Bug 162574 - Pasting yields in an abort
Summary: Pasting yields in an abort
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
24.2.1.2 release
Hardware: All All
: medium normal
Assignee: Miklos Vajna
URL:
Whiteboard: target:25.2.0 target:24.2.7 target:24...
Keywords: bibisected, bisected, regression
Depends on:
Blocks: Paste
  Show dependency treegraph
 
Reported: 2024-08-23 00:38 UTC by Henning
Modified: 2024-09-06 10:41 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Henning 2024-08-23 00:38:17 UTC 
Description:
Pasting the table from the page https://rondo.cc/ruut-al-2,467,pl under the tab geometry (starting with size ending on bottom right number) will yield in a crash of libre office calc. Pasting in writer succeeds. Bug is not present in 7.1.3.2 but is present in 24.2.5.2 and 24.8. It seems browser and operating system agnostic from my tests (linux/windows chromium/firefox all affected).

Backtrace of crashing thread:
Thread 1 "soffice.bin" received signal SIGABRT, Aborted.
0x00007ffff3494c5c in __pthread_kill_implementation () from /lib64/libc.so.6
#0  0x00007ffff3494c5c in __pthread_kill_implementation () at /lib64/libc.so.6
#1  0x00007ffff34411c6 in raise () at /lib64/libc.so.6
#2  0x00007ffff3428917 in abort () at /lib64/libc.so.6
#3  0x00007ffff30adc4d in ??? () at /lib64/libstdc++.so.6
#4  0x00007ffff30bf2ec in ??? () at /lib64/libstdc++.so.6
#5  0x00007ffff30ad7f5 in std::terminate() () at /lib64/libstdc++.so.6
#6  0x00007ffff30bf578 in __cxa_throw () at /lib64/libstdc++.so.6
#7  0x00007fffba8cdb7f in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#8  0x00007fffbaa4440f in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#9  0x00007fffbaa44812 in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#10 0x00007fffbaa3ea0c in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#11 0x00007fffbaa3f86e in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#12 0x00007fffbaa3fb03 in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#13 0x00007ffff4eb9d3d in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#14 0x00007ffff5994f54 in HTMLParser::Continue(HtmlTokenId) () at /usr/lib64/libreoffice/program/libmergedlo.so
#15 0x00007ffff59980ce in HTMLParser::CallParser() () at /usr/lib64/libreoffice/program/libmergedlo.so
#16 0x00007ffff4ef4007 in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#17 0x00007ffff4eb7172 in EditEngine::Read(SvStream&, rtl::OUString const&, EETextFormat, SvKeyValueIterator*) () at /usr/lib64/libreoffice/program/libmergedlo.so
#18 0x00007fffbaa39166 in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#19 0x00007fffbaa5559e in ??? () at /usr/lib64/libreoffice/program/libscfiltlo.so
#20 0x00007fffbb73c15b in ScImportExport::HTML2Doc(SvStream&, rtl::OUString const&) () at /usr/lib64/libreoffice/program/../program/libsclo.so
#21 0x00007fffbbaa7048 in ??? () at /usr/lib64/libreoffice/program/../program/libsclo.so
#22 0x00007fffbba99432 in ScViewFunc::PasteFromSystem(SotClipboardFormatId, bool) () at /usr/lib64/libreoffice/program/../program/libsclo.so
#23 0x00007fffbba99a7c in ScViewFunc::PasteFromSystem() () at /usr/lib64/libreoffice/program/../program/libsclo.so
#24 0x00007fffbb986b73 in ScClipUtil::PasteFromClipboard(ScViewData&, ScTabViewShell*, bool) () at /usr/lib64/libreoffice/program/../program/libsclo.so
#25 0x00007fffbb97109f in ??? () at /usr/lib64/libreoffice/program/../program/libsclo.so
#26 0x00007ffff55b42d9 in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#27 0x00007ffff55ef5f1 in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#28 0x00007ffff55efb41 in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#29 0x00007ffff5962d0f in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#30 0x00007ffff6421b99 in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#31 0x00007ffff6629781 in SalUserEventList::DispatchUserEvents(bool) () at /usr/lib64/libreoffice/program/libmergedlo.so
#32 0x00007fffeddbcfc3 in QtInstance::ImplYield(bool, bool) () at /usr/lib64/libreoffice/program/libvclplug_qt6lo.so
#33 0x00007fffeddbd0f6 in QtInstance::DoYield(bool, bool) () at /usr/lib64/libreoffice/program/libvclplug_qt6lo.so
#34 0x00007ffff6671129 in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#35 0x00007ffff66712b5 in Application::Execute() () at /usr/lib64/libreoffice/program/libmergedlo.so
#36 0x00007ffff57ca08d in ??? () at /usr/lib64/libreoffice/program/libmergedlo.so
#37 0x00007ffff669facd in ImplSVMain() () at /usr/lib64/libreoffice/program/libmergedlo.so
#38 0x00007ffff57be218 in soffice_main () at /usr/lib64/libreoffice/program/libmergedlo.so
#39 0x000055555555507b in ??? ()
#40 0x00007ffff342a340 in __libc_start_call_main () at /lib64/libc.so.6
#41 0x00007ffff342a409 in __libc_start_main_impl () at /lib64/libc.so.6
#42 0x00005555555550b5 in ??? ()

Steps to Reproduce:
1. Copy the table from the page https://rondo.cc/ruut-al-2,467,pl under geometry in the clipboard
2. Open Calc and paste it into an empty spreadsheet
3. Observe an abort with the following message to stdout: "terminate called after throwing an instance of 'boost::wrapexcept<boost::property_tree::json_parser::json_parser_error>'
  what():  <unspecified file>(1): expected key string"

Actual Results:
Crash like observed in 3.

Expected Results:
The contents of the table pasted in Calc.


Reproducible: Always


User Profile Reset: No

Additional Info:
Version: 24.2.5.2 (X86_64) / LibreOffice Community
Build ID: 420(Build:2)
CPU threads: 16; OS: Linux 6.10; UI render: default; VCL: kf6 (cairo+wayland)
Locale: en-GB (en_GB.UTF-8); UI: en-GB
Calc: threaded
Comment 1 Henning 2024-08-23 01:20:24 UTC 
Regression test:
24.2.0.3 works
24.2.1.2 crash
24.2.2.2 crash
24.2.3.2 crash
Comment 2 raal 2024-08-23 20:06:45 UTC 
Confirm with Version: 25.2.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 1565181908a06dcdb8d97d6be8ff773acd1d05cb
CPU threads: 4; OS: Linux 6.8; UI render: default; VCL: gtk3
Locale: cs-CZ (cs_CZ.UTF-8); UI: en-US
Calc: threaded

Works in LO 7.3.7
Comment 3 raal 2024-08-23 20:14:08 UTC 
This seems to have begun at the below commit in bibisect repository/OS linux-64-24.2.
Adding Cc: to Xisco Fauli ; Could you possibly take a look at this one?
Thanks
 c454e07a8ea49fa370addac7af4723e9a324af19 is the first bad commit
commit c454e07a8ea49fa370addac7af4723e9a324af19
Author: Jenkins Build User <tdf@maggie.tdf>
Date:   Thu Feb 8 22:15:31 2024 +0100

    source f5f6db55a5938f37a1c136be904ad7f10a3438ef
163130: tdf#159483 sc HTML paste: handle data-sheets-value here, too | https://gerrit.libreoffice.org/c/core/+/163130
Comment 4 Rainer Bielefeld Retired 2024-08-25 17:12:22 UTC 
Only for the sake of Competeness
REPRODUCIBLE with Installation of Version: 24.2.3.2 (X86_64)
Build ID: 433d9c2ded56988e8a90e6b2e771ee4e6a5ab2ba
CPU threads: 12; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: de-DE (de_DE); UI: de-DE; Theme: Element
Calc: threaded – normal User  Profile created from 7.6  

LibO crashes immediately after step (2) in original issue report.
c1e030fd-714c-4d71-a9f5-41a8a7e11015.dmp

Still REPRODUCIBLE with Server Installation of Version: 25.2.0.0.alpha0+ (X86_64)
Build ID: d5143c058bfdc0f5674c3e0a88fae2f9cbe28a0a
CPU threads: 12; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: de-DE (de_DE); UI: en-US; Theme: Automatic Colibre
Calc: threaded 
Special User Test File for testing

Additional Info:
----------------
a) Safe mode does not heal the problem (tested with 25.2.0.0.alpha0+).
Comment 5 Xisco Faulí 2024-08-26 05:39:22 UTC 
(In reply to raal from comment #3)
> This seems to have begun at the below commit in bibisect repository/OS
> linux-64-24.2.
> Adding Cc: to Xisco Fauli ; Could you possibly take a look at this one?
> Thanks
>  c454e07a8ea49fa370addac7af4723e9a324af19 is the first bad commit
> commit c454e07a8ea49fa370addac7af4723e9a324af19
> Author: Jenkins Build User <tdf@maggie.tdf>
> Date:   Thu Feb 8 22:15:31 2024 +0100
> 
>     source f5f6db55a5938f37a1c136be904ad7f10a3438ef
> 163130: tdf#159483 sc HTML paste: handle data-sheets-value here, too |
> https://gerrit.libreoffice.org/c/core/+/163130

Hi raal,
Thanks for the bisection.
It points to a commit from Miklos Vajna. I just backported it to a release branch.
Comment 6 Henning 2024-08-26 16:06:59 UTC 
Here is a table of crashing ant non-crashing inputs: https://jsfiddle.net/bjy68Lc7

For some reason boost::property_tree::read_json seems to cause the uncaught exception in source/filter/html/htmlpars.cxx if you feed it an invalid json (1 and {} are valid json strings).
Comment 7 Miklos Vajna 2024-08-27 06:19:17 UTC 
Thanks for the report, I can reproduce this, let me see.
Comment 8 Commit Notification 2024-08-27 09:12:07 UTC 
Miklos Vajna committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/45c7bb44b4d76a387dbb0dc6b10e353440cb3923

tdf#162574 sc HTML paste: handle not well-formed json for td data-sheets-value

It will be available in 25.2.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 9 Commit Notification 2024-08-27 11:08:34 UTC 
Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-24-2":

https://git.libreoffice.org/core/commit/72e9fd3b5c6be43a6f717ab2b3385f5da85fc80e

tdf#162574 sc HTML paste: handle not well-formed json for td data-sheets-value

It will be available in 24.2.7.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 10 Commit Notification 2024-08-27 14:10:10 UTC 
Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-24-8":

https://git.libreoffice.org/core/commit/69c501b7d7d3df1c6dbc835a8d71b4e1077ec40d

tdf#162574 sc HTML paste: handle not well-formed json for td data-sheets-value

It will be available in 24.8.2.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 11 Commit Notification 2024-08-30 13:40:55 UTC 
Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-24-2-6":

https://git.libreoffice.org/core/commit/65f4e28493b9c7f831c137f30264b4ab5c4415eb

tdf#162574 sc HTML paste: handle not well-formed json for td data-sheets-value

It will be available in 24.2.6.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 12 Commit Notification 2024-09-06 10:41:09 UTC 
Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-24-8-1":

https://git.libreoffice.org/core/commit/ac45ff41b651a241e8a1a7642bbe6a597d2f4043

tdf#162574 sc HTML paste: handle not well-formed json for td data-sheets-value

It will be available in 24.8.1.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.