Bug 90809 - Crash when editing a Thai document
Summary: Crash when editing a Thai document
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Linguistic (show other bugs)
Version:
(earliest affected)
4.4.2.2 release
Hardware: All Linux (All)
: highest critical
Assignee: Michael Stahl (allotropia)
URL:
Whiteboard: target:5.1.0 target:5.0.0.0.beta2 tar...
Keywords: bibisected, bisected, haveBacktrace, regression
Depends on:
Blocks: mab4.4
  Show dependency treegraph
 
Reported: 2015-04-23 10:47 UTC by quiveror
Modified: 2016-10-25 19:19 UTC (History)
8 users (show)

See Also:
Crash report or crash signature:


Attachments
The problem document (15.26 KB, application/vnd.oasis.opendocument.text)
2015-04-23 10:47 UTC, quiveror
Details
gdbtrace (3.67 KB, application/zip)
2015-04-23 14:52 UTC, raal
Details

Note You need to log in before you can comment on or make changes to this bug.
Description quiveror 2015-04-23 10:47:11 UTC
Created attachment 115029 [details]
The problem document

Please open the attachment then ctrl-end to go to the last character then press backspace. This will crash the Writer.
Comment 1 raal 2015-04-23 11:31:49 UTC
I can not reproduce with LO 4.4.2.2, win7
Comment 2 raal 2015-04-23 14:52:07 UTC
I can confirm with Version: 5.0.0.0.alpha1+
Build ID: badec7478035008f514e0976a94438fe2e32dc40
TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2015-04-22_01:28:24

LO 4.3.3

No crash with LibreOffice 3.5.0 Build ID: d6cde02  , regression
Comment 3 raal 2015-04-23 14:52:43 UTC
Created attachment 115036 [details]
gdbtrace
Comment 4 Joel Madero 2015-04-29 19:51:33 UTC
commit 7e1458eeba4fb40a796b1318a034410a97b6b24b
Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
Date:   Thu Oct 17 16:03:09 2013 +0000

    source-hash-926275d07184d441b3bfa1ceca26c4c1f2bc61db
    
    commit 926275d07184d441b3bfa1ceca26c4c1f2bc61db
    Author:     Tomaž Vajngerl <quikee@gmail.com>
    AuthorDate: Wed Jul 3 22:05:30 2013 +0200
    Commit:     Tomaž Vajngerl <quikee@gmail.com>
    CommitDate: Wed Jul 3 22:05:30 2013 +0200
    
        Compiler error fixes in PolynomialRegressionCurveCalculator
    
        Change-Id: Ie78e10fea0b798fae5ce2cee96798bcc65bbccbe

:100644 100644 01a521d81b05da62fc741f4064b361b8fc660907 66d8b904195e1d73dd269aa03bc111d2e66c9469 M	ccache.log
:100644 100644 8cac93c0ec3bcfc227282d1749f0cfdbd09d2f1b c69e50d0e426322517161edf3feff6f55ae114de M	commitmsg
:100644 100644 e4f1b8f0fa234364dce0bcb5cf8250b29f79554c a1de2224c5ad6b755aea158667df86c3ee2bbf88 M	dev-install.log
:100644 100644 fb93205802763858eb230d6dbff4d0a562b16671 cf5579f82b33e1dd85a0da6308b126647bd335d3 M	make.log
:040000 040000 d81597b06f640c259130c06a16e8b026acfc3867 27d70a3fd54fcc828456bf70a677f3652c744754 M	opt


# bad: [423a84c4f7068853974887d98442bc2a2d0cc91b] source-hash-c15927f20d4727c3b8de68497b6949e72f9e6e9e
# good: [65fd30f5cb4cdd37995a33420ed8273c0a29bf00] source-hash-d6cde02dbce8c28c6af836e2dc1120f8a6ef9932
git bisect start 'latest' 'oldest'
# good: [e02439a3d6297a1f5334fa558ddec5ef4212c574] source-hash-6b8393474974d2af7a2cb3c47b3d5c081b550bdb
git bisect good e02439a3d6297a1f5334fa558ddec5ef4212c574
# bad: [4850941efe43ae800be5c76e1102ab80ac2c085d] source-hash-980a6e552502f02f12c15bfb1c9f8e6269499f4b
git bisect bad 4850941efe43ae800be5c76e1102ab80ac2c085d
# skip: [a043626b542eb8314218d7439534dce2fc325304] source-hash-9379a922c07df3cdb7d567cc88dfaaa39ead3681
git bisect skip a043626b542eb8314218d7439534dce2fc325304
# skip: [aba65c3e4c0df07e4909aeefb758cdb688242bf6] source-hash-827524abfb4b577d08276fde40929a9adfb7ff1a
git bisect skip aba65c3e4c0df07e4909aeefb758cdb688242bf6
# skip: [aba65c3e4c0df07e4909aeefb758cdb688242bf6] source-hash-827524abfb4b577d08276fde40929a9adfb7ff1a
git bisect skip aba65c3e4c0df07e4909aeefb758cdb688242bf6
# bad: [c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31] source-hash-c69ed33628ec0b7abf6296539cf280d6c4265930
git bisect bad c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31
# bad: [c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31] source-hash-c69ed33628ec0b7abf6296539cf280d6c4265930
git bisect bad c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31
# bad: [1d4980621741d3050a5fe61b247c157d769988f2] source-hash-89d01a7d8028ddb765e02c116d202a2435894217
git bisect bad 1d4980621741d3050a5fe61b247c157d769988f2
# bad: [ba096f438393091574da98fe7b8e6b05182a8971] source-hash-8499e78ca03c792f4fa2650e02b519094ba0baa8
git bisect bad ba096f438393091574da98fe7b8e6b05182a8971
# good: [9daa289e178460daaafa4b3911031df5b8736218] source-hash-704292996a3731a61339b1a4a5c90c9403aa095f
git bisect good 9daa289e178460daaafa4b3911031df5b8736218
# bad: [34eab3946c46bb7273ba4ca395db9c4421dd232f] source-hash-e962805b31074d6b6a2ed0db6452769448337553
git bisect bad 34eab3946c46bb7273ba4ca395db9c4421dd232f
# bad: [7f958321368b190c941b23cc219d62d0420415af] source-hash-b3f41543851e9985c6c7ba133c32753c9bc732c1
git bisect bad 7f958321368b190c941b23cc219d62d0420415af
# bad: [7e1458eeba4fb40a796b1318a034410a97b6b24b] source-hash-926275d07184d441b3bfa1ceca26c4c1f2bc61db
git bisect bad 7e1458eeba4fb40a796b1318a034410a97b6b24b
# good: [bb5ad7a1787aa87f172ccc8ed1f5be8374184a8f] source-hash-6bf79576aeca243db553ed3b5eade492dc35337b
git bisect good bb5ad7a1787aa87f172ccc8ed1f5be8374184a8f
# good: [f558a584cdbd1eed10f886939a5cc2e86049b08c] source-hash-61db96daa87754af24355d7ac94ee0305f22ff87
git bisect good f558a584cdbd1eed10f886939a5cc2e86049b08c
# first bad commit: [7e1458eeba4fb40a796b1318a034410a97b6b24b] source-hash-926275d07184d441b3bfa1ceca26c4c1f2bc61db
Comment 5 Julien Nabet 2015-05-02 16:14:52 UTC
On pc Debian x86-64 with master sources updated today, I don't reproduce this.
Comment 6 Buovjaga 2015-05-02 16:49:18 UTC
Crashed.

5.0 said:
soffice.bin: malloc.c:3689: _int_malloc: Assertion `(unsigned long) (size) >= (unsigned long) (nb)' failed.

My master is not from today, though..

Ubuntu 15.04 64-bit 
Version: 4.4.2.2
Build ID: 40m0(Build:2)
Locale: en_US

Version: 5.0.0.0.alpha1+
Build ID: 0cd88d27ecd87c8c5791418bcac6ab1684ece74a
TinderBox: Linux-rpm_deb-x86_64@46-TDF-dbg, Branch:master, Time: 2015-04-30_00:38:48
Locale: en_US.UTF-8
Comment 7 Matthew Francis 2015-05-04 05:22:13 UTC
This seems to have begun at the below commit.

Adding Cc: to khaledhosny@eglug.org; Could you possibly take a look at this one? Thanks

commit 92ffe57f6bf40ec0f19e2abed24721137c569063
Author: Khaled Hosny <khaledhosny@eglug.org>
Date:   Sat Jun 15 14:24:21 2013 +0200

    Don't shrink text from fallback fonts
    
    This code is bogus in multiple ways:
    * It scales text based on ascent or descent, but this makes no sense
      as those control line height and nothing else, if one is to scale two
      different fonts to \u201cfit\u201d together, cap or x height would be more
      appropriate. This results in some text being ridiculously shrunk.
    * Not only that, but it is comparing apples to oranges; original font
      ascent/descent with the bounding box of the fallback glyphs, which
      results in different scale ratios depending on the shape of the glyphs
      at hand, which leads to all sorts of funny and irregular text.
    * Even worse, the PDF export is completely broken in this case; it uses
      the scaled down glyph widths but the unscaled font size, resulting in
      cramped unreadable text.
Comment 8 ⁨خالد حسني⁩ 2015-05-04 19:34:55 UTC
That commit is two years old, and I can’t reproduce the crash with my 4.3 installation nor with (a few months old) master build. The crash does not seem to be in a code affected by this commit.
Comment 9 Michael Stahl (allotropia) 2015-05-22 19:06:23 UTC
stack trace looks like a memory corruption

can reproduce valgrind and ASAN warnings on master

this is not a regression, the Thai break iterator was always doing this

fixed on master
Comment 10 Commit Notification 2015-05-22 19:07:37 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=9db629b8a1fa9b63bc320f8d47594ec82511a9c5

tdf#90809: i18npool: fix crash in Thai break iterator

It will be available in 5.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 11 Commit Notification 2015-05-22 19:10:01 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-5-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=7f49a466e85b5f5866e6af28d84ed06697e49d20&h=libreoffice-5-0

tdf#90809: i18npool: fix crash in Thai break iterator

It will be available in 5.0.0.0.beta2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 12 Commit Notification 2015-05-25 14:53:36 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-4-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=668e6353f4597b81ebfd153b6197831dac50d398&h=libreoffice-4-4

tdf#90809: i18npool: fix crash in Thai break iterator

It will be available in 4.4.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 13 Robinson Tryon (qubit) 2015-12-17 08:58:57 UTC Comment hidden (obsolete)