Bug 105011 - assertion in rtl_uString_newFromSubString
Summary: assertion in rtl_uString_newFromSubString
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
5.4.0.0.alpha0+
Hardware: All Linux (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard: target:5.4.0 target:5.3.0.2 target:5.2.5
Keywords: haveBacktrace
Depends on:
Blocks:
 
Reported: 2016-12-31 03:10 UTC by Terrence Enger
Modified: 2017-01-01 17:45 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:

Attachments
gdb on the core file (44.99 KB, text/plain)
2016-12-31 03:10 UTC, Terrence Enger 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Terrence Enger 2016-12-31 03:10:00 UTC 
Created attachment 130046 [details]
gdb on the core file

STR
---
(1) Download and open test.odt attached to tdf#104795.  Program
    displays Writer window.
(2) Take menu options File > Properties.  Program crashes.

Perhaps the problem has something to do with the digital signature in
test.odt.  On a new Writer document "Untitled 1" without a digital
signature (or anything else), File > Properties displays the expected
dialog.

This can happen, of course, only in a dbgutil build.  I see it in
daily Linux dbgutil bibisect repository versions 2016-12-26 and
2016-05-26 and in a local build.

The attached backtrace is from commit ae18926c (2016-12-11), configured 
    CC=ccache /usr/bin/gcc
    CXX=ccache /usr/bin/g++
    --enable-option-checking=fatal
    --enable-dbgutil
    --enable-debug
    --without-system-postgresql
    --without-myspell-dicts
    --with-extra-buildid
    --without-doxygen
    --with-external-tar=/home/terry/lo_hacking/git/src
    --without-package-format
built and executed on debian-stretch.

I am adding keyword haveBacktrace.
Comment 1 Julien Nabet 2016-12-31 11:28:52 UTC 
On pc Debian x86-64 with master sources updated today, I could reproduce this.

Interesting part is:
#5  0x00002aaab055f81e in rtl::OUString::copy (this=0x7fffffff29d0, beginIndex=3, count=-4) at /home/julien/lo/libreoffice/include/rtl/ustring.hxx:2223
#6  0x00002aaab070acd2 in (anonymous namespace)::GetContentPart (_rRawString="CN=timur.davletshin@gmail.com", _rPartId="CN")
    at /home/julien/lo/libreoffice/sfx2/source/dialog/dinfdlg.cxx:748
#7  0x00002aaab070dd85 in SfxDocumentPage::ImplUpdateSignatures (this=0x55555ca2e0b0) at /home/julien/lo/libreoffice/sfx2/source/dialog/dinfdlg.cxx:901


#6  0x00002aaab070acd2 in (anonymous namespace)::GetContentPart (_rRawString="CN=timur.davletshin@gmail.com", _rPartId="CN")
    at /home/julien/lo/libreoffice/sfx2/source/dialog/dinfdlg.cxx:748
748	            s = _rRawString.copy( nContStart, nContEnd - nContStart );
(gdb) p nContEnd
$1 = -1
(gdb) p nContStart
$2 = 3
(gdb) p _rRawString
$3 = "CN=timur.davletshin@gmail.com"

See http://opengrok.libreoffice.org/xref/core/sfx2/source/dialog/dinfdlg.cxx#736
Comment 2 Commit Notification 2016-12-31 12:51:09 UTC 
Julien Nabet committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=5e149b630bd837ca6c8cae609a5c148f25f9ee82

tdf#105011, tdf#104795: copy string until its end if there's no comma

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 3 Commit Notification 2016-12-31 12:52:37 UTC 
Julien Nabet committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=822a9fe43380458d81f2381be75d295562d608f7&h=libreoffice-5-3

tdf#105011, tdf#104795: copy string until its end if there's no comma

It will be available in 5.3.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 4 Julien Nabet 2016-12-31 12:55:20 UTC 
For 5.2 branch, https://gerrit.libreoffice.org/#/c/32533/
Comment 5 Terrence Enger 2017-01-01 15:45:56 UTC 
The assertion is gone in 
    Version: 5.4.0.0.alpha0+
    Build ID: 879bac84cde2fc7cc27363d1bb0ca50c53162a88
    CPU Threads: 2; OS Version: Linux 4.8; UI Render: default; VCL: x11; 
    Locale: en-CA (en_CA.utf8); Calc: group

Thank you, Julien.  I am setting status VERIFIED FIXED.
Comment 6 Commit Notification 2017-01-01 17:45:24 UTC 
Julien Nabet committed a patch related to this issue.
It has been pushed to "libreoffice-5-2":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=342ed30e08ddf625e9c6bb35ebd772b4ec6a213f&h=libreoffice-5-2

tdf#105011, tdf#104795: copy string until its end if there's no comma

It will be available in 5.2.5.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.