148336 – Crash in SwFntObj::GetTextSize(SwDrawTextInfo&) on file open

Bug 148336 - Crash in SwFntObj::GetTextSize(SwDrawTextInfo&) on file open

Summary: Crash in SwFntObj::GetTextSize(SwDrawTextInfo&) on file open

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	7.4.0.0 alpha0+
Hardware:	All All

Importance:	medium normal
Assignee:	Caolán McNamara

URL:
Whiteboard:	target:7.4.0
Keywords:	bibisected, bisected, haveBacktrace, regression

Depends on:
Blocks:	File-Opening Crash
	Show dependency tree / graph

Reported:	2022-04-03 16:42 UTC by Telesto
Modified:	2022-04-05 08:54 UTC (History)
CC List:	5 users (show)

See Also:	148221 145929 145321
Crash report or crash signature:

Attachments
bt with debug symbols (6.80 KB, text/plain) 2022-04-03 17:28 UTC, Julien Nabet	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Telesto 2022-04-03 16:42:54 UTC

Description:
Crash swlo!sw::MetaFieldManager::getDocumentProperties+0x874d: in file open

Steps to Reproduce:
1. Open attachment 179146 [details] (bug 148221) on Windows

Actual Results:
Crash

Expected Results:
No crash


Reproducible: Always


User Profile Reset: No



Additional Info:
Version: 7.4.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: 2816f498505bab01bc0f17ef0962ece663c607c9
CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win
Locale: nl-NL (nl_NL); UI: en-US
Calc: CL Jumbo

Comment 1 Roman Kuznetsov 2022-04-03 17:16:49 UTC

confirm the crash in

Version: 7.4.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: a3988b2d147a2442b348d58b79dbd6e71472b7af
CPU threads: 4; OS: Windows 6.1 Service Pack 1 Build 7601; UI render: Skia/Raster; VCL: win
Locale: ru-RU (ru_RU); UI: en-US
Calc: CL Jumbo

but not in

Version: 7.3.0.2 (x64) / LibreOffice Community
Build ID: f1c9017ac60ecca268da7b1cf147b10e244b9b21
CPU threads: 4; OS: Windows 6.1 Service Pack 1 Build 7601; UI render: Skia/Raster; VCL: win
Locale: ru-RU (ru_RU); UI: ru-RU
Calc: CL

regression here!

Comment 2 Julien Nabet 2022-04-03 17:28:40 UTC

Created attachment 179291 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today, I got a crash but not  swlo!sw::MetaFieldManager::getDocumentProperties

Comment 3 Dhiraj Holden 2022-04-03 19:48:13 UTC

Cannot reproduce.

Version: 7.4.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: 9caf6e4a3ac05a9d2e9d695e59d4ae048bf078b2
CPU threads: 12; OS: Windows 10.0 Build 19044; UI render: Skia/Raster; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: CL

Comment 4 Telesto 2022-04-04 08:40:51 UTC

(In reply to Julien Nabet from comment #2)
> Created attachment 179291 [details]
> bt with debug symbols
> 
> On pc Debian x86-64 with master sources updated today, I got a crash but not
> swlo!sw::MetaFieldManager::getDocumentProperties

FWIW: It's the same crash. I picked the last frame the BT from a non-debug build... frame before swlo!SwTextFormatColl::IsInSwFntCache+0x3cc1

Comment 5 Telesto 2022-04-04 09:05:52 UTC

@Caolan,
A small poke. This is re-occurrence of similar bug which being reported before (bug 145321). Noel got stuck, and introduced a stop gap measure at bug 145321 which solved the problem in that case, but it seems the same issue can be triggered on different ways

---
Quote from https://git.libreoffice.org/core/+/6ae00fc24786eac379e6e64ac3e6d83c6a057b24%5E!

This crash made apparent that we have bad data ending up in
SwDrawTextInfo. So I added some asserts there to catch that.

However, that simply made apparent that there are bug(s) at
a higher level that I have no idea how to to fix.

---

A different set of eyes might spot the problem and you have some expertise with font code, as I know.

Comment 6 Xisco Faulí 2022-04-04 09:09:08 UTC

Regression introduced by:

https://cgit.freedesktop.org/libreoffice/core/commit/?id=556e70024df6ca092e199a3769100c0982ad7567

author	Caolán McNamara <caolanm@redhat.com>	2022-01-18 14:49:40 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2022-03-12 20:33:13 +0100
commit 556e70024df6ca092e199a3769100c0982ad7567 (patch)
tree 1e8238ee11f8d5d3add53b8220ce3b1d67a55afe
parent de81df1f3f9b7660db450c638925f90adf9c026b (diff)
set portion width using the last position in the dxarray

Bisected with: bibisect-linux64-7.4

Adding Cc: to Caolán McNamara

Comment 7 Caolán McNamara 2022-04-04 12:19:23 UTC

I see the same crash as Julien. In this case I think the fix is clear enough for the crash I see. I have a different crasher from a different document which also crashes here but fits into the painful category of comment #5

Comment 8 Commit Notification 2022-04-04 13:56:39 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/a52b1610009096c171b7571b9c2e8c307cada90b

Resolves: tdf#148336 portion width can be zero

It will be available in 7.4.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 9 Caolán McNamara 2022-04-04 14:02:02 UTC

that fixes what I see at least

Comment 10 Telesto 2022-04-05 08:54:26 UTC

Not crash
Version: 7.4.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: cf4d5ed026c8799a70432a832a8a707c2e316216
CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win
Locale: nl-NL (nl_NL); UI: en-US
Calc: CL Jumbo