Bug 88967 - Draw crashes during insertion of specific string
Summary: Draw crashes during insertion of specific string
Status: RESOLVED DUPLICATE of bug 67601
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Draw (show other bugs)
(earliest affected) Master
Hardware: Other Windows (All)
: medium normal
Assignee: Not Assigned
Depends on:
Reported: 2015-01-31 07:24 UTC by vvort
Modified: 2015-02-01 10:56 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:

Problematic string (164 bytes, text/plain)
2015-01-31 07:24 UTC, vvort
Screenshot (220.56 KB, image/png)
2015-01-31 07:25 UTC, vvort
Simplified string (8 bytes, text/plain)
2015-02-01 08:05 UTC, vvort

Note You need to log in before you can comment on or make changes to this bug.
Description vvort 2015-01-31 07:24:21 UTC
Created attachment 112978 [details]
Problematic string

Steps to reproduce:
1. Copy contents of 'crash_string.txt'.
2. Open Draw.
3. Create text box.
4. Paste previously copied text.


Microsoft Visual C++ Runtime Library
Assertion failed!
Program: ...ojects\libreoffice-build\instdir\program\vcllo.dll
File: E:/_Projects/libreoffice-core/vcl/win/s.../winlayout.cxx
Line: 1239
Expression: mnSubStringMin <= rVisualItem.mnEndCharPos
Comment 1 vvort 2015-01-31 07:25:10 UTC
Created attachment 112979 [details]
Comment 2 Julien Nabet 2015-01-31 08:15:30 UTC
On pc Debian x86-64 with master sources updated 2 days ago, I don't reproduce this.
Windows only bug?
Comment 3 vvort 2015-01-31 08:40:11 UTC
Yes, you are right.
Actually, this can be understood looking at the file name:
Comment 4 Buovjaga 2015-01-31 14:29:40 UTC
Could not reproduce.

Win 7 Pro 64-bit Version:
Build ID: 309574394bd4ae3e9e10e5ff0d64bdd7bbbc8b83
TinderBox: Win-x86@62-TDF, Branch:MASTER, Time: 2015-01-29_23:44:46
Comment 5 raal 2015-02-01 07:01:17 UTC
I can not confirm with Version:
Build ID: 20deac4903fc0697477e855feeff482b3da234f9
TinderBox: Win-x86@42, Branch:master, Time: 2015-01-29_23:02:41
Locale: cs_CZ

I tried copy string from notepad and internet explorer.
Comment 6 vvort 2015-02-01 08:05:09 UTC
Created attachment 113014 [details]
Simplified string

Here is the simplified version of the problematic string.
It consists of three characters: U+05DD, U+006F, U+05EA.
Now on my test systems (Win7 x64 SP1, Win10 x64 9926) it crashes even LO.Writer.
Comment 7 vvort 2015-02-01 08:48:22 UTC
Please recheck with this link:
Looks like different tinderboxes produces different results.
Comment 8 Buovjaga 2015-02-01 10:56:39 UTC
Yep, reproduced with

Build ID: 4b9a9ce8a0e5e0716dad9a9ec87d16237e534dc2
TinderBox: Win-x86@39, Branch:master, Time: 2015-01-31_09:49:44

But this is a dupe.

*** This bug has been marked as a duplicate of bug 67601 ***