Bug 40831 - Writer will crash when searching text with using regular expressions.
Summary: Writer will crash when searching text with using regular expressions.
Status: CLOSED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
3.4.3 release
Hardware: Other All
: medium normal
Assignee: Michael Stahl
QA Contact:
URL:
Whiteboard:
Keywords:
: 42201 42364 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-09-13 05:30 UTC by jun meguro
Modified: 2011-12-12 13:01 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:


Attachments
sample document. (12.03 KB, application/vnd.oasis.opendocument.text)
2011-09-13 05:30 UTC, jun meguro
Details
bigger better crashier bugdoc (8.65 KB, application/vnd.oasis.opendocument.text)
2011-11-18 14:01 UTC, Michael Stahl
Details

Note You need to log in before you can comment on or make changes to this bug.
Description jun meguro 2011-09-13 05:30:37 UTC
Created attachment 51114 [details]
sample document.

1.Open attached document.
2.Ctrl + Alt + F.
3.Set "Search for" as "$".
4.Set "Replace with" as "a" or some text.
5.Open "More Options"
6.Check "Reguler Expressions".
7.Push "Replace All"
8.Writer will crash.
Comment 1 vitriol 2011-09-13 05:34:16 UTC
Not reproducible on my system. LibO 3.4.3 under Win7 64 bit
Comment 2 jun meguro 2011-09-13 12:47:56 UTC
I found problem on Libo3.4.3-Ubuntu and LiboPortable3.4.2-Windows.
Comment 3 tester8 2011-09-20 11:43:00 UTC
NOT reproduced with

LO 3.4.3 OOO340m1 (Build:302)
Ubuntu 10.04.3 x86
Linux 2.6.32-33-generic Russian UI

What is your Ubuntu & Windows versions?
Comment 4 vitriol 2011-10-29 09:27:09 UTC
*** Bug 42364 has been marked as a duplicate of this bug. ***
Comment 5 vitriol 2011-10-29 09:27:58 UTC
*** Bug 42201 has been marked as a duplicate of this bug. ***
Comment 6 pierre-yves samyn 2011-10-29 10:01:32 UTC
(In reply to comment #1)
> Not reproducible on my system. LibO 3.4.3 under Win7 64 bit

Hello

According to tests conducted by members of fr-discuss list, the crash occurs more often using this procedure.

Steps to reproduce:
1. Create a new document 
2. Type A, then Enter (create a new paragraph)
3. Type B, then Enter (create a new paragraph)
4. Edit > Find & replace
5. Find : $
6. Replace with nothing
4. Check « Regular expressions »
5. Click “Replace all''


Reproduced (fr-discuss) with :
Windows XP pro & LibO 3.3.3
Windows XP pro & LibO 3.4.2
Windows XP pro & LibO 3.4.3
Windows XP family & LibO 3.4.3
Windows 7 64bits & LibO 3.4.3

Best regards
PYS
Comment 7 Jeff 2011-10-30 00:01:37 UTC
(In reply to comment #6)

Hello,


> Reproduced (fr-discuss) with :
> Windows XP pro & LibO 3.3.3
> Windows XP pro & LibO 3.4.2
> Windows XP pro & LibO 3.4.3
> Windows XP family & LibO 3.4.3
> Windows 7 64bits & LibO 3.4.3

Reproduced with Windows Vista SP2 and LibO 3.4.3

Regards
Comment 8 Jonas Heinrich 2011-11-13 04:40:44 UTC
I tried to replace a paragraph with spaces using regual expression and LibreOffice crashed! Really serious bug because I was unable to recover my document ...

I'm using libreoffice-writer 3.4.3-4 (x64 archlinux).
Comment 9 Jonas Heinrich 2011-11-14 02:06:06 UTC
bug still present in libreoffice 3.4.4:

[onny@eee ~]$ pacman -Q | grep libreoffice
libreoffice-base 3.4.4-3
libreoffice-common 3.4.4-3
libreoffice-de 3.4.4-1
libreoffice-draw 3.4.4-3
libreoffice-extension-pdfimport 3.4.4-3
libreoffice-writer 3.4.4-3

[onny@eee ~]$ uname -a
Linux eee 3.1.0-4-ARCH #1 SMP PREEMPT Mon Nov 7 22:47:18 CET 2011 x86_64 Intel(R) Atom(TM) CPU D525 @ 1.80GHz GenuineIntel GNU/Linux
Comment 10 Jean-Baptiste Faure 2011-11-14 12:24:51 UTC
After additional tests, I can reproduce the crash with LibO 3.4.4 under Ubuntu 10.04 x86_64. But there is a prerequisite: I need to do a search first before doing replace all.

No crash with the master, but the behavior is more strange: "replace all" replace in fact one paragraph mark of three ...
Tested on LibreOffice 3.5.0 Build ID: 8f8f59b-533e3c6-ca7e6f5-9125509-ce71330

Best regards. JBF
Comment 11 Michael Stahl 2011-11-18 14:01:19 UTC
Created attachment 53681 [details]
bigger better crashier bugdoc
Comment 12 Michael Stahl 2011-11-18 14:34:56 UTC
fixed on master:

my patch for OOo issue 102333 (which is similar to this) was not correct:
moving the cursor was not always required, but there are 2 ways how
paragraphs can be joined, and it is required for one of them, but not
the other, so removing it was wrong; fixed:

http://cgit.freedesktop.org/libreoffice/core/commit/?id=e0d4e6f22a4290a4b11a342fd59523b28963838c

the following commit makes the difference between crashing and not
crashing on master: fe40a2a43d1eaf03b3e2172a3f33d627dba6b633

reason seems to be that the assignment in RestoreSavePos actually
accesses the node by index and crashes, while SwPosition::operator=
calls SwNodeIndex::operato=(SwNodeIndex&) which does not access the node
by index... so that commit was not really wrong, it worked before only
by accident.

really the problem here is that we cannot store the position as a bunch
of integers or a non-relocatable SwPosition here where nodes may
actually be deleted; we need a cursor that is automatically corrected by
PamCorrAbs/Rel.

this is fixed by using SwUnoCrsr instead:
http://cgit.freedesktop.org/libreoffice/core/commit/?id=82a716f29cc252740c80556f72f9d9e602877918
Comment 13 Michael Stahl 2011-12-12 13:01:16 UTC
backported the fix to 3.4 branch, should be in 3.4.5:
f4fb39640571fd588299ecd603733eaf94e61605
4eec19b1d634b66580423eb995621f87b422a46a