PC's configurations: 1. OS: Windows XP sp3 32-bit; Windows XP sp2 64-bit 2. Installed: MSVCR-2010x86 (ver.10.0.30319) and MSVCR-2012x86 (ver.11.0.60610) 3. LibreOffice: 4.2.0.1 (RC1) and 4.2.0.1.0+ (ID: 7f3bcb1e98cb3417594a5fd811babfc8067677f4, TinderBox: Win-x86@42, Time: 2013-12-27_10:53:34) -- Description: 1. Run the Start Center. 2. Program UI switched from full-screen mode to windowed mode. 3. Open multi-page text document (~50 pages; formats - doc, docx, rtf, odt). 4. Non-printing characters button sets formatting marks to visible. 5. Scroll through the pages quickly, using an input device: mouse wheel or keyboard key [down_arrow] or [page_down]. 6. Writer's UI crashes, but the 'soffice.bin' is working and sends error message box. -- Note: 1. The bug is confirmed on four computers running under Windows_XP_32\64-bit if both packages - MSVCR-2010 and MSVCR-2012 - installed in the operating system. 2. The GUI will work well if MSVCR-2012 package will be removed. -- This is regression to LibreOffice-4.1.5.0.0+, so I installed the critical status.
Created attachment 91252 [details] ODT file for example Sorry, crashes of Writer UI are continued without MSVCR-2012.
Created attachment 91263 [details] typescript: execution plus bt from SIGABRT Line numbers within the typescript: 4: run-time messages from LibreOffice 32: Signal 6, followed by stack dump from LibreOffice 162: backtrace from gdb from the core file Obviously, this is not exactly ape's crash, as: (a) it happened on Linux, (b) it happened after (several minutes after!) I tried to close the document, (c) the backtrace shows the debug version of the STL library. Still, here it is. This comes from master commit 480c7c2, fetched 2013-12-27 02:33 UTC, configured as: --enable-option-checking=fatal --enable-dbgutil --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src built and executing on debian wheezy.
Setting platform to All. This is subject to correction when it is determined whether my crash has the same cause as ape's crash.
(In reply to comment #3) > Setting platform to All. This is subject to correction when it is > determined whether my crash has the same cause as ape's crash. This is a different error: 1. According to messages on the forum (http://forumooo.ru/index.php/topic,3845.msg23562.html#msg23562), the error shows itself only in Windows XP. 2. Code base of programs LibO-4.2 and LibO-4.3 coincide in many respects. LibreOfficeDev-4.3.0.0 not contains the bug-fix of this problem, but LibO-4.3 works correctly. 3. I observe that the output display letters violated when scrolling through the pages of the document by the "down arrow" key. I do not see this problem when I use LibO-4.1 or LibO-4.3.
LibreOffice-4.1.4.2 works fine. But LibreOfficeDev_4.1.5.0.0+ (ID:050e42346bd2d7ce8ab454df400b48f52c2aeec; Win-x86_9-Voreppe; 2013-12-30_08.06.08) has this bug.
I checked, there is an error in this build: LibreOfficeDev 4.3.0.0.alpha0+ Build ID: e625d00439f725b01f3818859e95e431e6173d57 TinderBox: Win-x86@47-TDF, Branch:master, Time: 2014-01-03_00:43:24 There is no bug, the program works well. Maybe configuration PC Builder is the reason?
Terrence, if you know yourself that what you see is a different bug, why on earth do you then have to add information about it into the same bug report? That only makes the bug report less useful and reduces the likeliness that some developer will be able to understand what the bug report tries to describe. I wish there was a way to remove comments from bugzilla.
Could not reproduce with a fresh own build from the 4.2 branch on Windows 7 using just a lot of text in many paragraphs typed into a Writer document (and copy-pasted hundreds of times). Could not reproduce using the ODT file from comment #1 either. So whatever this bug was caused by, it might be fixed in 4.2. Can the original bug reporter (or somebody else, on *Windows*) reproduce it with the 4.2.0 RC1 build?
Another possibility is of course that the bug for some odd reason happens only on Windows XP. In that case it will be hard to convince developers to spend time on fixing it, I think. (But *note*, I am not somebody who would make any *decisions* about such, of course.)
(In reply to comment #9) > Another possibility is of course that the bug for some odd reason happens > only on Windows XP. Most likely, it is. But: 1. These programs work fine: - LibreOffice 4.1.4.2 win_x86 (Date: 2013-12-12) - LibreOfficeDev 4.2.0.0.beta2 (ID: 1a27be92e320f97c20d581a69ef1c8b99ea9885d) - LibreOfficeDev 4.3.0.0.alpha0+ (ID: e625d00439f725b01f3818859e95e431e6173d57, Win-x86@47-TDF, Time: 2014-01-03_00:43:24) 2. These programs are forcing Writer to fall: - LibreOffice 4.1.5.0.0+ (ID: 56381a9b28dbe4caf6e3d0a92dfddcddcebe349) - LibreOffice 4.2.0.1 (ID: 7bf567613a536ded11709b952950c9e8f7181a4a) 3. Regressions between: - LibO-4.1.4.2 and LibO-4.1.5.0.0+ - LibO-4.2.0.0.beta2 and LibO-4.2.0.1. 4. It possible that one of patches inputted this bug between of the 11th and 17th December into core-codes of LibreOfficeDev-4.1.5.0+ and LibreOfficeDev-4.2.0.0+. So I increased the error status to the "blocker".
@Tor: Sometimes I viewed pages of documents down and then up, before the error appeared. However, the error will appear much faster after that as this document will be restored by LibreOffice.
crash is reproducible on Windows7 too, with LO 4.2.0.2 release build (but not current master). on Linux i'm seeing valgrind "Invalid read" warning on current master with same backtrace as Windows crash. ==1831== Invalid read of size 4 ==1831== at 0x22119466: SwFntObj::DrawText(SwDrawTextInfo&) (fntcache.cxx:1576) ==1831== by 0x22156682: SwSubFont::_DrawText(SwDrawTextInfo&, unsigned char) (swfont.cxx:1213) ==1831== Address 0x2c44f650 is 4 bytes after a block of size 140 alloc'd ==1831== at 0x4A06F70: operator new[](unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1831== by 0x22118B8F: SwFntObj::DrawText(SwDrawTextInfo&) (fntcache.cxx:1447) ==1831== by 0x22156682: SwSubFont::_DrawText(SwDrawTextInfo&, unsigned char) (swfont.cxx:1213) [ and another one 8 bytes after follows ] looking at that stack it's clearly regression from: commit 02ce734450559c9353ca7f42b2519239220dd265 Author: Khaled Hosny <khaledhosny@eglug.org> AuthorDate: Sun Dec 8 22:30:28 2013 +0200 Commit: Caolán McNamara <caolanm@redhat.com> CommitDate: Mon Dec 9 09:01:00 2013 +0000 fdo#72488: Broken text when showing visible space Turning on showing nonprinting characters replaces the space with bullet character, but still draws the text with the original kern array, this works fine until there are ligatures involving the space character as the number of glyphs after replacing the space with the bullet will be different and the kern array will be completely off. This is a hack that gives up on replacing the space with a bullet when its width is zero, not sure if it would interfere with other legitimate uses.
Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=61ec8f086ba314b86c80a02b16072e88774abf6c fdo#73095: fix invalid access in SwFntObj::DrawText() The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
fixed on master
(In reply to comment #14) > fixed on master I changed the bug status to “reopened”, because the patch inputted only in Master-code (LibO-Dev 4.3.0).
ape please understand: no matter if the patch is only in master: if it’s fixed in master this bug is fixed. thanks.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=4b965b031e2196b39f20e28ce9d9fd40552753a5&h=libreoffice-4-1 fdo#73095: fix invalid access in SwFntObj::DrawText() It will be available in LibreOffice 4.1.6. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=7ed845ae5682fdafb3390df85144388e240ccb89&h=libreoffice-4-2 fdo#73095: fix invalid access in SwFntObj::DrawText() It will be available in LibreOffice 4.2.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
(In reply to comment #16) > ape please understand: no matter if the patch is only in master: if it’s > fixed in master this bug is fixed. > > thanks. @Foss: Please read paragraph 1 of my comment 10: LibreOfficeDev 4.3.0.0+ worked perfectly and did not do this error. Thanks, ape.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-2-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=417e1ac46542de0e6d9775ed43da07980eceafea&h=libreoffice-4-2-0 fdo#73095: fix invalid access in SwFntObj::DrawText() It will be available already in LibreOffice 4.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-1-5": http://cgit.freedesktop.org/libreoffice/core/commit/?id=cfcf7d267c5b3535c40b8394f53126b45a7898a4&h=libreoffice-4-1-5 fdo#73095: fix invalid access in SwFntObj::DrawText() It will be available already in LibreOffice 4.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.