Bug 58473 - crash in transliteration ...
Summary: crash in transliteration ...
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
4.0.0.0.beta1
Hardware: Other All
: medium blocker
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-18 17:33 UTC by Michael Meeks
Modified: 2012-12-18 17:53 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Meeks 2012-12-18 17:33:38 UTC 
It seems we over-optimised rtl_uString_alloc - which needs to always-alloc, and not return a ref-counted pointer to the const/static internal empty string (to avoid problems). People that alloc strings can usually cope with that.

proximate problem:

#0  com::sun::star::i18n::Transliteration_body::transliterate (this=0x9a6c250, inStr="", startPos=0, nCount=0, offset=empty uno::Sequence)
    at /ssd/opt/libreoffice/master/i18npool/source/transliteration/transliteration_body.cxx:144
#1  0xb1b59a55 in com::sun::star::i18n::TransliterationImpl::transliterate (this=0x9b67ff8, inStr="", startPos=0, nCount=0, 
    offset=empty uno::Sequence) at /ssd/opt/libreoffice/master/i18npool/source/transliteration/transliterationImpl.cxx:315
#2  0xae1269f4 in TextSearch::searchForward (this=0x9b958c8, searchStr="", startPos=0, endPos=0)
    at /ssd/opt/libreoffice/master/i18npool/source/search/textsearch.cxx:200
#3  0xb6f9dfba in utl::TextSearch::SearchFrwrd (this=0x9c3a450, rStr="", pStart=0xbfffd4ce, pEnde=0xbfffd4d0, pRes=0xbfffd514)
    at /ssd/opt/libreoffice/master/unotools/source/i18n/textsearch.cxx:223
#4  0xb0bfff8f in ScTable::SearchCell (this=0x8a9e550, rSearchItem=..., nCol=0, nRow=1, rMark=..., rUndoStr="", pUndoDoc=0x0)
    at /ssd/opt/libreoffice/master/sc/source/core/data/table6.cxx:114
#5  0xb0c009ae in ScTable::Search (this=0x8a9e550, rSearchItem=..., rCol=@0xbfffd5da: 0, rRow=@0xbfffd5dc: 0, rMark=..., rUndoStr="", pUndoDoc=
    0x0) at /ssd/opt/libreoffice/master/sc/source/core/data/table6.cxx:393

142	            }
143	        }
144	        out[j] = 0;
145	
146	        return OUString( pStr, SAL_NO_ACQUIRE );

writing the terminating zero.
Comment 1 Michael Meeks 2012-12-18 17:41:42 UTC 
rtl_uString_alloc's docs also needed adjusting to match rtl_string_alloc's - normally the std::bad_alloc would be thrown in the C++ wrapper, potentially that might need adding ?

about to commit a fix.
Comment 2 Not Assigned 2012-12-18 17:46:47 UTC 
Michael Meeks committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=09123760860f99756d37b70557d83f707fda6b17

fdo#58473 - fix transliteration crasher caused by writing const string.



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 3 Michael Meeks 2012-12-18 17:53:29 UTC 
fixed (I hope). Of course we could be more efficient in transliteration and not allocate empty strings we don't need but ... ;-)