Bug Hunting Session
Bug 92160 - Calc crash : bad allocation on Find & Replace
Summary: Calc crash : bad allocation on Find & Replace
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
4.1.0.4 release
Hardware: All All
: high critical
Assignee: Not Assigned
URL:
Whiteboard: target:5.3.0 target:5.2.4
Keywords: bibisected, regression
Depends on:
Blocks: Find-Search
  Show dependency treegraph
 
Reported: 2015-06-18 15:50 UTC by jm
Modified: 2016-12-22 05:48 UTC (History)
10 users (show)

See Also:
Crash report or crash signature:


Attachments
large file with leading space in columns (1.00 MB, application/vnd.oasis.opendocument.spreadsheet)
2015-06-18 15:50 UTC, jm
Details
screen-shot with find box filled (59.70 KB, image/gif)
2015-07-31 07:51 UTC, jm
Details
gdbtrace.log (31.80 KB, text/plain)
2015-08-31 15:07 UTC, Timur
Details
WinDBG output (12.14 KB, text/plain)
2015-09-01 11:56 UTC, Timur
Details
valgrind log (76.52 KB, application/zip)
2015-09-02 09:13 UTC, Timur
Details
debug with LO 5.2alpha0 (11.76 KB, text/plain)
2016-03-24 16:41 UTC, Timur
Details

Note You need to log in before you can comment on or make changes to this bug.
Description jm 2015-06-18 15:50:11 UTC
Created attachment 116628 [details]
large file with leading space in columns

Hello,

I used the french version of lo, so my wording may be not exact.

I need to remove the leading space inside this file 

So i use the CTRL/H (find & replace) 
in find : "  *$" without "
in replace : nothing (left empty)
open other options, select regular expression
hit replace all

and after a few moment i got a popup window with "bad allocation" and Calc is crashed, and the file need to be recovered.

If i select only a few columns sometime its ok seems to depend on the number of changes.
Comment 1 raal 2015-06-19 07:35:00 UTC
I can reproduce crash with LO 4.4.3, win7
Comment 2 Timur 2015-06-19 08:37:31 UTC
Looks like regression, didn't hang in 4.0.5.
Reproduced also in 5.0 beta 3 but not in master~2015-06-16_07.04.09_LibreOfficeDev_5.1.0.0.alpha1_Win_x86.
So, whatever changed, should be backported to 4.4 and 5.0.
Comment 3 Terrence Enger 2015-06-19 23:32:33 UTC
With dbgutil bibisect version 2015-06-19, which of course runs on
Linux, the indicated replacement ran about half an hour, during which
time the virtual memory allocated to soffice.bin grew to more than
11GB.  Then LibreOffice simply quit.

11GB is about the sum of my RAM plus swap space, so even without the
reporter's error message, I am setting O/S = All.
Comment 4 Marek Dolezel 2015-07-30 23:13:23 UTC
Can you please post screen-shot with find box filled? I am not sure if i understand that " *$" without " correctly.

Thanks
Comment 5 jm 2015-07-31 07:51:10 UTC
Created attachment 117556 [details]
screen-shot with find box filled
Comment 6 Michael Weghorn 2015-08-15 11:05:48 UTC
I bibisected this bug on Debian Jessie using the bibisect-43all repository.
Before bibisecting, I limited the amount of available memory using the command "ulimit -Sv 3000000".

There are 2 "steps" in which the behaviour changes from being OK (search and replace finishes) to "crash".

1) application hangs for a very long time (infinitely?) and does not react any more, but does not crash, the amount of memory used seems to remain constant after some time
2) crash due to bad allocation

first commit where the application hangs: [83a62c1c1e8e259144e489d9a1f42611eba063c3] source-hash-022c54742e7997bf46a608f1ab0b500f2537f7f5
first commit where the application crashes: [da4ad98ef394c644bb0aa80161ff599330862e7c] source-hash-570fe620e9d573cfc9fc260e6518563c6a6c1a3c

The detailed bibisect results are below.

----------

bibisect result for "crash" ("hang" considered as good):

da4ad98ef394c644bb0aa80161ff599330862e7c is the first bad commit
commit da4ad98ef394c644bb0aa80161ff599330862e7c
Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
Date:   Thu Oct 17 19:23:14 2013 +0000

    source-hash-570fe620e9d573cfc9fc260e6518563c6a6c1a3c
    
    commit 570fe620e9d573cfc9fc260e6518563c6a6c1a3c
    Author:     Stephan Bergmann <sbergman@redhat.com>
    AuthorDate: Wed Jul 24 09:31:41 2013 +0200
    Commit:     Stephan Bergmann <sbergman@redhat.com>
    CommitDate: Wed Jul 24 09:31:41 2013 +0200
    
        Keep passing XComponentContext into officecfg:: wrapper fns, where available
    
        Change-Id: I10448edd04c6c7e7f03c539bf85aba4e00c7e311

:100644 100644 d4197fbc8076054b77cfb7c6daccbaef3a07b471 59f4adcea92e0e0973176750fb770506c85f24b7 M	autogen.log
:100644 100644 5d355f4aa08496286f3179dabdf19a5a74798d00 88ba6862fe738a0310ba706546ab52ab6d35bb50 M	ccache.log
:100644 100644 dd1c28d6eca33820a174c351dd396abd5c7e07e8 191b1e373284bcf823929c6f65e7a824c8ccfb02 M	commitmsg
:100644 100644 8bbc92e1cdf5703e61a7d0b7b13f53d3f6969c69 84ff52ee125b1b4f03b34c9b07d5e55947899cdb M	dev-install.log
:100644 100644 57ecc496b83888705cbd62221128892c9dde7fde 0d7d592ac09c717e3836f6287f6edf0e05bad6b0 M	make.log
:040000 040000 74dd0918665f15297668258400238c4d06c65a40 d165a641190b516218263ac8bc3750d6b32146a6 M	opt


$ git bisect log
# bad: [423a84c4f7068853974887d98442bc2a2d0cc91b] source-hash-c15927f20d4727c3b8de68497b6949e72f9e6e9e
# good: [65fd30f5cb4cdd37995a33420ed8273c0a29bf00] source-hash-d6cde02dbce8c28c6af836e2dc1120f8a6ef9932
git bisect start 'latest' 'oldest'
# good: [e02439a3d6297a1f5334fa558ddec5ef4212c574] source-hash-6b8393474974d2af7a2cb3c47b3d5c081b550bdb
git bisect good e02439a3d6297a1f5334fa558ddec5ef4212c574
# bad: [4850941efe43ae800be5c76e1102ab80ac2c085d] source-hash-980a6e552502f02f12c15bfb1c9f8e6269499f4b
git bisect bad 4850941efe43ae800be5c76e1102ab80ac2c085d
# skip: [a043626b542eb8314218d7439534dce2fc325304] source-hash-9379a922c07df3cdb7d567cc88dfaaa39ead3681
git bisect skip a043626b542eb8314218d7439534dce2fc325304
# skip: [aba65c3e4c0df07e4909aeefb758cdb688242bf6] source-hash-827524abfb4b577d08276fde40929a9adfb7ff1a
git bisect skip aba65c3e4c0df07e4909aeefb758cdb688242bf6
# bad: [c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31] source-hash-c69ed33628ec0b7abf6296539cf280d6c4265930
git bisect bad c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31
# bad: [c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31] source-hash-c69ed33628ec0b7abf6296539cf280d6c4265930
git bisect bad c81a8a0dcfc1ed095a80e4485c89dd0fcaf73f31
# bad: [1d4980621741d3050a5fe61b247c157d769988f2] source-hash-89d01a7d8028ddb765e02c116d202a2435894217
git bisect bad 1d4980621741d3050a5fe61b247c157d769988f2
# bad: [ba096f438393091574da98fe7b8e6b05182a8971] source-hash-8499e78ca03c792f4fa2650e02b519094ba0baa8
git bisect bad ba096f438393091574da98fe7b8e6b05182a8971
# skip: [9daa289e178460daaafa4b3911031df5b8736218] source-hash-704292996a3731a61339b1a4a5c90c9403aa095f
git bisect skip 9daa289e178460daaafa4b3911031df5b8736218
# good: [9daa289e178460daaafa4b3911031df5b8736218] source-hash-704292996a3731a61339b1a4a5c90c9403aa095f
git bisect good 9daa289e178460daaafa4b3911031df5b8736218
# good: [34eab3946c46bb7273ba4ca395db9c4421dd232f] source-hash-e962805b31074d6b6a2ed0db6452769448337553
git bisect good 34eab3946c46bb7273ba4ca395db9c4421dd232f
# good: [a8577b9049e085140768f97f7d4ff555a8a447cb] source-hash-98ded3e42011b060368899018c07cbd32e7993f1
git bisect good a8577b9049e085140768f97f7d4ff555a8a447cb
# bad: [da4ad98ef394c644bb0aa80161ff599330862e7c] source-hash-570fe620e9d573cfc9fc260e6518563c6a6c1a3c
git bisect bad da4ad98ef394c644bb0aa80161ff599330862e7c
# good: [b5e6283a204221f3f9f830c2b3b75c195f8a51bc] source-hash-f4546b72702dbe30505594a8307dd402e81a0303
git bisect good b5e6283a204221f3f9f830c2b3b75c195f8a51bc
# first bad commit: [da4ad98ef394c644bb0aa80161ff599330862e7c] source-hash-570fe620e9d573cfc9fc260e6518563c6a6c1a3c


------

bibisect result for "hang":


83a62c1c1e8e259144e489d9a1f42611eba063c3 is the first bad commit
commit 83a62c1c1e8e259144e489d9a1f42611eba063c3
Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
Date:   Thu Oct 17 14:30:14 2013 +0000

    source-hash-022c54742e7997bf46a608f1ab0b500f2537f7f5
    
    commit 022c54742e7997bf46a608f1ab0b500f2537f7f5
    Author:     Tor Lillqvist <tml@iki.fi>
    AuthorDate: Tue Jun 25 07:19:41 2013 +0300
    Commit:     Tor Lillqvist <tml@iki.fi>
    CommitDate: Tue Jun 25 07:19:41 2013 +0300
    
        WaE: private field 'mrCells' is not used
    
        Change-Id: I0ab3fabb82c839f5194b0e20eb834dd86635a609

:100644 100644 4b10c5c8ddbedca0971e0839a8acc603792a447c 483b58760a06de929b32eafde25a67466c622502 M	ccache.log
:100644 100644 54c63dd94c275598f317bb54ddfdd27aaad5d8a1 fcfaf4eddaf5f8c7a66f90a052cbf2c7473cdc9b M	commitmsg
:100644 100644 e607019f9ceabe4513be6de63f5724c67ece57f9 3e023e83e964fd4b90d7bdf45eab489c7382956c M	dev-install.log
:100644 100644 2d16d57e331ca5fab2ec46ad12fe030528c544bb 47ead046b9af75e2384d8d8f51767edfa54d5dc8 M	make.log
:040000 040000 3aaab4081e7400904dc31731c74182db7e18493c 82a20807f2d069e8294cfa6e30778214a869a341 M	opt


$ git bisect log
# bad: [9daa289e178460daaafa4b3911031df5b8736218] source-hash-704292996a3731a61339b1a4a5c90c9403aa095f
# good: [e02439a3d6297a1f5334fa558ddec5ef4212c574] source-hash-6b8393474974d2af7a2cb3c47b3d5c081b550bdb
git bisect start '9daa289e178460daaafa4b3911031df5b8736218' 'e02439a3d6297a1f5334fa558ddec5ef4212c574'
# good: [69bf614869471f46413fe1d2af5976b2e6d85084] source-hash-76dea8b2db906156e77f78738a68f932a15afd4b
git bisect good 69bf614869471f46413fe1d2af5976b2e6d85084
# good: [502c05c771cd993b237febc2d8a20140fe589488] source-hash-462df4920ef50032c8f99a9db2ca34c9cc928657
git bisect good 502c05c771cd993b237febc2d8a20140fe589488
# bad: [83a62c1c1e8e259144e489d9a1f42611eba063c3] source-hash-022c54742e7997bf46a608f1ab0b500f2537f7f5
git bisect bad 83a62c1c1e8e259144e489d9a1f42611eba063c3
# good: [7d878017eaa2fc1d2eab72689a5e453622d474a2] source-hash-b139f6fedfcf3cbed0eadeb007e2155b576413d2
git bisect good 7d878017eaa2fc1d2eab72689a5e453622d474a2
# first bad commit: [83a62c1c1e8e259144e489d9a1f42611eba063c3] source-hash-022c54742e7997bf46a608f1ab0b500f2537f7f5
Comment 7 Timur 2015-08-17 08:52:37 UTC
(In reply to Timur from comment #2)
> Not reproduced also in 5.0 beta 3 in master~2015-06-16_07.04.09_LODev_5.1.0.0.
I don't know how it happened, but please disregard, it can be reproduced with master.

(In reply to Michael Weghorn from comment #6)
> I bibisected this bug on Debian Jessie using the bibisect-43all repository.
Adding Cc: to sbergman@redhat.com and tml@iki.fi. Please take a look. Thanks
Comment 8 Stephan Bergmann 2015-08-17 14:52:30 UTC
(In reply to Michael Weghorn from comment #6)
> first commit where the application hangs:
> [83a62c1c1e8e259144e489d9a1f42611eba063c3]
> source-hash-022c54742e7997bf46a608f1ab0b500f2537f7f5
> first commit where the application crashes:
> [da4ad98ef394c644bb0aa80161ff599330862e7c]
> source-hash-570fe620e9d573cfc9fc260e6518563c6a6c1a3c

So the first core commit where the application hangs could be any of

> $ git log --oneline b139f6fedfcf3cbed0eadeb007e2155b576413d2^..022c54742e7997bf46a608f1ab0b500f2537f7f5
> 022c547 WaE: private field 'mrCells' is not used
> ab86388 WaE: private field 'mbDateTime' is not used
> a31cea1 WaE: implicit conversion of NULL constant to 'bool'
> 88d9535 WaE: private field 'mrAttrs' is not used
> 3c87f57 WaE: unused variable 'itEnd'
> 337225b Replace more characters functions with rtl/character.hxx
> 126827b fdo#43460 framework,i18npool,accessibility: use isEmpty()
> 51daa4d fdo#43460 sd,rsc,ucb,sdext: use isEmpty()
> 7b69292 Temporarily disable failing tests. Will look into it later.
> 4c99a42 Fix incorrect merge.
> ec0080c Turn off column storage debugging.
> 4347e3b Adjusted the patch against mdds 0.9.0.
> bb7d5ce These patches are in the upstream.
> 878f4672 Update internal mdds to 0.9.0.
> 21a1bce Use position objects for more efficient element value lookups.
> 2c92a92 Prevent crash during on-line spell checking.
> cf02151 Fix my wrong logic in row info iteration.
> e639e30 Make them officially non-copyable.
> b139123 A little more cleanup.
> 359f33c Rename parameter names for consistency.
> 9186ae0 Incorrect way to initialize a multi_type_vector.
> 92a78a0 Don't allow outside code to set text attributes.
> 5f188d6 Avoid having formula cell directly update text attributes.
> 7a522da Add more calls to CellStorageModified() when it's called for.
> 33a417f Remove unused method.
> 91f7e9e Fix a bug in "find all" search, and a test to catch it in the future.
> 8a39b8c Turns out ScHorizontalIterator was still broken. Fix it for real.
> 66d3f24 Make sure to set the cloned formula cells dirty during undo / redo.
> 2a1c5ab Fix ScCellIterator, which also fixes matrix handling in the formula engine.
> df90b9e Add Dump() method to ScMatrix, which is useful when debugging.
> 57538e5 Update references on all cells.
> e3b9168 Fix the horizontal cell iterator.
> 2a5ea9e Same fix for fill series & some cleanup.
> 458df36 We need to clone the source cell value to prevent crash.
> 3b0c069 Don't forget to return true if we are successful.
> b6a6a26 Have the clone handler handle the text attr array as well.
> 65be1e2 Use template functions to remove these duplicate code blocks.
> 6ea5392 When deleting cells, be sure to delete the corresponding cell attrs as well.
> 1fe76b4 Don't bail out on good condition.
> cb4a478 Leave the RowInfo's for empty cells unfilled.
> 3b3b0c0 Fix a bug in the find area position code for the upward direction.
> 341a4c8 Compiler warnings.
> 76ca152 Remove these file entries.
> 8b252f3 Put ScBaseCell, ScValueCell, ScStringCell, ScEditCell to eternal rest.
> dabeb3d Move ScEditDataArray out of cell.?xx and into its own files.
> dcf04c5 CELLTYPE_DESTROYED no longer relevant. Chuck it.
> 46419cd ScFormulaCell is no longer a child class of ScBaseCell.
> c008dc48 Switch to using multi_type_vector for cell storage.
> 75dec25 Add new cell container to ScColumn.
> e9c5eb6 Re-org the headers a bit. In column?.cxx, column.hxx must be the first.
> 77ec473 Reduce dependency on mtvelements.hxx header.
> c7bdee8 Define block types for string, edit text and formula cell elements.
> ac84ffb Remove unnecessary debug outputs that would slow down perf tests.
> f657ac9 Turn on the perf test again. Will turn it off before merging.
> ee51444 fix borders unit test ( test values have changed )
> 1680a8c fix hair & fine cell border export ( followon fix fdo#56960 )
> 3d4603e fix typo in higher debug level code
> 40cd5e8 bin/lo-xlate-lang: fix typo: s/kazahk/kazakh/
> 38dcfad fdo#58029: replace quadratic child window loop with linear
> f022f39 fdo#60444: Revert "fdo#58029 - substantially accelerate re-rendering..."
> cfa994c fdo#43765, fdo#57884, fdo#58052, fdo#63949: disappearing form controls
> 52066e4 coverity#706154 : Destination buffer too small
> 7ec6bab Resolves: fdo#66042 get the bounds of the current grapheme
> 91b8728 Resolves: #i120020# corrected paragraph merge...
> b139f6f Remove leftover debugging printf

while the first core commit where the application crashes could be any of

> $ git log --oneline f4546b72702dbe30505594a8307dd402e81a0303^..570fe620e9d573cfc9fc260e6518563c6a6c1a3c
> 570fe62 Keep passing XComponentContext into officecfg:: wrapper fns, where available
> 8bae88b look for find-requires-gnome.sh in the right path
> b0c4325 fdo#60924 autoinstall - gbuild/scp2: still more libs to OOO
> 75ef95e fdo#46037: no more comphelper/configurationhelper.hxx in fpicker
> 57ebb84 Revert "fdo#46037: no more comphelper/configurationhelper.hxx in fpicker"
> d1f58e5 Trying to fix the windows build
> 4231190 fdo#46037: no more comphelper/configurationhelper.hxx in writerfilter
> 7cbf9c9 fdo#46037: no more comphelper/configurationhelper.hxx in fpicker
> 7e3fdd1 fdo#63690 - replace RTL_CONTEXT_ macros with SAL_INFO
> 6893636 fdo#63690 - replace RTL_CONTEXT_ macros with SAL_INFO
> 0153ea7 Fix compiler errors and warnings..
> 038d162 unit test for <text:s> in <text:p> and <text:span>, fdo#67094
> 98608e5 fdo#38144 In ruler snap to markers for tab stops, margins, etc.
> 06c416b Cleanup strangely formatted code in SvxRuler.
> 462799e just rename header define
> ba17605 Add ANOVA (analysis of variance) calculation to Statistics.
> 19efbd8 Generic ChildWindowWrapper.
> 1f47b46 Fix drop caps background
> c8b4ffc Check explicitily the space at the end of the line
> cacb32c Clean up naming of OStatement_Base etc. (firebird-sdbc)
> ed9dac3 Move Statement specific methods out of common base. (firebird-sdbc)
> 2b541c92 Move Statement_Base into it's own file (firebird-sdbc).
> a061f0a Remove unnecessary OStatement_BASE2 (firebird-sdbc).
> c636ed8 Cleanup firebird-sdbc header defines.
> c4ed358 a date is a date, not a float
> cab9b82 fdo#67186 switch reporbuilder to null date == 1899-12-30
> 7f67dd5 OSL_FAIL -> SAL_WARN
> 1de20e7 unset mnCount in ScXMLCellFieldSContext::CreateChildContext()
> be10607 resolved fdo#67094 handle <text:s> in <text:p> and <text:span>
> 70e2477 Add more components
> cb59042 fdo#63690 - replace RTL_CONTEXT_ macros with SAL_INFO
> d8fa15f fdo#67213 - crash on opening AutoText dialog (Ctrl+F3)
> 312f3aa expand out the U2S and S2U macros from sfxuno.hxx
> 2fbcff5 Revert "WaE: "HAVE_GCC_ATTRIBUTE_WARN_UNUSED" is not defined"
> 68c8dce WaE: "HAVE_GCC_ATTRIBUTE_WARN_UNUSED" is not defined
> 2270f32 Clean up redundant explicit OUString(...) ctors
> bb67e70 fdo#64637 RTF import: handle multiple RTF_COMPANY
> e667bcd These SAL_INFOs do not make much sense any more
> 6872ad4 it is not possible to sign libs that are in use
> 8244718 If this configuration access throws exceptions sth very fundamental is broken
> 2b45d55 fdo#46037: no more comphelper/configurationhelper.hxx in sd
> 5d95193 fdo#63690 - replace RTL_CONTEXT_ macros with SAL_INFO
> 19a6c48 configure.ac: working firebird version check with manual FIREBIRD_C/LDFLAGS
> 61eed5f convert sfx2 UNO services to WeakImplHelper
> 376d5a6 convert more services in framework module to WeakImplHelper
> 2f4c796 remove unused field
> 9dbb8db Convert the easy cases in framework to WeakImplHelper
> 5e184fd Convert GlobalSettings_Access to WeakImplHelper
> 0abf81c Convert ModuleUIConfigurationManagerSupplier to WeakImplHelper
> 496a281 Convert UIConfigurationManager to WeakImplHelper
> a19e9a5 Convert ConfigurationAccess_WindowState to WeakImplHelper
> 4d5801a convert WindowStateConfiguration to WeakImplHelper
> 18a5f8a Convert framework::StatusBarManager to WeakImplHelper
> fe4e268 Convert framework::ToolBarManager to WeakImplHelper
> a30c91f Convert framework::AcceleratorConfigurationReader to WeakImplHelper
> ca8bdb1 improve comments
> 9c41a60 fdo#46808, Convert ui::ModuleUIConfigurationManager service to new style
> 92dfa82 adjust for upstreaming of warn_unused attribute
> 0d2a7ad Correct help message for --enable-macosx-code-signing
> 2cefde7 drop extra )
> 572fc4a Blind fix for Mac Tinderbox
> a414801 fdo#46037: no more comphelper/configurationhelper.hxx in reportdesign
> b32a9e9 fdo#46037: no more comphelper/configurationhelper.hxx in formula module
> 2d5978b fdo#66145: fix for FirstIsShared flag
> f4546b7 Updated core Project: translations  8fe00a5faf3c817a8ec89a2cfc68114c456281bc
Comment 9 Matthew Francis 2015-08-18 14:32:31 UTC
I narrowed down the commit responsible for the initial slowdown/hang to being probably in the range between c7bdee8dbd1cf260a8513a0d31b36f90daa70f1c and e3b91687590f08438b5a5d4eec72e634b11a8589 - but couldn't get any closer even by applying some cherry-picked fixes, the commits in that range are quite hard to build and/or imperfectly functional taken individually.

Possibly the most likely candidate is this one? I previously also suspected, but couldn't prove directly, that the same commit was responsible for bug 77001

commit c008dc483f8c6840803983e7e351cec6fdd32070
Author: Kohei Yoshida <kohei.yoshida@gmail.com>
Date:   Fri May 24 11:52:18 2013 -0400

    Switch to using multi_type_vector for cell storage.
    
    The old style cell storage is no more.  Currently the code is buildable,
    but crashes during unit test.
    
    Change-Id: Ie688e22e95c7fb02b9e97b23df0fc1883a97945f
Comment 10 Timur 2015-08-31 15:07:36 UTC
Created attachment 118290 [details]
gdbtrace.log
Comment 11 Stephan Bergmann 2015-09-01 08:05:19 UTC
(In reply to Timur from comment #10)
> Created attachment 118290 [details]
> gdbtrace.log

doesn't contain any useful information
Comment 12 Timur 2015-09-01 11:56:23 UTC
Created attachment 118310 [details]
WinDBG output

Thank you for looking into this. This is a specific bug where standard procedure doesn't show results. Interestingly, procdump dmp can't be open with my WinDbg at all.
I tried with kb and kn, please confirm it has any value, or it should be removed and tried with valgrind.
Comment 13 Stephan Bergmann 2015-09-01 12:25:42 UTC
(In reply to Timur from comment #12)
> Created attachment 118310 [details]
> WinDBG output

That unfortunately doesn't contain anything useful, either.
Comment 14 Timur 2015-09-02 09:13:36 UTC
Created attachment 118325 [details]
valgrind log

I hope this partial valgrind log will be useful. Please check. I run out of memory.
Comment 15 Stephan Bergmann 2015-09-02 11:17:54 UTC
(In reply to Timur from comment #14)
> Created attachment 118325 [details]
> valgrind log
> 
> I hope this partial valgrind log will be useful. Please check. I run out of
> memory.

No.  Only contains noise from well-known false positives.
Comment 16 Eike Rathke 2015-09-30 09:39:33 UTC
(In reply to jm from comment #0)
> I need to remove the leading space inside this file 

Trailing, not leading ;-)

> So i use the CTRL/H (find & replace) 
> in find : "  *$" without "

Which actually finds *every* content cell because it means "zero or more spaces at the end of the cell content". For trailing spaces use " +$" where " +" finds occurrences of at least one space.

> in replace : nothing (left empty)
> open other options, select regular expression
> hit replace all

That then attempts to replace up to 600899 cells, including generating undo content for each cell, and later builds a list of all cells and their content for the Search Results dialog.

Replacing the cells one by one and deleting cells for which the replaced content is empty because only spaces were contained, which effectively changes the column's storage type segments of the mdds tree cell by cell, seems to be the memory exhausting step here. Apparently the mdds storage is heavily stressed in this case.
Comment 17 jm 2015-11-21 14:28:14 UTC
in reply to Eike Rathke from comment 16

thank you for your help, it improves my english and my re knowledge.

but i think you miss the double space in the find field just before *$. I was looking for one or more spaces at the end of the line ; that's what i realy wanted.

anyway after a few moment i got a popup window with "bad allocation" and Calc is crashed, and the file need to be recovered.

if you want i can test it again with the current version.

hope this help.

Thanks.
Comment 18 Robinson Tryon (qubit) 2015-12-14 05:19:08 UTC Comment hidden (obsolete)
Comment 19 Eike Rathke 2015-12-14 20:25:51 UTC
(In reply to jm from comment #17)
> but i think you miss the double space in the find field just before *$.

Indeed, I missed the two consecutive spaces.
However, changing the type of all cells affected in a column, which still are a lot, still seems to be the bottleneck.

> if you want i can test it again with the current version.

Would be good to know anyway.
Comment 20 jm 2016-02-07 08:14:56 UTC
(In reply to Eike Rathke from comment #19)
> (In reply to jm from comment #17)
> > but i think you miss the double space in the find field just before *$.
> 
> Indeed, I missed the two consecutive spaces.
> However, changing the type of all cells affected in a column, which still
> are a lot, still seems to be the bottleneck.
> 
> > if you want i can test it again with the current version.
> 
> Would be good to know anyway.

OK test again with 5.0.4.2 FR : got the small popup window "bad allocation" the window title is "LibreOffice 5.0 - Fat..." and the program freeze
Comment 21 Timur 2016-03-24 16:41:40 UTC
Created attachment 123815 [details]
debug with LO 5.2alpha0

OK, I don't know why debug is different this time, but please take a look.
Comment 22 Markus Mohrhard 2016-04-19 17:14:00 UTC
bad_alloc is an out of memory situation. No need for valgrind there. Actually a gdb/wind_dbg session that breaks on exceptions is more useful.

Locally I was not able to see any strange memory patterns but I did not let it run until the end.
Comment 23 Michael Meeks 2016-11-04 09:44:44 UTC
Debugging suggests that the default replace direction is row-wise, which is really not helpful wrt. stressing MDDS usage. I have a patch to override the direction to columnular for the ReplaceAll case.

However there is still a rather large memory consumption issue =) the initial document takes me ~350Mb to load, and part way into the replaceall I have ~800Mb of RAM consumed - I think doubling the size for undoing such a large replace is prolly reasonable.

I guess (for me) the more annoying thing is that there is no progress / feedback about what is going on =) it would be nice to have some - I guess; although that is a new feature.

Wrt. building a list of all cells and their content for the Search Result dialog - that seems crazy for a million cells etc. =) We should crop this to 1000 items or so I suggest.
Comment 24 Michael Meeks 2016-11-04 09:46:13 UTC
one other thing;
Timur: "Looks like regression, didn't hang in 4.0.5."
surprises me - can you give some details on how much memory was used on load, and after replace in this case Timur ? are you sure you did a regexp search ?

Thanks ! =)
Comment 25 Timur 2016-11-04 11:00:05 UTC
Windows 7 64-bit, as shown with Windows Task Manager: 
LO 4.0.5 32-bit on start 110 MB, with this file open 175 MB, slowly rising during regex to 185 MB, not responding for some time until it finishes but no crash.
LO 5.0.6 32-bit on start 102 MB, with this file open 188 MB, fast rising during regex to 1.600 MB, bad allocation.
LO 5.2.3 32-bit on start 197 MB, with this file open 291 MB, slowly rising during regex to 428 MB, no crash.
LO 5.3+ 32-bit on start 127 MB, with this file open 169 MB, slowly rising during regex to 298 MB, no crash.

It's still "not responding" and very slow, average user would maybe kill it, but no bad allocation.
Comment 26 Timur 2016-11-04 17:25:19 UTC
Bug 91260? Or 92160?
Michael Meeks committed a patch related to this issue.
It has been pushed to "master":
http://cgit.freedesktop.org/libreoffice/core/commit/?id=5946cc2f7056fc580fefe1b90795e3921bdb3969
tdf#91260 - ReplaceAll should use a columnar direction.
Comment 27 Michael Meeks 2016-11-04 18:31:35 UTC
Disabling the popup with the search / replace results - saves a huge amount of memory & makes this complete nicely for me in reasonable time.
Comment 28 Michael Meeks 2016-11-04 20:26:33 UTC
Pushed a patch to limit the search results in the dialog to 1000 to gerrit:
https://gerrit.libreoffice.org/30574
Comment 29 Michael Meeks 2016-11-07 13:38:38 UTC
Mostly un-related to the MDDS work, all about building the dialog I think in terms of cost - pushed a fix and cherry-picked for 5-2
Comment 30 Commit Notification 2016-11-07 13:40:27 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ba68e6dd7ad99ef2a2720f327813d13550b98966

tdf#92160 - sc: limit search results to 1000 entries.

It will be available in 5.3.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 31 Commit Notification 2016-11-22 15:17:22 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-5-2":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=1a093a2c06c30c17e483614e36a75907e7d0991f&h=libreoffice-5-2

tdf#92160 - sc: limit search results to 1000 entries.

It will be available in 5.2.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.