105473 – Crash in: ScRangeList::operator[](unsigned int)

Bug 105473 - Crash in: ScRangeList::operator[](unsigned int)

Summary: Crash in: ScRangeList::operator[](unsigned int)

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Calc (show other bugs)
Version: (earliest affected)	5.2.4.2 release
Hardware:	x86-64 (AMD64) Windows (All)

Importance:	medium normal
Assignee:	Not Assigned

URL:
Whiteboard:	target:5.4.0 target:5.3.1
Keywords:	haveBacktrace

Depends on:
Blocks:

Reported:	2017-01-22 10:31 UTC by Hans Gerstenkorn
Modified:	2017-02-12 17:37 UTC (History)
CC List:	4 users (show)

See Also:
Crash report or crash signature:	["ScRangeList::operator[](unsigned int)"]

Attachments
DHL Adress import assistent from paket.de (1.26 MB, application/vnd.ms-excel) 2017-01-22 10:31 UTC, Hans Gerstenkorn	Details
bt with debug symbols (6.33 KB, text/plain) 2017-01-22 13:26 UTC, Julien Nabet	Details
bt with debug symbols (16.67 KB, text/plain) 2017-01-24 20:09 UTC, Julien Nabet	Details
Mistake 1 after helppackinstallation (10.97 KB, image/png) 2017-02-12 17:26 UTC, Hans Gerstenkorn	Details
Mistake 2 after helppackinstallation (27.41 KB, image/png) 2017-02-12 17:28 UTC, Hans Gerstenkorn	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hans Gerstenkorn 2017-01-22 10:31:36 UTC

Created attachment 130605 [details]
DHL Adress import assistent from paket.de

This bug was filed from the crash reporting server and is br-69adfa0c-aa19-4903-a81a-edac746952c7.
=========================================

This adtress import tool from the german DHL (www.paket.de) produces macro mistakes which I can't identify, my be this will only work within the newest Microsoft Excel Version.....

Comment 1 m_a_riosv 2017-01-22 10:50:35 UTC

Don't crash.
Version: 5.2.5.1 (x64)
Build ID: 0312e1a284a7d50ca85a365c316c7abbf20a4d22
CPU Threads: 4; OS Version: Windows 6.19; UI Render: GL; 
Locale: es-ES (es_ES); Calc: group

It's a xls file with VBA macro.

Comment 2 Xisco Faulí 2017-01-22 11:38:01 UTC Comment hidden (obsolete)

Hello Hans,

Thank you for reporting the bug. To be certain the reported issue is not related to corruption in the user profile, could you please reset your Libreoffice profile ( https://wiki.documentfoundation.org/UserProfile ) and re-test?

I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the issue is still present

Comment 3 Julien Nabet 2017-01-22 13:26:35 UTC

Created attachment 130611 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated 2 days ago, I could reproduce the crash but with a different bt.

I attached bt + some gdb printing

Comment 4 Julien Nabet 2017-01-22 13:36:00 UTC

With this patch:
diff --git a/basic/source/comp/scanner.cxx b/basic/source/comp/scanner.cxx
index 092a239eabe9..398b78a6cdbd 100644
--- a/basic/source/comp/scanner.cxx
+++ b/basic/source/comp/scanner.cxx
@@ -569,7 +569,7 @@ eoln:
     {
         pLine = nullptr;
         bool bRes = NextSym();
-        if( bVBASupportOn && aSym[0] == '.' )
+        if( bVBASupportOn && aSym.startsWith(".") )
         {
             // object _
             //    .Method

No crash but I got a popup error in German:
"Es ist ein Fehler bei der Erstellung der neuen 
Symbolleiste aufgetreten !"

Comment 5 Hans Gerstenkorn 2017-01-22 14:26:02 UTC Comment hidden (obsolete)

(In reply to Xisco Faulí from comment #2)
> Hello Hans,
> 
> Thank you for reporting the bug. To be certain the reported issue is not
> related to corruption in the user profile, could you please reset your
> Libreoffice profile ( https://wiki.documentfoundation.org/UserProfile ) and
> re-test?
> 
> I have set the bug's status to 'NEEDINFO'. Please change it back to
> 'UNCONFIRMED' if the issue is still present

Hello Xisco,
I did it with a new profile, I can't reproduce the crash, now I'll open a new question in the LO-forum to solve my persitant makro problem.... :-) hans
-----------------
my system: Version: 5.2.4.2; Build-ID:  3d5603e1122f0f102b62521720ab13a38a4e0eb0 CPU-Threads: 4; BS-Version: Windows 6.2; UI-Render: Standard; Gebietsschema: de-DE (de_DE); Calc: group

Comment 6 Xisco Faulí 2017-01-22 15:12:05 UTC

(In reply to Julien Nabet from comment #4)
> With this patch:
> diff --git a/basic/source/comp/scanner.cxx b/basic/source/comp/scanner.cxx
> index 092a239eabe9..398b78a6cdbd 100644
> --- a/basic/source/comp/scanner.cxx
> +++ b/basic/source/comp/scanner.cxx
> @@ -569,7 +569,7 @@ eoln:
>      {
>          pLine = nullptr;
>          bool bRes = NextSym();
> -        if( bVBASupportOn && aSym[0] == '.' )
> +        if( bVBASupportOn && aSym.startsWith(".") )
>          {
>              // object _
>              //    .Method
> 
> No crash but I got a popup error in German:
> "Es ist ein Fehler bei der Erstellung der neuen 
> Symbolleiste aufgetreten !"

Hello Julien,
I get that german popup without doing any modification in the code using

Version: 5.4.0.0.alpha0+
Build ID: d3ff66999d924e832f8219c65ced0526f1a67f82
CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk2; 
Locale: ca-ES (ca_ES.UTF-8); Calc: group

Comment 7 Hans Gerstenkorn 2017-01-22 15:26:52 UTC

Hi to all,
this is the bug I've reportet - please see above, but I opened a new question at this website: "http://www.libreoffice-forum.de/viewtopic.php?f=6&t=17255" and I've got now one answer which says that the bug is justified in the VBA-Code. Please see the complete answer there. :-) hans

Comment 8 Buovjaga 2017-01-24 08:08:10 UTC

(In reply to Hans Gerstenkorn from comment #7)
> Hi to all,
> this is the bug I've reportet - please see above, but I opened a new
> question at this website:
> "http://www.libreoffice-forum.de/viewtopic.php?f=6&t=17255" and I've got now
> one answer which says that the bug is justified in the VBA-Code. Please see
> the complete answer there. :-) hans

"Bug is justified" - does it mean this can be closed?

Comment 9 Hans Gerstenkorn 2017-01-24 08:29:55 UTC

I think so, but I'm sure that was not the problem of the crash, but it is not a worth to track a problem....

Comment 10 Buovjaga 2017-01-24 08:37:37 UTC

Well it was a silly proposal from me. A crash should never happen.
Let's leave this open and Julien can comment.

Comment 11 Julien Nabet 2017-01-24 09:05:25 UTC

I typed a git "pull -r && make clean && make" this morning on my local repo, so I'll be able to retest tonight after my day time job.

Comment 12 Julien Nabet 2017-01-24 20:09:25 UTC

Created attachment 130665 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today (b1211e965aa7883b0c3fc157f6c56b48c8bb0462), I still reproduce the crash.

Comment 13 Xisco Faulí 2017-01-30 23:22:22 UTC

Moving to NEW as per comment 12

Comment 14 Commit Notification 2017-02-05 13:27:01 UTC

Julien Nabet committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=89b57084a0b76c20d6f98607c88b47009a1975d5

Related tdf#105473: Crash in: ScRangeList::operator[]

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 15 Julien Nabet 2017-02-05 13:29:18 UTC

Finally I pushed the patch proposed on master (see https://cgit.freedesktop.org/libreoffice/core/commit/?id=89b57084a0b76c20d6f98607c88b47009a1975d5) and cherry-picked it on 5.3 branch for review here: https://gerrit.libreoffice.org/#/c/33935/
So let's put this one to FIXED.

Comment 16 Commit Notification 2017-02-07 13:00:23 UTC

Julien Nabet committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=50522e609375ad12dec9c24cc302d9107cbf5358&h=libreoffice-5-3

Related tdf#105473: Crash in: ScRangeList::operator[]

It will be available in 5.3.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 17 Hans Gerstenkorn 2017-02-09 13:37:58 UTC

sorry, I am sick, but in a few days I report back :-) Hans

Comment 18 Hans Gerstenkorn 2017-02-12 17:26:41 UTC

Created attachment 131149 [details]
Mistake 1 after helppackinstallation

please see comment from 2017-02-12

Comment 19 Hans Gerstenkorn 2017-02-12 17:28:03 UTC

Created attachment 131150 [details]
Mistake 2 after helppackinstallation

please see comment from 2017-02-12

Comment 20 Hans Gerstenkorn 2017-02-12 17:34:03 UTC

Hi, I'm back and after installing helppack "http://dev-builds.libreoffice.org/daily/libreoffice-5-3/Win-x86@62-merge-TDF/2017-02-12_01.26.53/libreoffice-5-3~2017-02-12_01.26.53_LibreOfficeDev_5.3.1.0.0_Win_x86_helppack_de.msi" I've got the same "makro-mistake" - please see attachments above, the LO doesn't crash. 

Please note also that the makro problem will be hopefully resolved by the Germen DHL. (please see also above). :-) Hans

Comment 21 Buovjaga 2017-02-12 17:37:39 UTC

(In reply to Hans Gerstenkorn from comment #20)
> Please note also that the makro problem will be hopefully resolved by the
> Germen DHL. (please see also above). :-) Hans

Good news re: DHL. Let's set to VERIFIED.