Issue 121285

Created attachment 79833 [details]
test file

added keywords

(In reply to comment #0)
> Created attachment 79832 [details]
> test library
> 
> aoo3.5m1 rev 1400866 crashes immediately if i run attached macro on attached
> spreadsheet. the macro insert rows and copy's cell ranges
> on the second sheet. don't care about what is really happening.
> 
> arielch already found the crash happens asynchronously, 
> and there is no direct way to relate it to the macro.

with these stripped version of the document, it's easier to reproduce.
Set a break point in 

ModulZellBereich2.ZeilenOderSpaltenEinfuegen
line 171: oNRanges.getByName(sCpyRange).setContent(sTmpRange)

and run the macro. It will stop in this line with the following values:


sCpyRange = "A_CPY"
sTmpRange = "$ORG_BipoDiff.$B$8:$H$13"

Press Continue. Crash.

#0  0x0000003d9dee59d0 in vtable for __cxxabiv1::__class_type_info () from /lib64/libstdc++.so.6
#1  0x00007f1c91e0bc71 in ScTokenArray::ImplGetReference (this=0x2f85f78, rRange=..., bValidOnly=1 '\001')
    at /build/aoo/src/playground/trunk/main/sc/source/core/tool/token.cxx:1290
#2  0x00007f1c91e0be42 in ScTokenArray::IsValidReference (this=0x2f85f78, rRange=...) at /build/aoo/src/playground/trunk/main/sc/source/core/tool/token.cxx:1315
#3  0x00007f1c91df76ce in ScRangeData::IsValidReference (this=0x2f85f18, rRange=...) at /build/aoo/src/playground/trunk/main/sc/source/core/tool/rangenam.cxx:410
#4  0x00007f1c9177a29f in ScPosWnd::FillRangeNames (this=0x2ce32f0) at /build/aoo/src/playground/trunk/main/sc/source/ui/app/inputwin.cxx:1448
#5  0x00007f1c9177a643 in ScPosWnd::Notify (this=0x2ce32f0, rHint=...) at /build/aoo/src/playground/trunk/main/sc/source/ui/app/inputwin.cxx:1524
#6  0x00007f1cb5574136 in SfxBroadcaster::Broadcast(SfxHint const&) () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsvl.so
#7  0x00007f1c9181fd1f in ScDocFunc::SetNewRangeNames (this=0x7fff342b2df0, pNewRanges=0x333ba68) at /build/aoo/src/playground/trunk/main/sc/source/ui/docshell/docfunc.cxx:4482
#8  0x00007f1c91adb8b0 in ScNamedRangeObj::Modify_Impl (this=0x333baf0, pNewRangeName=0x0, pNewTokens=0x0, pNewContent=0x7fff342b2ea0, pNewPos=0x0, pNewType=0x0, eGrammar=
    formula::FormulaGrammar::GRAM_PODF_A1, pNewScopeName=0x0) at /build/aoo/src/playground/trunk/main/sc/source/ui/unoobj/nameuno.cxx:192
#9  0x00007f1c91adbe45 in ScNamedRangeObj::setContent (this=0x333baf0, aContent="$ORG_BipoDiff.$B$8:$H$13")
    at /build/aoo/src/playground/trunk/main/sc/source/ui/unoobj/nameuno.cxx:265


The backtrace is always the same. The SC_HINT_AREAS_CHANGED is broadcaster asynchronously, the notified instance tries to access a dangling object. That said, I have no idea what that code does, so let's hope someone in the know fixes it.

The crash is reproducible with latest trunk: r1402787

(In reply to comment #3)
> with these stripped version of the document, it's easier to reproduce.
> Set a break point in 
> 
> ModulZellBereich2.ZeilenOderSpaltenEinfuegen
> line 171: oNRanges.getByName(sCpyRange).setContent(sTmpRange)
> 
> and run the macro. It will stop in this line with the following values:
> 
> 
> sCpyRange = "A_CPY"
> sTmpRange = "$ORG_BipoDiff.$B$8:$H$13"
> 
> Press Continue. Crash.

Another test: stop the macro, without executing that line. It will crash later when you close the document:

Program received signal SIGSEGV, Segmentation fault.
0x0000003d9c07f99c in __GI___libc_free (mem=0x7fd1444f0c58) at malloc.c:2987
2987      ar_ptr = arena_for_chunk(p);
Missing separate debuginfos, use: debuginfo-install gvfs-1.12.3-1.fc17.x86_64 libbluray-0.2.3-1.fc17.x86_64
(gdb) bt
#0  0x0000003d9c07f99c in __GI___libc_free (mem=0x7fd1444f0c58) at malloc.c:2987
#1  0x00007fd156434c90 in rtl_freeMemory (p=0x7fd1444f0c58) at alloc_global.c:308
#2  0x0000000000401569 in deallocate (p=0x7fd1444f0c60, rTraits=...) at /build/aoo/src/playground/trunk/main/sal/cpprt/operators_new_delete.cxx:179
#3  0x00000000004015cd in operator delete (p=0x7fd1444f0c60) at /build/aoo/src/playground/trunk/main/sal/cpprt/operators_new_delete.cxx:196
#4  0x00007fd126f306d2 in formula::FormulaToken::~FormulaToken (this=0x7fd1444f0c60, __in_chrg=<optimized out>)
    at /build/aoo/src/playground/trunk/main/formula/source/core/api/token.cxx:86
#5  0x00007fd127ad2a1c in ScFormulaCell::~ScFormulaCell (this=0x7fd14452e008, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/cell.cxx:828
#6  0x00007fd127ad2ada in ScFormulaCell::~ScFormulaCell (this=0x7fd14452e008, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/cell.cxx:829
#7  0x00007fd127ad0960 in ScBaseCell::Delete (this=0x7fd14452e018) at /build/aoo/src/playground/trunk/main/sc/source/core/data/cell.cxx:170
#8  0x00007fd127af5dc8 in ScColumn::FreeAll (this=0x2ba9108) at /build/aoo/src/playground/trunk/main/sc/source/core/data/column3.cxx:257
#9  0x00007fd127ae6289 in ScColumn::~ScColumn (this=0x2ba9108, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/column.cxx:82
#10 0x00007fd127c10932 in ScTable::~ScTable (this=0x2ba8fb8, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/table1.cxx:142
#11 0x00007fd127b39baa in ScDocument::Clear (this=0x2cf5d10, bFromDestructor=1 '\001') at /build/aoo/src/playground/trunk/main/sc/source/core/data/documen9.cxx:596
#12 0x00007fd127b172e4 in ScDocument::~ScDocument (this=0x2cf5d10, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/documen2.cxx:415
#13 0x00007fd1276c61de in ScDocShell::~ScDocShell (this=0x2cf5c98, __in_chrg=<optimized out>, __vtt_parm=<optimized out>)
    at /build/aoo/src/playground/trunk/main/sc/source/ui/docshell/docsh.cxx:2611
#14 0x00007fd1276c6392 in ScDocShell::~ScDocShell (this=0x2cf5c98, __in_chrg=<optimized out>, __vtt_parm=<optimized out>)
    at /build/aoo/src/playground/trunk/main/sc/source/ui/docshell/docsh.cxx:2644
#15 0x00007fd15514b155 in SfxViewFrame::ReleaseObjectShell_Impl() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#16 0x00007fd15514bab2 in SfxViewFrame::~SfxViewFrame() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#17 0x00007fd15514bbef in SfxViewFrame::~SfxViewFrame() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#18 0x00007fd15514bdc5 in SfxViewFrame::Close() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#19 0x00007fd155135367 in SfxFrame::DoClose_Impl() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so

@arielch:
I can confirm your above mentioned scenarios.
for me it will crash always the second time in the loop at ".setcontent"
and if I remove some of the named ranges before running the macro it will not crash immediately, but on close ...
Can we add this to the stopper issues?

(In reply to comment #5)
> @arielch:
> I can confirm your above mentioned scenarios.
> for me it will crash always the second time in the loop at ".setcontent"
> and if I remove some of the named ranges before running the macro it will
> not crash immediately, but on close ...
> Can we add this to the stopper issues?

we are not in release mode ;) that flag has no meaning right now.

For the last backtrace, the bug seems related to changes in revision 1388342

(In reply to comment #6) 
> For the last backtrace, the bug seems related to changes in revision 1388342

Reverting that commit there is no crash.
CC'ing the developers.

I will investigate this defect.
But could anybody tell me how to install these macro library xba and xlb files in AOO which is mentioned in reproduce step 2?

>But could anybody tell me how to install these macro library

- unzip the zip "testBilb.zip" file
- open dialog from menu "Tools - Macros - Organize Macros - Ooo-dev Basic..."
- select button "Organizer..."
- select tab "Libraries"
- select button "Import..."
- select from unzipped folder "testBilb" file "script.xlb"
- library will be installed
- restart aoo

I cannot reproduce this crash... Only get a error box with message "BASIC runtime error. Sub-procedure or function procedure not defined" when click the button.
Is any of my steps wrong?

What does the reproduce step "maybe you have to increase value in cell "D3" (3 -> insert and copy 3 times) before you click the button" mean? change value from 3 to 4 for example and copy the cell, paste to other cells 3 times?

>BASIC runtime error. Sub-procedure or function procedure not defined"

this error indicates the library is not installed

please check: "Tools - Macros - Organize Macros - Ooo-dev Basic..."

Created attachment 79835 [details]
import lib

Created attachment 79836 [details]
installed lib

>BASIC runtime error. Sub-procedure or function procedure not defined"

or the basic lib is already installed, but not activated.
in that case open dialog "Tools - Macros - Organize Macros - Ooo-dev Basic..."
and select "+testBibl" (see attached picture "installed lib", the icon will
change from grey to yellow.

if you add "GlobalScope.BasicLibraries.LoadLibrary("testBibl")"
before "Call ZeilenOderSpaltenEinfuegen(...)", the library will
be activated before the sub is called.


Sub StartKonfig()
 GlobalScope.BasicLibraries.LoadLibrary("testBibl")
 Call ZeilenOderSpaltenEinfuegen(...
End Sub

Created attachment 79837 [details]
Test document with Basic libraries embedded

@Clarence: this document has the library inside, simply open it and run the macro by pressing the button, it should work :)

Created attachment 79880 [details]
patch

In my fix of i120962, I added a pointer pValidRefToken in ScFormulaCell, this pointer will keep the top ScToken in the stack during interpretion if the formula is a reference formula so that any data range defined by a reference formula can get the correct range.
However, in the clone contruction of ScFormulaCell, I simpley assign the pointer from the old ScFormulaCell to the new one. So any delete action in one object will cause invalid reference in another one.

The patch looks good, submit in revision 1406978

Verified on build Aoo_Trunk_20121109.1800 rev 1407366, open the sample file with macros, run it, no crash, and also run the scenarios as following:

- unzip the zip "testBilb.zip" file
- open dialog from menu "Tools - Macros - Organize Macros - Ooo-dev Basic..."
- select button "Organizer..."
- select tab "Libraries"
- select button "Import..."
- select from unzipped folder "testBilb" file "script.xlb"
- library will be installed
- restart aoo

No Crash, so this bug is fixed.

Close it.