Bug 68372 - Crash when moving the ruler
Summary: Crash when moving the ruler
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
4.2.0.0.alpha0+ Master
Hardware: Other All
: high critical
Assignee: Caolán McNamara
URL:
Whiteboard: target:4.2.0
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-21 10:34 UTC by Emir Sarı
Modified: 2013-08-24 09:20 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:

Attachments
crash log (55.13 KB, application/vnd.oasis.opendocument.text)
2013-08-22 05:15 UTC, Emir Sarı 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Emir Sarı 2013-08-21 10:34:07 UTC 
Description: LibreOffice crashes while playing with the ruler. 

To reproduce: 
1. Open Writer,
2. Click on the ruler handle
3. Move the handle from 1 to 2, then to 3. 
4. Continue playing.
5. Crash.

Could not reproduce in Draw, so far only Writer.
Comment 1 Emir Sarı 2013-08-21 10:36:19 UTC 
Version: Version: 4.2.0.0.alpha0+
Build ID: 6c4bedffb98a33b202692b225fc250b858ff9f65
TinderBox: MacOSX-X86_64@43, Branch:master, Time: 2013-08-21_02:59:18
Comment 2 Julien Nabet 2013-08-21 19:49:36 UTC 
Emir: is it with a brand new LO profile?
If yes, could you try to retrieve some more info? (see https://wiki.documentfoundation.org/QA/BugReport/Debug_Information#Mac_OSX:_How_to_get_debug_information)
Comment 3 Emir Sarı 2013-08-22 05:15:12 UTC 
Created attachment 84423 [details]
crash log

Sorry, I forgot to add the crash report, attaching.
Comment 4 Julien Nabet 2013-08-22 05:22:40 UTC 
Thank you Emir for your feedback. What about the profile part?
Comment 5 Emir Sarı 2013-08-22 06:39:18 UTC 
(In reply to comment #4)
> Thank you Emir for your feedback. What about the profile part?

Oh, yes, it's a brand new profile. :)
Comment 6 Julien Nabet 2013-08-22 07:18:19 UTC 
Ok, since I don't have any more question for the moment, I put it back to Unconfirmed.
Comment 7 Thomas van der Meulen [retired] 2013-08-22 10:12:02 UTC 
I reproduce this bug. 

Versions it tested it on:
Version: 4.2.0.0.alpha0+
Build ID: 2d95a1bfd6e0adff791d9e381f0ec37470312522
TinderBox: MacOSX-X86_64@43, Branch:master, Time: 2013-08-20_06:09:11

Version: 4.2.0.0.alpha0+
Build ID: 6c4bedffb98a33b202692b225fc250b858ff9f65
TinderBox: MacOSX-X86_64@43, Branch:master, Time: 2013-08-21_02:59:18

Version: 4.2.0.0.alpha0+
Build ID: 9d87d1be6bec99a194cfbb68663c6de7144d65b0
TinderBox: MacOSX-X86@43, Branch:master, Time: 2013-08-22_04:28:46

All with a new user profile on mac osx 10.8.4 

I think that the Importance could be set higher.
Comment 8 Tomaz Vajngerl 2013-08-22 10:40:59 UTC 
Yes it also crashes for me on Linux, but not on Windows. I will take a look at this. It started crashing some time after my changes to the ruler so I don't think my changes are responsible. the problem propagates from SvxRuler::ApplyIndents() to SwTextShell::Execute so the problem is somewhere here.
Comment 9 Julien Nabet 2013-08-22 18:48:29 UTC 
Tomaz: On pc Debian x86-64 with master sources updated today, I reproduced the crash just by moving once the ruler handler.
If it can help, here are main lines of bt (with debug symbol):
Program received signal SIGSEGV, Segmentation fault.
0x00007f20cb1c3081 in rtl::OUString::getLength (this=0x3f4be58) at /home/julien/compile-libreoffice/libo/include/rtl/ustring.hxx:386
386	    sal_Int32 getLength() const SAL_THROW(()) { return pData->length; }
(gdb) bt
#0  0x00007f20cb1c3081 in rtl::OUString::getLength (this=0x3f4be58) at /home/julien/compile-libreoffice/libo/include/rtl/ustring.hxx:386
#1  0x00007f20cb1c30c8 in rtl::OUStringToOString (rUnicode=..., encoding=76, convertFlags=17766) at /home/julien/compile-libreoffice/libo/include/rtl/ustring.hxx:2359
#2  0x00007f20cbdd8b49 in SwTextShell::Execute (this=0x3c23bd0, rReq=...) at /home/julien/compile-libreoffice/libo/sw/source/ui/shells/textsh1.cxx:936
#3  0x00007f20cbdcdc27 in SfxStubSwTextShellExecute (pShell=0x3c23bd0, rReq=...) at /home/julien/compile-libreoffice/libo/workdir/unxlngx6/SdiTarget/sw/sdi/swslots.hxx:2787
#4  0x00007f20e766b454 in SfxShell::CallExec (this=0x3c23bd0, pFunc=0x7f20cbdcdc04 <SfxStubSwTextShellExecute(SfxShell*, SfxRequest&)>, rReq=...)
    at /home/julien/compile-libreoffice/libo/include/sfx2/shell.hxx:183
#5  0x00007f20e79b3fcc in SfxDispatcher::Call_Impl (this=0x35ec9b0, rShell=..., rSlot=..., rReq=..., bRecord=1 '\001')
    at /home/julien/compile-libreoffice/libo/sfx2/source/control/dispatch.cxx:243
#6  0x00007f20e79b693a in SfxDispatcher::_Execute (this=0x35ec9b0, rShell=..., rSlot=..., rReq=..., eCallMode=4)
    at /home/julien/compile-libreoffice/libo/sfx2/source/control/dispatch.cxx:924
#7  0x00007f20e79b7597 in SfxDispatcher::Execute (this=0x35ec9b0, nSlot=10043, eCall=4, pArg1=0x3f435b0)
    at /home/julien/compile-libreoffice/libo/sfx2/source/control/dispatch.cxx:1185
#8  0x00007f20c9b94552 in SvxRuler::ApplyIndents (this=0x361bd70) at /home/julien/compile-libreoffice/libo/svx/source/dialog/svxruler.cxx:2139
Comment 10 Tomaz Vajngerl 2013-08-22 19:38:00 UTC 
Thanks, this is helpful. Looks like commit [1] is the cause. I have added Caolán to cc as I am not sure how to fix this.

Regards, Tomaž

[1] http://cgit.freedesktop.org/libreoffice/core/commit/sw/source/ui/shells/textsh1.cxx?id=f41e7c704898fa0e86d6d128f5bd28f37c081e92
Comment 11 Julien Nabet 2013-08-22 20:00:24 UTC 
With the patch below, I don't reproduce the crash:
diff --git a/sw/source/ui/shells/textsh1.cxx b/sw/source/ui/shells/textsh1.cxx
index f700e96..143c57c 100644
--- a/sw/source/ui/shells/textsh1.cxx
+++ b/sw/source/ui/shells/textsh1.cxx
@@ -933,7 +933,7 @@ void SwTextShell::Execute(SfxRequest &rReq)
 
             OString sDefPage;
             if (pItem)
-                sDefPage = OUStringToOString(((const SfxStringItem*)pItem)->GetValue(), RTL_TEXTENCODING_UTF8);
+                sDefPage = OUStringToOString(OUString::number(((SfxUInt16Item*)pItem)->GetValue()), RTL_TEXTENCODING_UTF8);
 
             // Properties of numbering
             if( rWrtSh.GetDoc()->GetCurrNumRule( *pPaM->GetPoint() ) )

is this ok?
Comment 12 Tomaz Vajngerl 2013-08-22 20:53:58 UTC 
I don't think this is the solution. I think Caolán wanted to change the type from SfxUInt16Item to SfxStringItem when he was working on the dialog but he didn't change every usage (for example - from the ruler). 

So you generally revert this to original state with a twist - it will work again for the ruler but probably won't work anymore from the dialog. The solution IMHO is to change this in the ruler (SvxRuler) from SfxUInt16Item to SfxStringItem but I need to track down where.
Comment 13 Caolán McNamara 2013-08-23 08:27:57 UTC 
hmph!, looks to me that the types were always misaligned on this code path. A SvxLRSpaceItem in SvxRuler::ApplyIndents and SfxStringItem down here. But we were getting away with it. Looks like there's a simple fix, in that code path we don't actually show the dialog, so we don't need to find out the name of the page to show, i.e. move the query into the dialog-show block and let the code take the other non-dialog branch which has the special casing for LR_SPACE
Comment 14 Commit Notification 2013-08-23 08:58:41 UTC 
Caolan McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=73c24e114bbbeaf9e7320bde43f6f07bed01f25b

Resolves: fdo#68372 crash when moving the ruler



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 15 Tomaz Vajngerl 2013-08-23 09:06:00 UTC 
I see.. Thanks.
Comment 16 Emir Sarı 2013-08-24 09:20:25 UTC 
Verified fixed witn Version: 4.2.0.0.alpha0+
Build ID: e926621fb00f31471b0037d7955b6a3d7f908dc0
TinderBox: MacOSX-X86_64@43, Branch:master, Time: 2013-08-24_00:16:31