131380 – Crash when opening xlsx file, FILEOPEN

Bug 131380 - Crash when opening xlsx file, FILEOPEN

Summary: Crash when opening xlsx file, FILEOPEN

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Calc (show other bugs)
Version: (earliest affected)	5.3 all versions
Hardware:	x86-64 (AMD64) All

Importance:	high critical
Assignee:	Caolán McNamara

URL:
Whiteboard:	target:7.0.0 target:6.4.3 target:6.3.6
Keywords:	bibisected, bisected, regression

Depends on:
Blocks:

Reported:	2020-03-16 18:46 UTC by Lorenzo
Modified:	2020-04-01 09:43 UTC (History)
CC List:	2 users (show)

See Also:	131096 https://crashreport.libreoffice.org/stats/signature/ScETSForecastCalculation::GetETSPredictionIntervals(boost::intrusive_ptr%3CScMatrix%3E%20const%20&,boost::intrusive_ptr%3CScMatrix%3E%20const%20&,double) 94635 121396
Crash report or crash signature:	["ScETSForecastCalculation::GetETSPredictionIntervals(boost::intrusive_ptr%3CScMatrix%3E%20const%20&,boost::intrusive_ptr%3CScMatrix%3E%20const%20&,double)"]

Attachments
gdb log (26.40 KB, text/plain) 2020-03-16 18:48 UTC, Lorenzo	Details
Valgrind log (51.04 KB, text/plain) 2020-03-16 18:49 UTC, Lorenzo	Details
Simple file causing crash (304.37 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet) 2020-03-17 23:18 UTC, Lorenzo	Details
minimized (12.09 KB, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet) 2020-03-26 16:49 UTC, Xisco Faulí	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lorenzo 2020-03-16 18:46:37 UTC

Description:
Trying to open the file, i get the message "Due to an error, Libreoffice crashed". Both using LibreOffice 6.4.1.2 and LibreOffice 6.4.1.2

Unfortunately I cannot share the file, but I can share gdb log (which shows a segmantation fault in graph related operations) and the valgrind log (which I think shows an invalid memory read that causes the segfault)

Steps to Reproduce:
1. Try to open a specific xslx file

Actual Results:
I get the message "Due to an error, Libreoffice crashed"

Expected Results:
Being able to see the file contents


Reproducible: Always


User Profile Reset: Yes



Additional Info:
Version: 6.4.1.2
Build ID: 6.4.1-3
CPU threads: 8; OS: Linux 5.5; UI render: default; VCL: gtk3; 
Locale: en-US (en_US.utf8); UI-Language: en-US
Calc: threaded

LibreOffice is a modern, easy-to-use, open source productivity suite for word processing, spreadsheets, presentations and more.

This release was supplied by Arch Linux.
Copyright © 2000–2020 LibreOffice contributors.
LibreOffice was based on OpenOffice.org.

Comment 1 Lorenzo 2020-03-16 18:48:33 UTC

Created attachment 158726 [details]
gdb log

Shows a segmentation fault, maybe while drawing a graph?

Comment 2 Lorenzo 2020-03-16 18:49:19 UTC

Created attachment 158727 [details]
Valgrind log

Comment 3 Roman Kuznetsov 2020-03-16 19:12:37 UTC Comment hidden (obsolete)

Lorenzo, if you can't attach your file here, then try retest your problem in LibreOffice build from TDF or try build it yourself from source code

You use build from Arch Linux and possibly the problem is in that...

Comment 4 Xisco Faulí 2020-03-17 11:10:21 UTC Comment hidden (obsolete)

Hello Lorenzo,
Would you mind sharing the file privately with me? Otherwise, it's very hard to investigate this issue

Comment 5 Lorenzo 2020-03-17 12:24:01 UTC Comment hidden (obsolete)

Thanks for the instant answers!

Roman, I'm trying to build libreoffice from source from https://gerrit.libreoffice.org/core libreoffice with --enable-dbgutil, but it's taking a long time and I'm having trouble running out of RAM, should be able to finish building today and see it it helps


Xisco, I'll ask for a redacted copy of the file that I can share here, don't know how many days it will take

Thank again

Comment 6 Roman Kuznetsov 2020-03-17 17:19:54 UTC

(In reply to Lorenzo from comment #5)
> Thanks for the instant answers!
> 
> Roman, I'm trying to build libreoffice from source from
> https://gerrit.libreoffice.org/core libreoffice with --enable-dbgutil, but
> it's taking a long time and I'm having trouble running out of RAM, should be
> able to finish building today and see it it helps
> 
> 
> Xisco, I'll ask for a redacted copy of the file that I can share here, don't
> know how many days it will take
> 
> Thank again

Lorenzo, don't need --enable-dbgutil, just --without-java. It needs for checking your problem in vanille build. I think it's just Arch's build problem...

Comment 7 Lorenzo 2020-03-17 20:04:57 UTC

They should send me a redacted copy in a few hours

Roman, i built it from sources and still crashes the same way:
The last few messages on gdb are thousands of warnings like:
warn:xmloff:16761:16904:sax/source/fastparser/fastparser.cxx:1267: unknown element x14ac:dyDescent http://schemas.microsoft.com/office/spreadsheetml/2009/9/ac

Then about ten warnings like
warn:oox:16761:16892:oox/source/helper/progressbar.cxx:67: ProgressBar::setPosition - invalid position

And finally
warn:oox:16761:16761:oox/source/drawingml/shapecontext.cxx:125: ShapeContext::onCreateContext: unhandled element: 3640
warn:oox:16761:16761:oox/source/drawingml/shapecontext.cxx:125: ShapeContext::onCreateContext: unhandled element: 1031
[New Thread 0x7fffc6d82700 (LWP 16913)]
[New Thread 0x7fffe6171700 (LWP 16914)]
[Thread 0x7fffc6d82700 (LWP 16913) exited]
[Thread 0x7fffe6171700 (LWP 16914) exited]
/usr/include/c++/9.3.0/bits/unique_ptr.h:613: typename std::add_lvalue_reference<_Tp>::type std::unique_ptr<_Tp [], _Dp>::operator[](std::size_t) const [with _Tp = double; _Dp = std::default_delete<double []>; typename std::add_lvalue_reference<_Tp>::type = double&; std::size_t = long unsigned int]: Assertion 'get() != pointer()' failed.
--Type <RET> for more, q to quit, c to continue without paging--


Thanks again for the immediate response, will insist on getting the redacted copy

Comment 8 Lorenzo 2020-03-17 23:18:30 UTC

Created attachment 158768 [details]
Simple file causing crash

Here is a simpler file with only public data

Comment 9 QA Administrators 2020-03-18 02:42:47 UTC Comment hidden (obsolete)

[Automated Action] NeedInfo-To-Unconfirmed

Comment 10 Xisco Faulí 2020-03-18 09:07:15 UTC

Reproduced in

Version: 7.0.0.0.alpha0+
Build ID: 4ee7ee1c4a515479bc174543af4dbc400035c0ba
CPU threads: 4; OS: Linux 4.19; UI render: default; VCL: gtk3; 
Locale: en-US (en_US.UTF-8); UI-Language: en-US
Calc: threaded

Comment 11 Xisco Faulí 2020-03-18 09:31:17 UTC

Regression introduced by:

author	Winfried Donkers <winfrieddonkers@libreoffice.org>	2016-09-15 13:39:35 +0200
committer	Eike Rathke <erack@redhat.com>	2016-10-13 19:04:48 +0000
commit fb790880eb11552b2e7d1dcf6c09d2663712290f (patch)
tree a4626267b442f2fee3ef81186d053cb93d900187
parent 7d5d5e6e9b67807560a7db4123e8b41cc0f70a32 (diff)
tdf#94635 follow up; handle linear data properly when samples in period

Bisected with: bibisect-linux-64-5.3

Comment 12 Caolán McNamara 2020-03-26 15:49:12 UTC

https://gerrit.libreoffice.org/c/core/+/91145 would make it not crash, maybe even with the right results

Comment 13 Xisco Faulí 2020-03-26 16:44:27 UTC

(In reply to Caolán McNamara from comment #12)
> https://gerrit.libreoffice.org/c/core/+/91145 would make it not crash, maybe
> even with the right results

Hi Caolán,
it seems the results are different, at least compared to MSO Excel 2010, but it's the case also before fb790880eb11552b2e7d1dcf6c09d2663712290f, I'll report it in a different issue...

Comment 14 Xisco Faulí 2020-03-26 16:49:45 UTC

Created attachment 159052 [details]
minimized

Comment 15 Commit Notification 2020-03-26 21:51:08 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/0f5e930fffbe2151ffadc8461449e55015617f65

tdf#131380 crash on loading specific xlsx document

It will be available in 7.0.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 16 Commit Notification 2020-03-27 00:41:48 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-6-4":

https://git.libreoffice.org/core/commit/9ad9c9b869d8ead906283ed363ce0067d5570e06

tdf#131380 crash on loading specific xlsx document

It will be available in 6.4.4.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 17 Timur 2020-03-27 07:56:53 UTC

Nice, file opens now. 
I sometimes have a dump with procdump (like on a 1st open after LO start).

Comment 18 Caolán McNamara 2020-03-27 09:00:42 UTC Comment hidden (obsolete)

is "I sometimes have a dump with procdump (like on a 1st open after LO start)." related to opening this document or a general observation on starting libreoffice ?

Comment 19 Commit Notification 2020-03-27 10:42:49 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-6-3":

https://git.libreoffice.org/core/commit/4fe6846e1d0c2d3953b36275d39f101839c90967

tdf#131380 crash on loading specific xlsx document

It will be available in 6.3.6.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 20 Xisco Faulí 2020-03-27 11:45:01 UTC

Verified in

Version: 7.0.0.0.alpha0+
Build ID: 9b784a74a2f09e9eb9a0fd41d58c1f6b47ee6ee6
CPU threads: 4; OS: Linux 4.19; UI render: default; VCL: gtk3; 
Locale: en-US (en_US.UTF-8); UI-Language: en-US
Calc: threaded

@Caolán, thanks for fixing this issue!!

Comment 21 Timur 2020-03-27 15:26:23 UTC

(In reply to Caolán McNamara from comment #18)
> is "I sometimes have a dump with procdump (like on a 1st open after LO
> start)." related to opening this document or a general observation on
> starting libreoffice ?

I don't know. Of course it's when opening this document, but not every time. I had it this morning (fresh master with fix) but I can't reproduce now. 
I guess it may be general LO on 1st time start. 

procdump was with -h:    
"Write dump if process has a hung window window messages for at least 5 seconds)."

Comment 22 Commit Notification 2020-03-27 15:43:10 UTC

Xisco Fauli committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/0900c57f17e16b65309f7c5932e15354e923dd4a

tdf#131380: Add unittest

It will be available in 7.0.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 23 Commit Notification 2020-04-01 08:43:44 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-6-4-3":

https://git.libreoffice.org/core/commit/69cd327c65bd0af169c9330bbc1f4a47c975c0d3

tdf#131380 crash on loading specific xlsx document

It will be available in 6.4.3.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.