Created attachment 97443 [details] Test file LibreOffice crash while doing consolidate (LO 4.2.3.3 in Ubuntu 12.04 x86) Steps to reproduce: 1. Open attachment: Consolidate-test.xls 2. Select any empty cell, eg. cell D1 3. Tab: Data > Consolidate 4. Source data ranges: $Sheet1.$A$1:$B$7 5. Click 'Add' so that ranges appear in "Consolidation ranges" 6. Click 'Options' > check 'Row labels' > click OK After some testing, I notice that consolidate won't crash if we only select ranges A2:B6. But if we select A1:B6 or A2:B7, crash happens. Patterns in column A: I. AB_X , AB_XX , AB_XXX (all ranges prefixes with same 2 characters) -> no crash II. Mix pattern I with A_X and/or ABC_X (combined ranges with 1,2,3 characters prefix) -> crash This issue not happen with: - LO 4.0.6.2 Win7 x86 - LO 4.0.4.2 Kubuntu 12.04 x86 Note: Same result with ODS and XLSX
I do not reproduce with Version: 4.2.3.3 Build ID: 882f8a0a489bc99a9e60c7905a60226254cb6ff0 Ubuntu 13.10. Consolidation works as expected with your file - Sophie
Strange.. I tried to reset & use default user profile, also did system update, but same result.
Removing libreoffice-gtk & libreoffice-gnome makes no difference. Any suggestions ?
On pc Debian x86-64 with master sources updated today, I've got a freeze (and not a crash, except if you must wait more than 30 seconds). Idem with 4.2 sources updated some days ago.
Created attachment 97482 [details] bt with symbols
bt => I put it at NEW
Created attachment 97483 [details] valgrind trace
Kohei/Markus/Eike: one for you? (bt + Valgrind trace included)
Looking at Valgrind trace, I noticed this part void lcl_AddString<unsigned long>(rtl::OUString*&, unsigned long&, rtl::OUString const&) (consoli.cxx:80) which appears several times. 72 template< typename T > 73 static void lcl_AddString( OUString*& pData, T& nCount, const OUString& rInsert ) 74 { 75 OUString* pOldData = pData; 76 pData = new OUString[ nCount+1 ]; 77 if (pOldData) 78 { 79 memcpy( pData, pOldData, nCount * sizeof(OUString) ); 80 delete[] pOldData; 81 } 82 pData[nCount] = rInsert; 83 ++nCount; 84 } (see http://opengrok.libreoffice.org/xref/core/sc/source/core/tool/consoli.cxx#72) I noticed this other lcl_AddString here: http://opengrok.libreoffice.org/xref/core/svtools/source/config/extcolorcfg.cxx#238 Of course, this one doesn't use template but anyway, the first method is called at 3 places with the same type (SCSIZE), see http://opengrok.libreoffice.org/search?q=lcl_AddString&project=core&defs=&refs=&path=&hist= Should the first one removed so the second one only would be used?
Hi.. Any good news in 4.2 ? I just checked with LO 4.1.5.3 & Ubuntu 12.04 x86, no crash/freeze.
There's a memory corruption in the array of OUString handling. This hits sooner or later depending on memory layout and use. Taking over. (In reply to comment #9) > I noticed this other lcl_AddString here: > [...] > Should the first one removed so the second one only would be used? No, they are different (and local/static to different source files). The consoli.cxx one is supposed to append a string to an array of strings, the extcolorcfg.cxx one appends a string to each string element of a sequence of strings.
Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e891afeccba8f20f8bdaeacb20f2215cfcb1abfd resolve fdo#77509 memory corruption / crash in Consolidate The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Pending review for 4-2 at https://gerrit.libreoffice.org/9282
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=948728a4159a8ba74ecc663373d31f1840fed9ac&h=libreoffice-4-2 resolve fdo#77509 memory corruption / crash in Consolidate It will be available in LibreOffice 4.2.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Wow..thanks Eike for responding quickly & for the fix :)
Thanks Eike, Verified with: Win7x64Ultimate Version: 4.2.5.0.0+ Build ID: 948728a4159a8ba74ecc663373d31f1840fed9ac TinderBox: Win-x86@42, Branch:libreoffice-4-2, Time: 2014-05-09_01:06:23 Version: 4.3.0.0.alpha1+ Build ID: e9b2787c2ece4c8260fbac6359257e1829c917d4 TinderBox: Win-x86@39, Branch:master, Time: 2014-05-09_06:36:37 I was having the issue with an own file that seems solved now.
Zdeněk Crhonek committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=288878045e54651ffe96e5faa879ab3bbabf9510 uitest for bug tdf#77509 It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.