If there is a cell reference such as "= R1C[-1]" (using R1C1 formula syntax), the convert to absolute reference (Shift + F4) crashes calc if the caret is at the end of the formula. (By "caret" I mean the blinking vertical bar, where text would appear if you typed) --== To reproduce ==-- Open Calc Select R1C1 Formula syntax (Tools -> Options -> LibreOffice Calc -> Formula -> Formula options -> Formula syntax -> Excel R1C1 -> OK) In row 1, column 1 (usually A1) enter the data: 1 In row 1, column 2 (usually B1) enter the data: 2 In row 2, column 1 (usually A2) enter the data: 3 In row 2, column 2 (usually B2) enter (without quotes) the formula: "= R1C[-1]" (accept data entry with ENTER) Select row2, column 2 (usually B2) and place caret at the end of the formula in the formula bar (to the right of the square bracket). Press "Shift + F4". Expected result: The reference changes to "= R[-1]C1" (without quotes) Actual result: Calc crashes (LibreOffice Document Recovery dialogue is opened). --== End of reproduction ==-- R1C1 reference conversion (absolute to/from relative) did not work properly in the 3.3.x branch. In 3.3.3 performing the above does not crash, but it does not convert the reference either (due to https://bugs.freedesktop.org/show_bug.cgi?id=36124) This seems to happen only with the relative to absolute conversion (not the other way around), and only when the caret is on the relative part (on or in the square brackets). I've tried a few different variations; it doesn't crash with all variations (though my test case seems reproducible). I do notice that when going from relative to absolute, the position of the caret is important. For instance, with the formula "= R[-1]C[-1]" the formula only converts correctly when the caret is placed directly before or after the letter "R", or when the whole reference is selected (highlighted in the formula bar). I'm marking this as "major" as it causes a crash. -- Running LibreOfficePortable 3.4.1 (as downloaded from portableapps.com) Windows 7 x64 Professional About: LibreOffice 3.4.1 OOO340m1 (Build:103)
NOT reproducible with "LibreOffice 3.4.1 - WIN7 Home Premium (64bit) German UI [OOO340m1 (Build:103)]". No crash, it's even impossible to get a reaction if the caret is in the formula. Sith a daily build based on Build:101 I can modify reference, but also no crash. I will try portable soon. @Reporter: please contribute information concerning your LibO localization, settings that might be related and attach a sample document.
Failed to reproduce on LibreOffice 3.4 340m1(Build:103) on OpenSuse Linux. Thanks for your clear steps and detailed comments. I followed them exactly and the absolute/relative reference worked fine for me. Cell B2 cycled through all of the relative points to reference A1, such as R1C[-1] or R[-1]C[-1]. There was no crash for me. It might be helpful to attach a backtrace of the crash on http://wiki.documentfoundation.org/BugReport "how to get backtrace."
@Stephan can you try with an official build from our download site? It might be related to some build problems with the portable build
Sorry for only getting back to you now. I just tried it with LibO 3.4.2 (as downloaded from the LibreOffice Downloads section) with the English (USA) user interface as well as locale setting (I've also tried it with other English interfaces and it does not seem to act any differenty) on Windows XP Professional SP 3. This is not the same computer as the original post. On the XP machine, it did not crash LibO at first, but it would not change the reference either. However, after fiddling around a little bit, I could get it to crash again. Unfortunately, I can't get it to consistently crash. Some of the variations I've tried include (in no particular order): 1. Type the formula with a space between the equal sign (=) and the reference, like this: "= R1C[-1]" 2. Type in the following sequence (do not press enter unless explicitly stated): first type "= r1c[]", then press left (the formula now looks like this "= r1c[]RC[-1]" with the last half still highlighted), then press F2 and then press backspace 6 times, then press left again, then type "-1" (the formula now looks like this "= R1C[-1]") and then press enter. Then click on the cell again, then click in the formula bar at the top (click at the end of the formula) and press shift+F4. By following the exact procedure as number 2. above, I *usually* get a crash (might only be after pressing shift+F4 a couple of times), but I can't say that it always produces a crash. Also note that even if it does not crash, the reference does not change either. --== Additional info on bug behaviour (when not crashing) ==-- I also noticed another detail to the bug. If the relative reference is negative (for instance R[-1]C[-1]), then the conversion doesn't work, i.e. pressing shift+F4 has no effect *unless*: - the caret is immediately before or after the "R" - if a section of the reference is highlighted (but it seems to depend on which section of the reference is highlighted). However, if the reference is positive (for instance R[1]C[2]) then the conversion works properly when the caret is: - before or after the "R" - before or after the "1" (the part within the first square brackets) but does *not* work properly when the caret is: - before or after the "C" - before or after the "2" (the part within the second square brackets) - at the end of the formula (after the last square bracket). --== End of additional info ==-- This behaviour seems rather erratic. If someone has a go at this bug, I hope the above info is useful in tracking it down. Sorry for the information overload. @Jeffrey I'm running Windows on the machines that I've mentioned. The instructions for getting a backtrace are for Linux only, so I can't supply it. But I do have a Linux machine as well. If I find the time, I'll poke around on there, but don't expect anything soon. @Rainer Bielefeld As stated at the beginning of this post, I've tested with different locales and user interfaces (although they were all variations of English). Specifically, I've tried English (USA) and English (UK). I can't think of any settings that might have an effect on this behaviour (except that LibO is set to the Excel R1C1 formula syntax). I suspect attaching a file will be useless, but I'll still do so. @markus.mohrhard@googlemail.com As stated at the beginning of the post, I've now tested it with an official Windows build as from the LibreOffice download page. -- Running LibreOffice 3.4.2 Windows XP Professional SP3 x32 About: LibreOffice 3.4.2 OOO340m1 (Build:203)
Created attachment 49927 [details] File as generated from original post Select row 2 column 2, click at end of formula (in formula bar), shift+F4 -> crash Not sure if it's a consistent crash though.
Just checked LibreOfficePortable 3.4.3 - still crashes. I will check on the regular (non-portable) version if/when I find time. -- Running LibreOfficePortable 3.4.3 (as from portableapps.com) Windows 7 Professional x64 About: LibreOffice 3.4.3 OOO340m1 (Build:302)
[This is an automated message.] This bug was filed before the changes to Bugzilla on 2011-10-16. Thus it started right out as NEW without ever being explicitly confirmed. The bug is changed to state NEEDINFO for this reason. To move this bug from NEEDINFO back to NEW please check if the bug still persists with the 3.5.0 beta1 or beta2 prereleases. Details on how to test the 3.5.0 beta1 can be found at: http://wiki.documentfoundation.org/QA/BugHunting_Session_3.5.0.-1 more detail on this bulk operation: http://nabble.documentfoundation.org/RFC-Operation-Spamzilla-tp3607474p3607474.html
needinfo keyword redundant by needinfo status.
Dear bug submitter! Due to the fact, that there are a lot of NEEDINFO bugs with no answer within the last six months, we close all of these bugs. To keep this message short, more infos are available @ https://wiki.documentfoundation.org/QA/NeedinfoClosure#Statement Thanks for understanding and hopefully updating your bug, so that everything is prepared for developers to fix your problem. Yours! Florian
I just followed the steps outlined in the original post. Once again, calc crashed. I'm not sure if this bug should be re-opened or a new bug report submitted. I must admit that I've been absent from the bugzilla for quite some time now. The system that I'm running now is completely different from the original post. -- Running LibreOffice 3.6.2.2 (as obtained from Ubuntu 12.10 repo) On Ubuntu 12.10 About: Version 3.6.2.2 (Build ID: 360m1(Build:2))
[Reproducible] with Server Installation of "LibreOffice 3.6.4.0+ English UI/ German Locale [Build-ID: be49b70],{tinderbox: Win-x86@9 pull time 2012-10-31 08:03:29} on German WIN7 Home Premium (64bit), User-Profile 3.6.4 dailies Also [Reproducible] with "LibreOffice 3.5.7.2 rc German UI/Locale [Build-ID: 3215f89-f603614-ab984f2-7348103-1225a5b] on German WIN7 Home Premium (64bit) : 1. Launch LibO 2. Open new Calc document using "New Spreadsheet" button 3. Menu 'Tools -> Options -> Calc -> Formula - Formula Options=EXCELR1C1' <ok> 4. Close document without saving. 5. Open Sample document from file menu 6. Single-) Click cell in Row 2 Column 2 "= R1C1" in formula pane 7. Click into formula pane 5mm right from visible formula > Caret flashes right from formula 8. <shift+f4>, then Click into formula pane 5mm right from visible formula 9. repeat step 8 several times. Mostly Calc will crash after few steps, but sometimes Conversion will stop or you will not get a crash, after 10x Step 8 close document without saving and restart from step 5 Same crash with 3.4.5 With 3.3 I did not see brackets in the formula pane and also no crash. Still [Reproducible] with parallel installation of Master "LOdev 3.7.0.0.alpha0+ - ENGLISH UI / German Locale [Build ID: af8098)]" {tinderbox: @16, pull time 2012-10-31 23:08:18} on German WIN7 Home Premium (64bit) with separate User Profile for Master Branch
Might be that the fix for "Bug 36124 - R1C1 absolute/relative reference conversion broken" is responsible for the crash? @Spreadsheet Team Please set Status to ASSIGNED and add yourself to "Assigned To" if you accept this Bug or forward the Bug if it's not your turf (and remove others in team from CC).
Created attachment 72007 [details] bt on master On pc Debian x86-64 with master sources updated today (commit bb97ecdbcc8d8dafd39e728b21bc68efee4eccbc), I reproduced the problem. I hadn't a crash on non debug LO session but hopefully, I had one easily with gdb.
Noticed this: ExpandToTextR1C1 (p=0x5ea36e8, nLen=9, rStartPos=@0x7fffb71e3304: 65535, rEndPos=@0x7fffb71e3300: 9) "65535" makes think we reach a type limit.
Yeah, the code clearly has two errors. I'll fix it right away.
Kohei Yoshida committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=6ed233b26222815f68dfc220cd1e692a11cd5af6 fdo#39135: Prevent integer overflow & update the character during loop. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Kohei Yoshida committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c94a51494ae4f8fd84be838709abba28a37cd0f5 fdo#39135: Add unit test for this. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Kohei Yoshida committed a patch related to this issue. It has been pushed to "libreoffice-4-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=232b93e7f0e0ca90b54fe96d2c1adc5766d6706c&h=libreoffice-4-0 fdo#39135: Prevent integer overflow & update the character during loop. It will be available in LibreOffice 4.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Now that the fix is in the 4.0.x branch, I'll mark this fixed.
Kohei Yoshida committed a patch related to this issue. It has been pushed to "libreoffice-3-6": http://cgit.freedesktop.org/libreoffice/core/commit/?id=03158229fdfda1003d072853610fbfbe433b8be9&h=libreoffice-3-6 fdo#39135: Prevent integer overflow & update the character during loop. It will be available in LibreOffice 3.6.6. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Just thought I would have a look at this bug again, even though it has been a long time. Comment 23 states in part "Affected users are encouraged to test the fix and report feedback." So here it is: I have followed my original "Steps to reproduce" and the bug does not occur. The testing I just did was not extensive, I only cycled through the references a few time (maybe 100 times) without a crash. I believe (mostly hope) this bug has finally been addressed. Thanks to whoever was involved (particularly Kohei Yoshida) for working on it. -- Running LibreOffice 4.1 on Ubuntu 13.10 About: Version: 4.1.2.3 Build ID: 410m0(Build:3)