Bug 69862 - EDITING "Select All" crashes Writer when the document contains a footnote and starts with a table
Summary: EDITING "Select All" crashes Writer when the document contains a footnote and...
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
4.2.0.0.alpha0+ Master
Hardware: Other All
: medium critical
Assignee: Miklos Vajna
URL:
Whiteboard: target:4.2.0
Keywords: regression
Depends on:
Blocks:
 
Reported: 2013-09-26 21:29 UTC by Stephan van den Akker
Modified: 2013-10-01 13:08 UTC (History)
6 users (show)

See Also:
Crash report or crash signature:

Attachments
example file with a footnote (22.45 KB, application/vnd.oasis.opendocument.text)
2013-09-27 05:44 UTC, Jean-Baptiste Faure 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan van den Akker 2013-09-26 21:29:54 UTC 
1 Create table at start of the document
2 Add a footnote to the document
3 Press Ctrl-A

Expected result:
Everything in the document is selected

Actual result:
Writer crashes.

gdb output at the moment of the crash:
warn:legacy.osl:8968:1:sw/source/core/layout/trvlfrm.cxx:2493: <SwRootFrm::CalcFrmRects(..)> - no content frame. This is a serious defect -> please inform OD

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2aaac0bc5700 (LWP 9849)]
0x00002aaaf182ffb0 in BigPtrEntry::GetPos (this=0x0) at /home/stephan/Software/libreoffice/core/sw/inc/bparr.hxx:109
109         assert(this == pBlock->pData[ nOffset ]); // element not in the block

(gdb) backtrace
#0  0x00002aaaf182ffb0 in BigPtrEntry::GetPos (this=0x0) at /home/stephan/Software/libreoffice/core/sw/inc/bparr.hxx:109
#1  0x00002aaaf183004e in SwNode::GetIndex (this=0x0) at /home/stephan/Software/libreoffice/core/sw/inc/node.hxx:279
#2  0x00002aaaf1b01024 in SwEditShell::_CopySelToDoc (this=0x1d262e0, pInsDoc=0x21c35b0, pSttNd=0x0) at /home/stephan/Software/libreoffice/core/sw/source/core/edit/edglss.cxx:240
#3  0x00002aaaf1b57293 in SwFEShell::Copy (this=0x1d262e0, pClpDoc=0x21c35b0, pNewClpTxt=0x0) at /home/stephan/Software/libreoffice/core/sw/source/core/frmedt/fecopy.cxx:219
#4  0x00002aaaf213c514 in (anonymous namespace)::lclOverWriteDoc (rSrcWrtShell=..., rDest=...) at /home/stephan/Software/libreoffice/core/sw/source/ui/dochdl/swdtflvr.cxx:373
#5  0x00002aaaf213c9f1 in SwTransferable::GetData (this=0x2169db0, rFlavor=...) at /home/stephan/Software/libreoffice/core/sw/source/ui/dochdl/swdtflvr.cxx:438
#6  0x00002aaaae69fde6 in TransferableHelper::getTransferData (this=0x2169db0, rFlavor=...) at /home/stephan/Software/libreoffice/core/svtools/source/misc/transfer.cxx:361
#7  0x00002aaabce7e204 in x11::SelectionManager::convertData (this=0x1427570, xTransferable=..., nType=364, nSelection=1, rFormat=@0x2aaac0bc482c: 8, rData=...)
    at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:668
#8  0x00002aaabce81d23 in x11::SelectionManager::sendData (this=0x1427570, pAdaptor=0x17b1070, requestor=50331684, target=364, property=305, selection=1)
    at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:1535
#9  0x00002aaabce82761 in x11::SelectionManager::handleSelectionRequest (this=0x1427570, rRequest=...) at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:1763
#10 0x00002aaabce89ac8 in x11::SelectionManager::handleXEvent (this=0x1427570, rEvent=...) at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:3644
#11 0x00002aaabce89d85 in x11::SelectionManager::dispatchEvent (this=0x1427570, millisec=-1) at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:3723
#12 0x00002aaabce89f0e in x11::SelectionManager::run (pThis=0x1427570) at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:3752
#13 0x00002aaabce7b52c in call_SelectionManager_run (pMgr=0x1427570) at /home/stephan/Software/libreoffice/core/vcl/unx/generic/dtrans/X11_selection.cxx:91
#14 0x00002aaaaaceac4b in osl_thread_start_Impl (pData=0x143ed30) at /home/stephan/Software/libreoffice/core/sal/osl/unx/thread.c:251
#15 0x00002aaaab61fe0f in start_thread (arg=0x2aaac0bc5700) at pthread_create.c:308
#16 0x00002aaaab3537dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Crash occurs on openSuSE 12.3 (64-bit) in MASTER:
Version: 4.2.0.0.alpha0+ (Build ID: 81202ae7487b139cb473ff85634003b36d67e8c4)
Version: 4.2.0.0.alpha0+ (Build ID: d3c70e68c652bbdeeaea20200e003b6c5f92a62f)

Crash does not occur in the standard openSuSE 12.3 LO:
Version 4.0:build-305 (Build ID: 400m0(Build:305))

@vmiklos: I suspect your recent "Select All" patch triggered this crashing.
Comment 1 Jean-Baptiste Faure 2013-09-27 05:44:34 UTC 
Created attachment 86706 [details]
example file with a footnote

I do not reproduce the crash with Version: 4.2.0.0.alpha0+ Build ID: 20b9f53e9681aa1a4e3a257a417aae0c4eb03f7d under Ubuntu 13.04 x86-64

In my case (with the attached file) ctrl+A select only the footnote.

Best regards. JBF
Comment 2 Stephan van den Akker 2013-09-27 06:08:28 UTC 
The test file in attachment 86706 [details] causes a crash in my LOdev.
Comment 3 retired 2013-09-27 07:54:36 UTC 
Hi Stephan,

so I open your test document and press cmd + a.

On OS X 10.8.5, LO 4.1.2.2 this does not cause a crash. Neither in Version: 4.2.0.0.alpha0+
Build ID: f4d3954fc6106b3ae0ee16ab0fcde15d8cb945e3

So maybe Linux only?
Comment 4 Stephan van den Akker 2013-09-27 09:25:35 UTC 
@FOSS: Thanks for testing. Could be linux only. Maybe someone can try in a daily build under Windows?

Crash is reproducible on a different system with openSuSE 11.4 (64-bit):
Build ID: 751e238c78247bec81c1c7c50bc4758b1faea151
Build ID: 4547d8c42e5b0bb456ac02fbea67059a8a1cadd7
Build ID: bcfb5f0e9b659d16b72fe0add599dd8ec1a7c098 (pulled 27 September)
Comment 5 Jean-Baptiste Faure 2013-09-27 10:16:08 UTC 
(In reply to comment #4)
> @FOSS: Thanks for testing. Could be linux only. 

Surely not, because I did my tests on Ubuntu 13.04 x86-64. But perhaps OpenSuse only ;-)

Best regards. JBF
Comment 6 Julien Nabet 2013-09-27 18:39:57 UTC 
On pc Debian x86-64 with master sources updated today, no crash but this trace on console:
warn:legacy.osl:11607:1:sw/source/core/layout/trvlfrm.cxx:2482: <SwRootFrm::CalcFrmRects(..)> - no content frame. This is a serious defect -> please inform OD
Comment 7 Arnaud Versini 2013-09-27 21:47:00 UTC 
No crash but a weird behavior, Ctrl + a select only the first case of the table.
Comment 8 Arnaud Versini 2013-09-27 21:48:00 UTC 
Oops, forgoten to say that the cursor was in the paragraph after the table, not in the table !
Comment 9 Stephan van den Akker 2013-09-28 08:48:21 UTC 
Tested attachment 86706 [details] on Ubuntu 12.04 (32-bit) with:
Version: 4.2.0.0.alpha0+
Build ID: 981b73c98576ea297cf8244c1cbe1ece783e5ca9

Result: 
No crash. Same unwanted behaviour as described in comment #1 and comment #6.

Observation:
After removing the footnote from attachment 86706 [details]
- the warnings dissapear
- Ctrl-A selects the whole document

Conclusion:
A footnote exposes a bug in the Select All patch of vmiklos.
This bug results in a crash on openSuSE systems.
Comment 10 Miklos Vajna 2013-09-30 09:04:14 UTC 
I can't see the crash, either. (Tried with a dbgutil on master, and with the backported patch to -4-1, which is a product build.)

OTOH yes, indeed only the footnote gets selected, I'll fix that.
Comment 11 Commit Notification 2013-09-30 10:37:54 UTC 
Miklos Vajna committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=959711f1276106b0aaee69ab660f1b0d3ece5bbc

fdo#69862 SwCrsrShell::ExtendedSelectAll: don't always select footnotes



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 12 Miklos Vajna 2013-09-30 10:44:24 UTC 
Fixed in master, marking as resolved (no backport, regression is master-only).

BTW, just by reading the backtrace in the description, it seems that the problem there is 1) we detect that the doc starts with a table 2) the first paragraph of the selection is still not in a table. The above commit should fix that problem as well, even if I wasn't able to reproduce it.
Comment 13 Stephan van den Akker 2013-09-30 13:03:56 UTC 
Confirmed fixed on openSuSE 11.4 (64-bit) in LOdev:
Version: 4.2.0.0.alpha0+
Build ID: e5c370e53d8701d863d231c26ce8e5c46385e5eb

But this still doesn't work on my real world documents. After some more study the problem is reproducible by:

1 - Add a header of footer to attachment 86706 [details]
2 - Return to the main text
3 - Ctrl-A (Select All)

Expected behaviour: The whole document is selected

Actual behaviour: The content of the header or footer is selected, then Crash.

make debugrun output:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2aaabda4e700 (LWP 23749)]
SwEditShell::_CopySelToDoc (this=0x14fc740, pInsDoc=0x2a26d30, pSttNd=0x0)
    at /home/data/stephan/libreoffice-master/core/sw/source/core/edit/edglss.cxx:240
240                         aPaM.Start()->nNode = aPaM.Start()->nNode.GetNode().FindTableNode()->GetIndex();

Looks to me like the same or similar problem. 

@vmiklos: New bug report or reopen this one?
Comment 14 Miklos Vajna 2013-09-30 14:57:00 UTC 
Stephan, please open a new one, mentioning that the new problem is triggered when you also have headers/footers.

An out of the box reproducer document makes my life easier. :-)

Thanks!
Comment 15 Stephan van den Akker 2013-10-01 13:08:25 UTC 
New bug report (with reproducer document):

https://bugs.freedesktop.org/show_bug.cgi?id=69979
EDITING "Select All" crashes Writer when the document contains a header or footer and starts with a table