Description: Bug detected on Libreoffice writer 6.x (ubuntu 18.04) , not on Libreoffice writer 5.x (ubuntu 16.04). Crash when I put this formula {<?>} underbrace {<?>} if the first {<?>} is too large, all display is out of control. I have to close writer. Actual Results: - open libreoffice writer - add a formula - add {~~~~~~~~~~~~~~~~~~~~~~~~~~~} underbrace {vec v_e} Expected Results: some ~, there is no problem many ~, writer crashs Reproducible: Always User Profile Reset: No Additional Info: Only on Libreoffice write 6.x
Created attachment 159570 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I got an assert. 164 std::unique_ptr<GenericSalLayout> FreeTypeTextRenderImpl::GetTextLayout(int nFallbackLevel) 165 { 166 assert(mpFreetypeFont[nFallbackLevel]); 167 if (!mpFreetypeFont[nFallbackLevel]) 168 return nullptr; 169 return std::make_unique<GenericSalLayout>(*mpFreetypeFont[nFallbackLevel]->GetFontInstance()); 170 } but since mpFreetypeFont is null here, it'll crash in 167 in a non debug build.
I tested the limits and found that: {~~~~~~~~~~~~~~~~~~~~~~~~} underbrace {vec v_e} was ok {~~~~~~~~~~~~~~~~~~~~~~~~~} underbrace {vec v_e} crashed. But, if I copy paste first one then I add extra "~" it worked.
Dear pdalet, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
I could reproduce the issue with creating a formula that overflows the page width: Steps: 1. Open Writer 2. Insert > Object > Formula 3. Paste in formula editor: {~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~} underbrace {vec v_e} Result: Formula area is a grey block, many parts of the UI disappear. Even though parts of the UI still can be interacted with, Writer is unusable. This happens with gtk3 VCL. With the gen VCL, the UI is completely unresponsive. No issue with gtk2 nor with kf5 VCLs. Console warnings for gtk3 (unique lines): warn:vcl.gdi:77103:77103:vcl/source/outdev/font.cxx:1083: Font fallback to the same font, but has missing codes warn:legacy.osl:77103:77103:starmath/source/rect.cxx:81: GetTextBoundRect failed warn:starmath:77103:77103:starmath/source/rect.cxx:226: Ooops... (Font missing?) warn:vcl:77103:77103:vcl/unx/generic/gdi/cairotextrender.cxx:394: rendering text failed with stretch ratio of: 428, error occurred in libfreetype warn:vcl:77103:77103:vcl/unx/generic/gdi/cairotextrender.cxx:394: rendering text failed with stretch ratio of: 10, error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkDrawingArea': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'ImmobilizedViewport': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkScrolledWindow': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkBox': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkGrid': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkViewport': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'OOoFixed': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkEventBox': error occurred in libfreetype (soffice:77103): Gtk-WARNING **: 22:36:24.573: drawing failure for widget 'GtkWindow': error occurred in libfreetype Console warnings for gen (unique lines): warn:vcl.layout:77307:77307:vcl/source/window/layout.cxx:2172: desired border at paint 3 is larger than expected 2 warn:vcl.gdi:77307:77307:vcl/source/outdev/font.cxx:1083: Font fallback to the same font, but has missing codes warn:legacy.osl:77307:77307:starmath/source/rect.cxx:81: GetTextBoundRect failed warn:starmath:77307:77307:starmath/source/rect.cxx:226: Ooops... (Font missing?) warn:vcl:77307:77307:vcl/unx/generic/gdi/cairotextrender.cxx:394: rendering text failed with stretch ratio of: 428, error occurred in libfreetype warn:vcl:77307:77307:vcl/unx/generic/gdi/cairotextrender.cxx:394: rendering text failed with stretch ratio of: 10, error occurred in libfreetype warn:legacy.osl:77307:77307:xmloff/source/core/SettingsExportHelper.cxx:176: this type is not implemented now warn:legacy.osl:77307:77307:xmloff/source/text/txtparae.cxx:387: hyperlink without a URL --> no export to ODF warn:vcl:77307:77307:vcl/unx/generic/gdi/cairotextrender.cxx:394: rendering text failed with stretch ratio of: 426, error occurred in libfreetype The warnings that are not seen with kf5 are the Gtk-WARNINGs and cairotextrender.cxx / libfreetypes ones, making it look similar to bug 151089. Tested with: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: d36145d7cf6ca4d6072d4ab0a709bb8fe866336c CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Caolán, thought you might be interested.
There is a certain glyph scaling factor (which varies with versions of freetype IIRC) where rendering fails and has reappeared over the years in different places. This sounds like that. The underlying freetype failure "poisons" the cairo case and no rendering takes place after entering the fail state.
The actual crash that I see is in cairo itself and I previously encountered that during fuzzing and submitted https://gitlab.freedesktop.org/cairo/cairo/-/commit/5c7e2dafd5d44f54d07082ce747153918c2c0b68 to fix it but it isn't in my system version of cairo yet
I think I can bodge this, it won't be pretty at large stretch sizes, but it can be functional
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/53e24da3698ddb5f976cec0ae8eb8b2a2ab2c4c6 tdf#132112 excessive stretch of braces can trigger freetype into an error It will be available in 7.6.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
The crash is that of cairo, with a fix upstreamed there. An attempt to avoid the problem now checked in to trunk, works for me, triggering ratio (or whatever is the exact trigger) might need to be adjusted for other freetype+cairo combinations.