Bug Hunting Session
Bug 94968 - assert: attempt to subscript container with out-of-bounds index
Summary: assert: attempt to subscript container with out-of-bounds index
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
5.1.0.0.alpha0+ Master
Hardware: Other Linux (All)
: medium normal
Assignee: Caolán McNamara
URL:
Whiteboard: haveBacktrace target:5.2.0 target:5.1.2
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-11 22:37 UTC by Terrence Enger
Modified: 2016-10-25 19:08 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments
gdb output with backtrace (32.67 KB, text/plain)
2015-10-11 22:37 UTC, Terrence Enger
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Terrence Enger 2015-10-11 22:37:02 UTC
Created attachment 119525 [details]
gdb output with backtrace

STR
(1) Start program; if necessary close the initial "Untitled 1".
    Program displays Start Center.
(2) Take menu options Tools > Options...
(3) Expand LibreOfficeDev > Advanced.
(4) Click <Expert Configuration>.
(5) Expand org.openoffice.Office.DataAccess > JDBC > DriverClassPaths.
    Result expected : I do not know, I was just poking around.
    Result observed : assertion raised; program terminates.

The attached gdb output is from LibreOffice commit f782a6d, fetched
2015-09-21 02:45 UTC, configured ...
    CC=ccache /home/terry/lo_hacking/associated/gcc/bin/gcc
    CXX=ccache /home/terry/lo_hacking/associated/gcc/bin/g++
    --enable-option-checking=fatal --enable-dbgutil --enable-crashdump
    --without-system-postgresql --without-myspell-dicts
    --with-extra-buildid --without-doxygen
    --with-external-tar=/home/terry/lo_hacking/git/src
    --disable-gstreamer-1-0 --enable-gstreamer-0-10 --disable-gtk3
built on debian wheezy with local built gcc 5.2.0, running in an
environment chroot'ed to debian-sid.  I have seen the same problem in
daily dbgutil bibisect repository version 2015-10-11.

I think this assertion is possible only with a debug build.
Comment 1 Terrence Enger 2015-10-11 22:38:45 UTC
Setting whiteboard haveBacktrace.
Comment 2 Terrence Enger 2015-10-12 14:47:41 UTC
The same problem happens with other items.  Just now, it happened with
org.OpenOffice.Office> Common > Font > Substitution > FontPairs.

The backtrace is the same modulo address space randomization.

I think that I shall not mention more examples.
Comment 3 Julien Nabet 2015-10-12 21:37:57 UTC
On pc Debian x86-64 with master sources updated today, I could reproduce the crash.
Comment 4 Julien Nabet 2015-10-12 21:54:48 UTC
I noticed this log too:
warn:configmgr:4237:1:configmgr/source/propertynode.cxx:64: non-nillable property without value

gdb break gave this:
#1  0x00002aaac981c406 in configmgr::ChildAccess::asSimpleValue(rtl::Reference<configmgr::Node> const&, com::sun::star::uno::Any&, configmgr::Components&) (rNode=rtl::Reference to 0x7f7d30, value=empty uno::Any, components=...) at /home/julien/compile-libreoffice/libreoffice/configmgr/source/childaccess.cxx:289
#2  0x00002aaac97cb5ca in configmgr::Access::getByNameFast(rtl::OUString const&, com::sun::star::uno::Any&) (this=0x6d239d0, name="TSAURLs", value=empty uno::Any)
    at /home/julien/compile-libreoffice/libreoffice/configmgr/source/access.cxx:391
#3  0x00002aaac97cb839 in configmgr::Access::getByName(rtl::OUString const&) (this=0x6d239d0, aName="TSAURLs")
    at /home/julien/compile-libreoffice/libreoffice/configmgr/source/access.cxx:414
Comment 5 Julien Nabet 2015-10-12 21:59:20 UTC
TSAURLs part added by:
http://cgit.freedesktop.org/libreoffice/core/commit/?id=24ad0629ae9edad83514e329e7173b94a8680ea6

I'll give a try with 'oor:nillable="false"' removed.
Comment 6 Julien Nabet 2015-11-07 17:28:54 UTC
Sorry for the delay, I gave a try after having removed "oor:nillable="false"" or changed it to "oor:nillable="true"", it failed to build.
/home/julien/compile-libreoffice/libreoffice/cui/source/options/tsaurls.cxx: In constructor ‘TSAURLsDialog::TSAURLsDialog(vcl::Window*)’:
/home/julien/compile-libreoffice/libreoffice/cui/source/options/tsaurls.cxx:38:116: error: no matching function for call to ‘com::sun::star::uno::Sequence<rtl::OUString>::Sequence(boost::optional<com::sun::star::uno::Sequence<rtl::OUString> >)’
         css::uno::Sequence<OUString> aUserSetTSAURLs(officecfg::Office::Common::Security::Scripting::TSAURLs::get());
                                                                                                                    ^
In file included from /home/julien/compile-libreoffice/libreoffice/workdir/CustomTarget/officecfg/registry/officecfg/Office/Common.hxx:7:0,
                 from /home/julien/compile-libreoffice/libreoffice/cui/source/options/tsaurls.cxx:10:
/home/julien/compile-libreoffice/libreoffice/include/com/sun/star/uno/Sequence.hxx:96:22: note: candidate: com::sun::star::uno::Sequence<E>::Sequence(std::initializer_list<_Tp>) [with E = rtl::OUString]
 template<typename E> Sequence<E>::Sequence(std::initializer_list<E> init) {
                      ^
/home/julien/compile-libreoffice/libreoffice/include/com/sun/star/uno/Sequence.hxx:96:22: note:   no known conversion for argument 1 from ‘boost::optional<com::sun::star::uno::Sequence<rtl::OUString> >’ to ‘std::initializer_list<rtl::OUString>’
/home/julien/compile-libreoffice/libreoffice/include/com/sun/star/uno/Sequence.hxx:84:8: note: candidate: com::sun::star::uno::Sequence<E>::Sequence(sal_Int32) [with E = rtl::OUString; sal_Int32 = int]
 inline Sequence< E >::Sequence( sal_Int32 len )

Tor: thought you might be interested in this one. If I'm wrong, don't hesitate to uncc yourself of course! :-)
Comment 7 Julien Nabet 2016-01-02 09:43:13 UTC
I submitted this patch to review:
https://gerrit.libreoffice.org/#/c/21038/
Comment 8 Julien Nabet 2016-02-09 08:23:50 UTC
It seems the patch isn't ok => unassign myself.
Comment 9 Commit Notification 2016-03-14 09:57:53 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=1f780088e8171c088ccb1c8bd82e314c1e4016f0

Resolves: tdf#94968 return false is expanding failed to add anything

It will be available in 5.2.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 10 Commit Notification 2016-03-14 15:41:50 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-5-1":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=e1206bfbf508f4a458e7ac8fe6d0935d177cb778&h=libreoffice-5-1

Resolves: tdf#94968 return false is expanding failed to add anything

It will be available in 5.1.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 11 Terrence Enger 2016-03-16 14:01:17 UTC
I am setting status VERIFIED FIXED, based on testing in local build of
commit a2986a0, pulled 2016-03-15.  Thank you, Caolán.