63161 – EDITING: calc crash with some cell input containing digits and space in locales with space group separator

Bug 63161 - EDITING: calc crash with some cell input containing digits and space in locales with space group separator

Summary: EDITING: calc crash with some cell input containing digits and space in local...

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Calc (show other bugs)
Version: (earliest affected)	4.1.0.0.alpha0+ Master
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium normal
Assignee:	Eike Rathke

URL:
Whiteboard:	target:4.1.0 target:4.0.3
Keywords:	regression

Depends on:
Blocks:

Reported:	2013-04-05 12:15 UTC by Laurent Godard
Modified:	2013-04-05 15:32 UTC (History)
CC List:	0 users

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Laurent Godard 2013-04-05 12:15:59 UTC

in a cell, enter 379 741 507 00014
(with the spaces)

--> crash withe the following bt

Program received signal SIGABRT, Aborted.
0x00007ffff6d73475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64    ../nptl/sysdeps/unix/sysv/linux/raise.c: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  0x00007ffff6d73475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff6d766f0 in *__GI_abort () at abort.c:92
#2  0x00007ffff6d6c621 in *__GI___assert_fail (assertion=0x7ffff4ca8e08 "index >= 0 && index <= getLength()", file=<optimized out>, line=478, function=
    0x7ffff4ca8e40 "sal_Unicode rtl::OUString::operator[](sal_Int32) const") at assert.c:81
#3  0x00007ffff4c15f3f in rtl::OUString::operator[] (this=0x22c3848, index=2)
    at /home/lgodard/projets/libreoffice/build/git/master/core/solver/unxlngx6.pro/inc/rtl/ustring.hxx:478
#4  0x00007ffff4c4e989 in ImpSvNumberInputScan::StringContains (rWhat="/", rString=" ", nPos=2)
    at /home/lgodard/projets/libreoffice/build/git/master/core/svl/source/numbers/zforfind.hxx:222
#5  0x00007ffff4c4eb60 in ImpSvNumberInputScan::SkipString (rWhat="/", rString=" ", nPos=@0x7fffffff5814: 2)
    at /home/lgodard/projets/libreoffice/build/git/master/core/svl/source/numbers/zforfind.cxx:503
#6  0x00007ffff4c49421 in ImpSvNumberInputScan::ScanMidString (this=0x22c37e0, rString=" ", nStringPos=1, pFormat=0x22de5f0)
    at /home/lgodard/projets/libreoffice/build/git/master/core/svl/source/numbers/zforfind.cxx:2273
#7  0x00007ffff4c4b341 in ImpSvNumberInputScan::IsNumberFormatMain (this=0x22c37e0, rString="379 741 507 00014", pFormat=0x22de5f0)
    at /home/lgodard/projets/libreoffice/build/git/master/core/svl/source/numbers/zforfind.cxx:3070
#8  0x00007ffff4c4c8d6 in ImpSvNumberInputScan::IsNumberFormat (this=0x22c37e0, rString="379 741 507 00014", F_Type=@0x7fffffff5b7e: 16,
    fOutNumber=@0x7fffffff5d00: 1.1198174936119322e-315, pFormat=0x22de5f0) at /home/lgodard/projets/libreoffice/build/git/master/core/svl/source/numbers/zforfind.cxx:3358
#9  0x00007ffff4c53024 in SvNumberFormatter::IsNumberFormat (this=0x22c3500, sString="379 741 507 00014", F_Index=@0x7fffffff5d1c: 0,
    fOutNumber=@0x7fffffff5d00: 1.1198174936119322e-315) at /home/lgodard/projets/libreoffice/build/git/master/core/svl/source/numbers/zforlist.cxx:1114
#10 0x00007fffc6b73709 in ScColumn::SetString (this=0x7fffd1d9d010, nRow=1, nTabP=0, rString="379 741 507 00014", eConv=formula::FormulaGrammar::CONV_OOO, pParam=
    0x7fffffff61d0) at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/core/data/column3.cxx:1419
#11 0x00007fffc6d2a455 in ScTable::SetString (this=0x7fffd1d9d010, nCol=0, nRow=1, nTabP=0, rString="379 741 507 00014", pParam=0x7fffffff61d0)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/core/data/table2.cxx:1332
#12 0x00007fffc6bf3c1c in ScDocument::SetString (this=0x1e859f0, nCol=0, nRow=1, nTab=0, rString="379 741 507 00014", pParam=0x7fffffff61d0)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/core/data/document.cxx:2953
#13 0x00007fffc6bf3cbf in ScDocument::SetString (this=0x1e859f0, rPos=..., rString="379 741 507 00014", pParam=0x7fffffff61d0)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/core/data/document.cxx:2961
#14 0x00007fffc6f29a72 in ScXMLTableRowCellContext::PutTextCell (this=0x23d9950, rCurrentPos=..., nCurrentCol=0, pOUText=empty boost::optional)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/filter/xml/xmlcelli.cxx:1041
#15 0x00007fffc6f2a15d in ScXMLTableRowCellContext::AddTextAndValueCell (this=0x23d9950, rCellPos=..., pOUText=empty boost::optional, rCurrentPos=...)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/filter/xml/xmlcelli.cxx:1158
#16 0x00007fffc6f2a645 in ScXMLTableRowCellContext::AddNonFormulaCell (this=0x23d9950, rCellPos=...)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/filter/xml/xmlcelli.cxx:1280
#17 0x00007fffc6f2b6da in ScXMLTableRowCellContext::EndElement (this=0x23d9950)
    at /home/lgodard/projets/libreoffice/build/git/master/core/sc/source/filter/xml/xmlcelli.cxx:1452
#18 0x00007fffd4b88fb5 in SvXMLImport::endElement (this=0x2318d10) at /home/lgodard/projets/libreoffice/build/git/master/core/xmloff/source/core/xmlimp.cxx:756
#19 0x00007fffdb1d546d in sax_expatwrap::SaxExpatParser_Impl::callbackEndElement (pvThis=0x21f98e0, pwName=0x23d98c0 "table:table-cell")
    at /home/lgodard/projets/libreoffice/build/git/master/core/sax/source/expatwrap/sax_expat.cxx:839
#20 0x00007fffdb1d30b4 in sax_expatwrap::call_callbackEndElement (userData=0x21f98e0, name=0x23d98c0 "table:table-cell")
    at /home/lgodard/projets/libreoffice/build/git/master/core/sax/source/expatwrap/sax_expat.cxx:319
#21 0x00007fffdb1e6268 in doContent (parser=0x2340c10, startTagLevel=0, enc=0x7fffdb420460, s=
    0x23dfdc4 "</table:table-cell>\n    </table:table-row>\n </table:table>\n   <table:table table:name=\"Feuille2\" table:style-name=\"ta1\">\n    <table:table-column table:style-name=\"co2\" table:default-cell-style-name="..., end=0x23e01c5 'f' <repeats 200 times>..., nextPtr=0x2340c40, haveMore=1 '\001')

Comment 1 Eike Rathke 2013-04-05 12:17:31 UTC

Taking.

Comment 2 Laurent Godard 2013-04-05 12:20:39 UTC

french locale with spaces as group (thousand) separator

Comment 3 Commit Notification 2013-04-05 12:58:43 UTC

Eike Rathke committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d526e48912deeb44061ff570d715c31ca45f77b8

resolved fdo#63161 out of bounds string access



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Comment 4 Eike Rathke 2013-04-05 13:01:56 UTC

Change pending review for 4-0 as https://gerrit.libreoffice.org/3211

Comment 5 Commit Notification 2013-04-05 13:31:13 UTC

Eike Rathke committed a patch related to this issue.
It has been pushed to "libreoffice-4-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ec1c30d34d9c9445ab6e22e280a9868cf910a3bc&h=libreoffice-4-0

resolved fdo#63161 out of bounds string access


It will be available in LibreOffice 4.0.3.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.