Bug 111074 - CRASH: LibreOffice crashes hovering over a calendar
Summary: CRASH: LibreOffice crashes hovering over a calendar
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
6.0.0.0.alpha0+
Hardware: All All
: highest critical
Assignee: Julien Nabet
URL:
Whiteboard: target:6.0.0
Keywords: bibisected, bisected, regression
Depends on:
Blocks:
 
Reported: 2017-08-01 23:39 UTC by Xisco Faulí
Modified: 2017-08-09 07:34 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xisco Faulí 2017-08-01 23:39:36 UTC 
Steps to reproduce:
1. Open attachment 98549 [details] from bug 78333
2. Display the calendar
3. hover over the calendar
CRASH

Reproduced in

Version: 6.0.0.0.alpha0+
Build ID: 50799a721c7ddcf9475a1b79984ed64ddd7cdf57
CPU threads: 4; OS: Linux 4.8; UI render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); Calc: group
Comment 1 Xisco Faulí 2017-08-01 23:40:42 UTC 
Regression introduced by:

author	Eike Rathke <erack@redhat.com>	2017-07-20 16:32:57 (GMT)
committer	Eike Rathke <erack@redhat.com>	2017-07-21 10:24:27 (GMT)
commit fcd0361d6be8d088be12e500f0120afd7995d1ac (patch)
tree 9e18c0310405d68d9151db9073cc8f6926df077d
parent 2e486daff35ab16e810bfdafb24b19bcbf2fe8cd (diff)
Eliminate Date::operator+=() and -=() and replace with Date::AddDays()
Clarifies code and gets rid of explicitly casting the operand to sal_Int32.

Also in preparation of removing DateTime::operator+=(sal_Int32) that is
confusingly similar to DateTime::operator+=(double) and just depends on type.

Bisected with bibisect-linux64-6.0

Adding Cc: to Eike Rathke
Comment 2 Julien Nabet 2017-08-02 21:17:08 UTC 
On pc Debian x86-64 with master sources updated today, I could reproduce this.

Here's part of bt:
0x00007fffce87eb9b in std::_Tuple_impl<0ul, icu_59::Calendar*, std::default_delete<icu_59::Calendar> >::_M_head (__t=...) at /usr/include/c++/6/tuple:193
193	      _M_head(const _Tuple_impl& __t) noexcept { return _Base::_M_head(__t); }
(gdb) bt
#0  0x00007fffce87eb9b in std::_Tuple_impl<0ul, icu_59::Calendar*, std::default_delete<icu_59::Calendar> >::_M_head (__t=...) at /usr/include/c++/6/tuple:193
#1  0x00007fffce87ebba in std::__get_helper<0ul, icu_59::Calendar*, std::default_delete<icu_59::Calendar> > (__t=...) at /usr/include/c++/6/tuple:1253
#2  0x00007fffce87ebd4 in std::get<0ul, icu_59::Calendar*, std::default_delete<icu_59::Calendar> > (__t=std::tuple containing = {...}) at /usr/include/c++/6/tuple:1265
#3  0x00007fffce87ebee in std::unique_ptr<icu_59::Calendar, std::default_delete<icu_59::Calendar> >::get (this=0x55555c8ee168) at /usr/include/c++/6/bits/unique_ptr.h:308
#4  0x00007fffce87e7b4 in std::unique_ptr<icu_59::Calendar, std::default_delete<icu_59::Calendar> >::operator-> (this=0x55555c8ee168)
    at /usr/include/c++/6/bits/unique_ptr.h:302
#5  0x00007fffce87bf51 in com::sun::star::i18n::Calendar_gregorian::getFirstDayOfWeek (this=0x55555c8ee0e0)
    at /home/julien/lo/libreoffice/i18npool/source/calendar/calendar_gregorian.cxx:692
#6  0x00007fffce8760a2 in com::sun::star::i18n::CalendarImpl::getFirstDayOfWeek (this=0x55555c8edff0)
    at /home/julien/lo/libreoffice/i18npool/source/calendar/calendarImpl.cxx:216
#7  0x00007fffed4df213 in CalendarWrapper::getFirstDayOfWeek (this=0x55555c8ed0f0) at /home/julien/lo/libreoffice/unotools/source/i18n/calendarwrapper.cxx:216
#8  0x00007fffeea37714 in Calendar::ImplGetWeekStart (this=0x55555c8ecd90) at /home/julien/lo/libreoffice/svtools/source/control/calendar.cxx:265
#9  0x00007fffeea3f11e in Calendar::GetDateRect (this=0x55555c8ecd90, rDate=2017-9-3) at /home/julien/lo/libreoffice/svtools/source/control/calendar.cxx:1800
#10 0x00007fffeea3f188 in Calendar::GetDateRect (this=0x55555c8ecd90, rDate=2017-9-3) at /home/julien/lo/libreoffice/svtools/source/control/calendar.cxx:1802

the last line is repeated more than 1000 times (i hadn't tried to find the end of bt)
Comment 3 Julien Nabet 2017-08-02 21:29:58 UTC 
With this patch, it doesn't crash for me:
https://gerrit.libreoffice.org/#/c/40696/
Comment 4 Julien Nabet 2017-08-03 05:35:46 UTC 
Xisco: don't hesitate to reopen this tracker if you still reproduce this with this patch in the build.
Comment 5 Commit Notification 2017-08-03 05:36:20 UTC 
Julien Nabet committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=14b809550657f9df3a70d533ef54df857d48bc1b

tdf#111074: fix AddDays in calendar

It will be available in 6.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 6 Xisco Faulí 2017-08-03 08:41:10 UTC 
(In reply to Julien Nabet from comment #4)
> Xisco: don't hesitate to reopen this tracker if you still reproduce this
> with this patch in the build.

Hi Julien,
Thanks for the quick fix. Ok, will do.
OTOH, I would like Eike to review it as well as he's the expert in this area...
Comment 7 Xisco Faulí 2017-08-09 07:34:19 UTC 
Verified in

Versió: 6.0.0.0.alpha0+
ID de la construcció: 0342c5e8086c8200ecadbe9d52dd4ef6a093effb
CPU threads: 4; OS: Linux 4.10; UI render: per defecte; VCL: gtk3; 
Configuració local: ca-ES (ca_ES.UTF-8); Calc: group