPEROUX
Modified: 2019-11-21 19:11 UTC (History)
4 users (show)

See Also:
Crash report or crash signature: ["ScVbaRange::ApplicationRange(com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const &,com::sun::star::uno::Any const &,com::sun::star::uno::Any const &)"]

Attachments
xlsm file to reproduce the bug (61.32 KB, application/vnd.ms-excel.sheet.macroEnabled.12)
2016-12-04 08:29 UTC, Esteban DUGUEPEROUX 		Details
bt with symbols (17.25 KB, text/plain)
2016-12-04 10:30 UTC, Julien Nabet 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Esteban DUGUEPEROUX 2016-12-04 08:29:29 UTC 
Created attachment 129291 [details]
xlsm file to reproduce the bug

Hi,

I try to open a .xlsm file with LibreOffice Calc, this .xlsm file use macros.
Then I choose to have macros activated on demand on startup by enabling preference in Tools->Options->Security->Macro Security->Medium.
When activating macro at file opening, LibreOffice quits and a popup appears explaining that an unexpected error has occured.
The .xlsm file to reproduce the bug is in attachment.
Comment 1 Julien Nabet 2016-12-04 10:30:49 UTC 
Created attachment 129296 [details]
bt with symbols

On pc Debian x86-64 with master sources updated yesterday, I could reproduce the crash.
I attached bt with symbols.
Comment 2 Xisco Faulí 2017-02-28 12:15:35 UTC 
it also crashes in 

Versión: 5.3.0.3
Id. de compilación: 7074905676c47b82bbcfbea1aeefc84afe1c50e1
Subpr. de CPU: 1; Versión de SO: Windows 6.1; Repr. de IU: predet.; Motor de trazado: HarfBuzz; 
Configuración regional: es-ES (es_ES); Calc: group
Comment 3 Xisco Faulí 2017-02-28 12:27:55 UTC 
Regression introduced by:

author	Kohei Yoshida <kohei.yoshida@collabora.com>	2014-06-25 20:38:52 (GMT)
committer	Kohei Yoshida <kohei.yoshida@collabora.com>	2014-06-25 20:40:43 (GMT)
commit 5e83804da815a982aed567a8cae4cc078491dcbd (patch)
tree d29f5087f8d1eb9952a9ea140fae018b9adfb9c7
parent 671566d0612a26c844501f0cf042138b5fe5c040 (diff)
bnc#882595: Process VBA blobs before formula cells.
So that formula cells with user-defined functions will be interpreted
correctly.

Adding Cc: to Kohei Yoshida
Comment 4 Kohei Yoshida 2017-03-16 22:03:53 UTC 
Do you guys gets lots of "BASIC runtime error. '91' Object variable not set" error messages before it crashes?
Comment 5 Julien Nabet 2017-03-16 22:15:14 UTC 
I get no error messages "BASIC runtime error. '91' Object variable not set" before crash.
However, I must tell I use enable-dbgutil so perhaps it crashes before these messages only in this case.
Comment 6 Kohei Yoshida 2017-03-16 22:44:13 UTC 
(In reply to Julien Nabet from comment #5)
> I get no error messages "BASIC runtime error. '91' Object variable not set"
> before crash.
> However, I must tell I use enable-dbgutil so perhaps it crashes before these
> messages only in this case.

I'd like to have someone with a release build confirming what I'm seeing.
Comment 7 Julien Nabet 2017-03-16 22:51:20 UTC 
(In reply to Kohei Yoshida from comment #6)
> (In reply to Julien Nabet from comment #5)
> > I get no error messages "BASIC runtime error. '91' Object variable not set"
> > before crash.
> > However, I must tell I use enable-dbgutil so perhaps it crashes before these
> > messages only in this case.
> 
> I'd like to have someone with a release build confirming what I'm seeing.

Just for the record, with 5.2.5.1 LO Debian package (so release build), I don't have these messages.
Perhaps someone will be luckier than me.

BTW, here's some gdb session:
Thread 1 "soffice.bin" hit Breakpoint 1, ScVbaRange::ApplicationRange (xContext=uno::Reference to (cppu::ComponentContext *) 0x55555819aa10, Cell1=
    uno::Any("string": "CRAM!MOISANNEE"), Cell2=uno::Any(void)) at /home/julien/lo/libreoffice/sc/source/ui/vba/vbarange.cxx:4211
4211	    if ( Cell1.hasValue() && !Cell2.hasValue() && !sRangeName.isEmpty() )
(gdb) n
4213	        uno::Reference< beans::XPropertySet > xPropSet( getCurrentExcelDoc(xContext), uno::UNO_QUERY_THROW );
(gdb) n
4215	        uno::Reference< container::XNameAccess > xNamed( xPropSet->getPropertyValue( "NamedRanges" ), uno::UNO_QUERY_THROW );
(gdb) n
4216	        uno::Reference< sheet::XCellRangeReferrer > xReferrer;
(gdb) n
4219	            xReferrer.set ( xNamed->getByName( sRangeName ), uno::UNO_QUERY );
(gdb) p sRangeName
$3 = "CRAM!MOISANNEE"
(gdb) p xNamed->getByName( sRangeName )
The program being debugged entered a std::terminate call, most likely

of course this exception is catched but when continuing after some lines, xView is an empty ref.
Comment 8 Kohei Yoshida 2017-03-16 23:01:27 UTC 
Yeah I'd already figured out that part.
Comment 9 Commit Notification 2017-03-17 00:08:32 UTC 
Kohei Yoshida committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ed8a337cf6d13eda49d394558d83766131f83e54

tdf#104383: prevent crash during file load.

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 10 Aron Budea 2017-03-17 02:17:30 UTC 
(In reply to Julien Nabet from comment #7)
> Just for the record, with 5.2.5.1 LO Debian package (so release build), I
> don't have these messages.
> Perhaps someone will be luckier than me.

No messages for me, either, neither in 5.3.0.3, nor in 4.4.0.3 / Ubuntu 16.04 (I assume they'd appear on console).
Comment 11 Xisco Faulí 2017-03-20 19:49:36 UTC 
it no longer crashes in

Version: 5.4.0.0.alpha0+
Build ID: 4ba483beccc99d336d0e0bec47b5fd6823b16c16
CPU threads: 4; OS: Linux 4.8; UI render: default; VCL: gtk2; 
Locale: ca-ES (ca_ES.UTF-8); Calc: group

@Kohei: Could you please backported it to branch 5.2 and 5.3 and close this as RESOLVED FIXED ?
Comment 12 Kohei Yoshida 2017-03-21 20:52:08 UTC 
Backports are now in review:

5.3: https://gerrit.libreoffice.org/#/c/35520/
5.2: https://gerrit.libreoffice.org/#/c/35521/
Comment 13 Commit Notification 2017-03-22 00:14:58 UTC 
Kohei Yoshida committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=5112b09445069015de6f82524ea9247a1d73f35e&h=libreoffice-5-3

tdf#104383: prevent crash during file load.

It will be available in 5.3.3.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 14 Commit Notification 2017-03-22 01:00:14 UTC 
Kohei Yoshida committed a patch related to this issue.
It has been pushed to "libreoffice-5-2":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=118f5e797d7274e5f37d877b8fa3b93e53366991&h=libreoffice-5-2

tdf#104383: prevent crash during file load.

It will be available in 5.2.7.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.