Bug Hunting Session
Bug 81867 - FORMATTING: Calc crash when using conditional formatting
Summary: FORMATTING: Calc crash when using conditional formatting
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
4.3.0.3 rc
Hardware: x86-64 (AMD64) Linux (All)
: medium critical
Assignee: Markus Mohrhard
URL:
Whiteboard: target:4.3.1 target:4.4.0
Keywords: haveBacktrace
: 76099 82792 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-07-29 09:29 UTC by Marina Latini (CIB)
Modified: 2014-09-22 12:37 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:


Attachments
backtrace GtkSalFrame::signalVisibility (9.17 KB, text/plain)
2014-07-29 09:30 UTC, Marina Latini (CIB)
Details
backtrace BitmapReadAccess::SetPixelFor_8BIT_PAL (11.88 KB, text/plain)
2014-07-29 09:31 UTC, Marina Latini (CIB)
Details
backtrace rtl_uString_release () (7.07 KB, text/plain)
2014-07-29 09:32 UTC, Marina Latini (CIB)
Details
test ods document (20.16 KB, application/vnd.oasis.opendocument.spreadsheet)
2014-07-29 09:39 UTC, Marina Latini (CIB)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marina Latini (CIB) 2014-07-29 09:29:15 UTC
Calc crash when you try to use the conditional formatting.

I'm sorry but I can't submit a clear step by step procedure to reproduce the crash.
The problem occurs when you try to format the cell using the conditional formatting.

In my case, I was using the condition "formula is MOD(ROW(A1);2)=1" and "formula is MOD(ROW(A1);2)=0" for obtain an automatic alternation of two colored backgrounds for the cells.

The crash occur when you manage an existing conditional formatting or when you try to add a new one.

1) start LibreOffice Calc
2) Format -> Conditional Formatting -> Condition...
3) Select the condition "formula is" and type the condition "MOD(ROW(A1);2)=1"
4) Select a style to apply
5) Click Add
6) Insert a second condition "formula is" and type the condition "MOD(ROW(A1);2)=0"
7) Click Add
8) Repeat the steps 3,4 for the other columns using a different style.

Try to add or manage the conditional formatting using Format -> Conditional Formatting -> Condition... or Format -> Conditional Formatting -> Manage... and repeat it 3 or 4 times.

I can provide 3 different segfault related to:

0x00007ffff7bab620 in rtl_uString_release ()
   from /home/deneb/LibO_Test/LibreOffice_4.3.0.3_Linux_x86-64_deb/DEBS/opt/libreoffice4.3/program/../ure-link/lib/libuno_sal.so.3

0x00007ffff2fb09c3 in BitmapReadAccess::SetPixelFor_8BIT_PAL(unsigned char*, long, BitmapColor const&, ColorMask const&) ()
   from /home/deneb/LibO_Test/LibreOffice_4.3.0.3_Linux_x86-64_deb/DEBS/opt/libreoffice4.3/program/libvcllo.so

0x00007fffe7c85983 in GtkSalFrame::signalVisibility(_GtkWidget*, _GdkEventVisibility*, void*) ()
   from /home/deneb/LibO_Test/LibreOffice_4.3.0.3_Linux_x86-64_deb/DEBS/opt/libreoffice4.3/program/libvclplug_gtklo.so
Comment 1 Marina Latini (CIB) 2014-07-29 09:30:23 UTC
Created attachment 103632 [details]
backtrace GtkSalFrame::signalVisibility

Backtrace of GtkSalFrame::signalVisibility segfault
Comment 2 Marina Latini (CIB) 2014-07-29 09:31:50 UTC
Created attachment 103633 [details]
backtrace BitmapReadAccess::SetPixelFor_8BIT_PAL

Backtrace for BitmapReadAccess::SetPixelFor_8BIT_PAL
Comment 3 Marina Latini (CIB) 2014-07-29 09:32:40 UTC
Created attachment 103634 [details]
backtrace rtl_uString_release ()

backtrace for rtl_uString_release ()
Comment 4 Marina Latini (CIB) 2014-07-29 09:35:54 UTC
The crashes occur on LibreOffice
* Version: 4.3.0.3
* Build ID: 08ebe52789a201dd7d38ef653ef7a48925e7f9f7
* OS: Ubuntu 14.04 x86_64 with a fresh user profile
* Italian langpack and helppack
Comment 5 Marina Latini (CIB) 2014-07-29 09:39:24 UTC
Created attachment 103635 [details]
test ods document

test ods document with conditional formatting
Comment 6 tommy27 2014-07-29 11:01:32 UTC
@Markus
would you please take a look at this report?
Comment 7 raal 2014-07-30 13:52:51 UTC
Reproducible with Version: 4.4.0.0.alpha0+
Build ID: 7d06a0601ddccc50185ea97fddcdf2ea39299096
TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2014-07-28_06:17:50
Comment 8 Markus Mohrhard 2014-07-30 21:03:43 UTC
It is an invalid memory access that has been introduced during the conversion to UI format.

I know where the wrong pointer is coming from.
Comment 9 Commit Notification 2014-07-30 21:44:59 UTC
Markus Mohrhard committed a patch related to this issue.
It has been pushed to "libreoffice-4-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=29803d51fe6db96d2a98475c059cd56f36e0da6b&h=libreoffice-4-3

the dialog hierarchy changed iwith the ui format, fdo#81867


It will be available in LibreOffice 4.3.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 10 Commit Notification 2014-07-30 21:45:13 UTC
Markus Mohrhard committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=fe5463fb7bc740bfec5d2eb7408b8ff3624d8c31

the dialog hierarchy changed iwith the ui format, fdo#81867



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 11 tommy27 2014-07-31 01:58:56 UTC
thanks Markus, I knew you were "the man" to call to fix this :-)
Comment 12 Markus Mohrhard 2014-08-30 21:56:55 UTC
*** Bug 82792 has been marked as a duplicate of this bug. ***
Comment 13 Kohei Yoshida 2014-09-22 12:37:32 UTC
*** Bug 76099 has been marked as a duplicate of this bug. ***