Bug 58630 - Calc - CRASH when using Validity
Summary: Calc - CRASH when using Validity
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Spreadsheet (show other bugs)
Version: 4.0.0.0.beta1
Hardware: Other All
: medium normal
Assignee: Caolán McNamara
QA Contact:
URL:
Whiteboard: target:4.1.0 target:4.0.2
Keywords: have-backtrace
Depends on:
Blocks:
 
Reported: 2012-12-21 20:50 UTC by Michel Rudelle
Modified: 2013-04-05 10:33 UTC (History)
10 users (show)

See Also:
i915 platform:
i915 features:


Attachments
Bug 58630 - WinDbg session (11.24 KB, text/plain)
2013-02-11 09:38 UTC, bfoman
Details

Description Michel Rudelle 2012-12-21 20:50:58 UTC
Version 4.0.0.0.beta1+ (Build ID: b0eb7231a9643d71be3125be7248c91242339ab
under Vista

Steps to reproduce :
Open a new spreadsheet and select any cell
1/ Data > Validity > Cell range
2/ click the icon “shrink” at the right of the Source field (without entering anything)
3/ in the new window, click the icon “shrink” (without entering anything)
4/ the return is incorrect, the Source field is not displayed
5/ OK

Again on the same cell or another one:
   Item 4: the return now presents two overlapping windows:
Click OK on the first
Click OK on the 2nd => CRASH
Then, if I accept to recover the file, I get the following message:
"The file '$(ARG1)' is corrupt and therefore cannot be opened. LOdev can try to repair the file."

I checked with versions 3.5.7 and 3.6.4: no crash 

Confirmed on the French list fr-qa
Comment 1 ydutrieux 2012-12-21 23:05:15 UTC
Confirmé sous Version 4.0.0.0.beta1+ (Build ID: 6d4a55bf38a1c470c49f904dbbddf94eb2f6154)
win7 - 32bits 

Confirmé sous libo Version 4.0.0.0.beta1+ (Build ID: 51ecd2f55d608f853852335808b643f61b9a844)
TinderBox: Linux-x86_64_11-Release-Configuration, Branch:libreoffice-4-0, Time: 2012-12-17_20:11:04

Ubuntu 12.04 - 64bits
Comment 2 Julien Nabet 2012-12-22 14:35:54 UTC
On pc Debian x86-64 with master sources updated today, I reproduce this too until overlapping.
(I must have missed something about the crash since I didn't reproduce it)

Noticed this log twice:
warn:vcl.layout:21569:1:/home/julien/compile-libreoffice/libo/vcl/source/window/dialog.cxx:1203: Dialog has become non-layout because extra children have been added directly to it.
Comment 3 m.a.riosv 2012-12-22 23:19:40 UTC
Confirmed:
Win7x64 Ultimate
Version 4.0.0.0.beta2 (Build ID: 4104d660979c57e1160b5135634f732918460a0)
Comment 4 Julien Nabet 2013-02-09 10:56:13 UTC
Michel/mariosv: do you still reproduce this with final release 4.0?
If yes, could you try to retrieve a backtrace (even without symbols if you can't)?
Comment 5 m.a.riosv 2013-02-09 12:19:20 UTC
(In reply to comment #4)
> Michel/mariosv: do you still reproduce this with final release 4.0?
> If yes, could you try to retrieve a backtrace (even without symbols if you
> can't)?

Hi Julian

reproducible with:
Win7x64 Ultimate
Version 4.0.0.3 (Build ID: 7545bee9c2a0782548772a21bc84a9dcc583b89)

I never get the back-trace, but I think there is a comment in some place about how to do if, if I find it I'll try.
Comment 6 Julien Nabet 2013-02-09 12:51:47 UTC
mariosv: here some info for Windows part, https://wiki.documentfoundation.org/BugReport#How_to_get_a_backtrace_.28on_Windows.29
Comment 7 m.a.riosv 2013-02-09 14:01:07 UTC
(In reply to comment #6)
> mariosv: here some info for Windows part,
> https://wiki.documentfoundation.org/BugReport#How_to_get_a_backtrace_.
> 28on_Windows.29

Hi Julien, thanks for the link.

I had found a comment from Michael in nabble using Dr. Memory. I hope I can do a try this night.

Miguel Ángel.
Comment 8 bfoman 2013-02-09 16:31:46 UTC
Will check.
Comment 9 m.a.riosv 2013-02-09 23:05:36 UTC
I have not done any compilation, this is the result with:
Win7x64 Ultimate
Version 4.0.0.3 (Build ID: 7545bee9c2a0782548772a21bc84a9dcc583b89)

Command line:
"C:\Program Files (x86)\Dr. Memory\bin\drmemory.exe" "C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe"

Log file:
"
Dr. Memory version 1.5.0 build 5 built on Aug 31 2012 16:19:51
Application cmdline: ""C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe""
Recorded 63 suppression(s) from default C:\Program Files (x86)\Dr. Memory/bin/suppress-default.txt

Error #1: LEAK 126 direct bytes 0x00803388-0x00803406 + 0 indirect bytes
# 0 KERNELBASE.dll!LocalAlloc                +0x5e     (0x754158de <KERNELBASE.dll+0x158de>)
# 1 SHELL32.dll!CommandLineToArgvW           +0x89     (0x756d9f22 <SHELL32.dll+0x19f22>)
# 2 soffice.exe!?                            +0x0      (0x01351212 <soffice.exe+0x1212>)
# 3 soffice.exe!?                            +0x0      (0x01351770 <soffice.exe+0x1770>)
# 4 soffice.exe!?                            +0x0      (0x01351f9d <soffice.exe+0x1f9d>)
# 5 KERNEL32.dll!BaseThreadInitThunk         +0x11     (0x76ef33aa <KERNEL32.dll+0x133aa>)
# 6 ntdll.dll!RtlInitializeExceptionChain    +0x62     (0x778e9ef2 <ntdll.dll+0x39ef2>)
# 7 ntdll.dll!RtlInitializeExceptionChain    +0x35     (0x778e9ec5 <ntdll.dll+0x39ec5>)

Error #2: LEAK 126 direct bytes 0x007ffd00-0x007ffd7e + 0 indirect bytes
# 0 KERNELBASE.dll!LocalAlloc                +0x5e     (0x754158de <KERNELBASE.dll+0x158de>)
# 1 SHELL32.dll!CommandLineToArgvW           +0x89     (0x756d9f22 <SHELL32.dll+0x19f22>)
# 2 soffice.exe!?                            +0x0      (0x01351212 <soffice.exe+0x1212>)
# 3 soffice.exe!?                            +0x0      (0x013515f6 <soffice.exe+0x15f6>)
# 4 soffice.exe!?                            +0x0      (0x01351f9d <soffice.exe+0x1f9d>)
# 5 KERNEL32.dll!BaseThreadInitThunk         +0x11     (0x76ef33aa <KERNEL32.dll+0x133aa>)
# 6 ntdll.dll!RtlInitializeExceptionChain    +0x62     (0x778e9ef2 <ntdll.dll+0x39ef2>)
# 7 ntdll.dll!RtlInitializeExceptionChain    +0x35     (0x778e9ec5 <ntdll.dll+0x39ec5>)

DUPLICATE ERROR COUNTS:

SUPPRESSIONS USED:

ERRORS FOUND:
      0 unique,     0 total unaddressable access(es)
      0 unique,     0 total uninitialized access(es)
      0 unique,     0 total invalid heap argument(s)
      0 unique,     0 total GDI usage error(s)
      0 unique,     0 total warning(s)
      2 unique,     2 total,    252 byte(s) of leak(s)
      0 unique,     0 total,      0 byte(s) of possible leak(s)
ERRORS IGNORED:
    322 still-reachable allocation(s)
         (re-run with "-show_reachable" for details)
Details: C:\Users\MARV\AppData\Roaming/Dr. Memory/DrMemory-soffice.exe.6728.000/results.txt
"

Miguel Ángel
Comment 10 bfoman 2013-02-11 09:38:19 UTC
Created attachment 74591 [details]
Bug 58630 - WinDbg session

> Steps to reproduce :
> Open a new spreadsheet and select any cell
> 1/ Data > Validity > Cell range
> 2/ click the icon “shrink” at the right of the Source field (without
> entering anything)
> 3/ in the new window, click the icon “shrink” (without entering anything)
> 4/ the return is incorrect, the Source field is not displayed
> 5/ OK

Confirmed with:
LO 4.0.0.3
Build ID: own W7 debug build
Windows 7 Professional SP1 64 bit

Source field is not displayed. Crash on exit. Attached full WinDbg session.
Comment 11 Julien Nabet 2013-02-11 09:57:51 UTC
bfoman: thank you for the bt

Kohei/Markus/Eike: I didn't succeeded in reproducing the crash but others did and bfoman even retrieved a bt, one for you?
Comment 12 Juan Lopez 2013-02-12 21:57:27 UTC
Confirmed for Windows XP SP3. IA32 (X86) processor.
LibreOffice 4.0.0.3
Comment 13 Kohei Yoshida (inactive) 2013-02-13 15:38:31 UTC
The shifting and mis-behavior of the range picker in the validity dialog is certain concerning.  I think we need to fix that first.  Crash is probably just a manifestation of that glitch.

I believe this dialog is one of the first ones to adopt the new modal range-picker dialog?
Comment 14 Markus Mohrhard 2013-02-13 16:24:36 UTC
(In reply to comment #13)
> I believe this dialog is one of the first ones to adopt the new modal
> range-picker dialog?

No it still uses the old modeless implementation but it might be related to the code changes to allow modal RefEdit dialogs.
Comment 15 Kohei Yoshida (inactive) 2013-03-07 18:59:02 UTC
I'll put Caolan on CC.  This looks to me like the crasher is caused as a result of the dialog conversion to the new widget layout engine.  Besides the crasher, the dialog does not shrink when clicking the ref picker button.  The two *may* be related...
Comment 16 Caolán McNamara 2013-03-07 21:17:35 UTC
oh great :-( I only encountered the "mangle window hierarchy" refbutton thing a day or two ago for insert->names, unfortunate that it exists in a SfxTabDialog.
Comment 17 Commit Notification 2013-03-08 13:48:16 UTC
Caolan McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=4e0c6a0ac78d3c68922e032eec7f9c05cc39023a

Resolves: fdo#58630 crash with refEdit button in SfxTabDialog



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 18 Commit Notification 2013-03-08 15:52:47 UTC
Caolan McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-4-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=709616cdb1ae8458249384b4c0718bbe5c0cf976&h=libreoffice-4-0

Resolves: fdo#58630 refEdit button shrink mangles dialog


It will be available in LibreOffice 4.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 19 Julien Nabet 2013-03-09 12:49:39 UTC
*** Bug 61948 has been marked as a duplicate of this bug. ***
Comment 20 Michel Rudelle 2013-03-10 12:58:58 UTC
I confirm the fix of this bug, thanks for that:
Tested with:
Version 4.1.0.0.alpha0+ (Build ID: d7ca9b5cbcac463dd1baa089180bac2a1c0e5e3)
TinderBox: Win-x86@6, Branch:master, Time: 2013-03-09_23:19:58
and
Version 4.0.2.0+ (Build ID: 4f569b6b787586671626f03a61c20b39142a230)
Vista-32b

But a crash is still there when you try to enter a cell range.
I think it might be a different issue and it is not relevant to reopen this bug. Please have a look at bug 61250
Do you agree about that?
Comment 21 Michel Rudelle 2013-03-10 13:01:22 UTC
(In reply to comment #20)
> Please have a look at bug 61250

Sorry, read please bug 61520
Comment 22 Juan Lopez 2013-04-04 18:32:10 UTC
Tested on LibreOffice 4.0.2.2. Windows XP SP3 (32 bits). Bug wasn't fixed.
Comment 23 grofaty 2013-04-05 06:35:02 UTC
It looks like a duplicate of Bug 61948. I have written several step-by-step instructions how to reproduce the crash, see noted bug.
Comment 24 Caolán McNamara 2013-04-05 10:33:27 UTC
lets keep this one closed and work on bug 61948 because that one has more details as to how to reproduce the remaining broken scenarios


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.