Bug 76099 - Segfault in ScColumn::GetNeededSize (probably related to Conditional Formats)
Summary: Segfault in ScColumn::GetNeededSize (probably related to Conditional Formats)
Status: RESOLVED DUPLICATE of bug 81867
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
(earliest affected) Master
Hardware: All Linux (All)
: medium major
Assignee: Not Assigned
Keywords: bibisected, regression
Depends on:
Reported: 2014-03-13 06:21 UTC by Jim Avera
Modified: 2015-12-15 11:03 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:

tickers.csv data file needed by the spreadsheet macros (4.64 KB, text/comma-separated-values)
2014-03-13 06:21 UTC, Jim Avera
crasher.ods - demos the crash (94.75 KB, application/vnd.oasis.opendocument.spreadsheet)
2014-03-13 06:22 UTC, Jim Avera
gdbtrace.log showing SEGFAULT traceback (26.79 KB, text/plain)
2014-03-13 06:22 UTC, Jim Avera

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Avera 2014-03-13 06:21:29 UTC
Created attachment 95686 [details]
tickers.csv data file needed by the spreadsheet macros

Attached is a .ods spreadsheet which uses Conditional Formats.  After recently using Conditional Format->Manage to tweak settings, I'm now getting random crashes (segfaults).  By "random" I mean it happens while executing my Basic macro code, but not always at the same place.

In fact, inserting "MsgBox" statements to narrow down the statement causing the crash makes the crash shift to somewhere else (i.e. I put in two MsgBox stmts and it crashed after the first but before the second; then reloaded and inserted additional MsgBox stmts inbetween, and now it runs past all of them and crashes somethere further on).

The "shifting" location of the crash implies memory corruption, e.g. buffer overrun which causes unrelated code to crash.

This can be reproduced at will (just can't nail down a particular Basic statement).   I will attach a gdb traceback and also a demo spreadsheet and a data file needed by the demo.


1. Download "crasher.ods" and "tickers.csv" files.  Place the tickers.csv file in /tmp (the path is hard-coded).

2. Open crasher.ods, with macros enabled, and press the dark-yellow "Fresh Load" button at the top.   It will crash immediately.  (This button runs the macro Standard.LoadCSV.Reoad_IB_CSV_file but as previouly noted, the location of the crash shifts when MsgBox statements are inserted)
Comment 1 Jim Avera 2014-03-13 06:22:17 UTC
Created attachment 95687 [details]
crasher.ods - demos the crash
Comment 2 Jim Avera 2014-03-13 06:22:57 UTC
Created attachment 95688 [details]
gdbtrace.log showing SEGFAULT traceback
Comment 3 Jim Avera 2014-03-25 21:27:54 UTC
Bug 76470 looked possibly related (it was a range-check abort), but turned out to not be the same problem.  I tried the latest 4.3alpha and 4.2 builds, which fix that other bug, but they both still segfault on this one.
Comment 4 Yousuf Philips (jay) (retired) 2014-06-03 02:50:19 UTC
Confirmed on Linux Mint 4.1 - 4.3 beta. Previously worked in 4.0.6.
Comment 5 Jim Avera 2014-06-04 17:45:24 UTC
Bug 78513 shows buffer-overruns detected by Valgrind.  No causal connection found yet, but it could easily cause random crashes.
Comment 6 Michael Meeks 2014-06-05 08:33:17 UTC
Thanks for the link to the other bug and the stack trace; it'd be great to get a valgrind trace of a build with debug symbols doing this ! =)
Comment 7 Joel Madero 2014-07-16 19:01:25 UTC
 d101b9946a6a04e65e3923038503436c790b7e12 is the first bad commit
commit d101b9946a6a04e65e3923038503436c790b7e12
Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
Date:   Sun Dec 9 11:37:59 2012 +0000

    commit 18e6e7d929c2be209407ed2e56b8ec4d5e6c4900
    Author:     Julien Nabet <serval2412@yahoo.fr>
    AuthorDate: Mon May 14 18:59:35 2012 +0200
    Commit:     Julien Nabet <serval2412@yahoo.fr>
    CommitDate: Mon May 14 19:01:02 2012 +0200
        WaE : XKeycodeToKeysym deprecated
        Replaced by XkbKeycodeToKeysym
        (cf http://nabble.documentfoundation.org/PATCH-Proposed-patch-for-XKeycodeToKeysym-deprecated-td3978158.html)
        Change-Id: Ide8331705369d0c38e72bfe693102625e62a87e1

:100644 100644 13e11be9938c5079b96e4eb4cd2b4acf2f9a3b05 5aa1dfc68ecb9ac57316a995424b2d3683cb4774 M	autogen.log
:100644 100644 20a85200f0d859066fecafde8cdef513d59724ec 72da0ea5e9ec1223cb456558a2e0254561faa98c M	ccache.log
:100644 100644 00d946c601c37d4463365a27a04dac440b0e86a4 5ef3324ce1c257155c9e095fdeb7d912b2681ae1 M	commitmsg
:100644 100644 ff02681e8cefd9f0b1a9b8f19c25a3e77944e88a 8b14489bddefe04fcfaecb0be901837505c64b67 M	dev-install.log
:100644 100644 151ff28cf8b64f65d7b206588dd3c4e18553adce 68ac6a90c73f1f7c8776a70772a40ae1ce41e13d M	make.log
:040000 040000 6bde6ac28b39c6b41b55491b1a6a9900d26e65c1 8b906c6863615fd1253b393b35b18a883201b310 M	opt

# bad: [423a84c4f7068853974887d98442bc2a2d0cc91b] source-hash-c15927f20d4727c3b8de68497b6949e72f9e6e9e
# good: [65fd30f5cb4cdd37995a33420ed8273c0a29bf00] source-hash-d6cde02dbce8c28c6af836e2dc1120f8a6ef9932
git bisect start 'latest' 'oldest'
# bad: [e02439a3d6297a1f5334fa558ddec5ef4212c574] source-hash-6b8393474974d2af7a2cb3c47b3d5c081b550bdb
git bisect bad e02439a3d6297a1f5334fa558ddec5ef4212c574
# bad: [8f4aeaad2f65d656328a451154142bb82efa4327] source-hash-1885266f274575327cdeee9852945a3e91f32f15
git bisect bad 8f4aeaad2f65d656328a451154142bb82efa4327
# good: [369369915d3582924b3d01c9b01167268ed38f3b] source-hash-45295f3cdceb4c289553791071b5d7f4962d2ec4
git bisect good 369369915d3582924b3d01c9b01167268ed38f3b
# bad: [6fce03a944bf50e90cd31e2d559fe8705ccc993e] source-hash-47e4a33a6405eb1b5186027f55bd9cb99b0c1fe7
git bisect bad 6fce03a944bf50e90cd31e2d559fe8705ccc993e
# good: [8a39227e344637eb7154a10ac825d211e64d584c] source-hash-f5080ebb7022c9f5d7d7fdca4fe9d19f9bb8cabf
git bisect good 8a39227e344637eb7154a10ac825d211e64d584c
# bad: [e4c742a9e244bd7ebeabc50c90182df28ac3daaf] source-hash-c52ba433491afbca70aa1977a624c795bdd5b9ef
git bisect bad e4c742a9e244bd7ebeabc50c90182df28ac3daaf
# good: [96a055e15ee7171a28888973a3c3a7307dd9867f] source-hash-9ca02a663c3eee2698eb360dd5dc7afb1951e743
git bisect good 96a055e15ee7171a28888973a3c3a7307dd9867f
# bad: [e87a0055deae2c9e25ae1d1a365cec8418b785ce] source-hash-67ff63988f3b8eef2cc2b5bdf917918b93c3f070
git bisect bad e87a0055deae2c9e25ae1d1a365cec8418b785ce
# bad: [5b4693bb72eca5e38e3f56d036bca425c9a21b37] source-hash-e3633f60b349022994e291aa3d1a0c90c3403b2e
git bisect bad 5b4693bb72eca5e38e3f56d036bca425c9a21b37
# bad: [d101b9946a6a04e65e3923038503436c790b7e12] source-hash-18e6e7d929c2be209407ed2e56b8ec4d5e6c4900
git bisect bad d101b9946a6a04e65e3923038503436c790b7e12
# first bad commit: [d101b9946a6a04e65e3923038503436c790b7e12] source-hash-18e6e7d929c2be209407ed2e56b8ec4d5e6c4900
Comment 8 Markus Mohrhard 2014-07-30 22:44:11 UTC
Might have been the same one as Bug 81867. This one should be fixed in 4.3.1 RC1 so please check if you can still reproduce it there.

It was a memory corruption issue and I doubt that I have many more in the conditional formatting code ;)
Comment 9 Kohei Yoshida 2014-09-22 12:37:32 UTC
Per Comment #8 (and that so far nobody has verified this independently) I'm marking this as duplicate.

*** This bug has been marked as a duplicate of bug 81867 ***
Comment 10 Robinson Tryon (qubit) 2015-12-15 11:03:04 UTC
Migrating Whiteboard tags to Keywords: (bibisected)