Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing |
Summary: | Using the now() XPath function in XForms crashes or lock up OO.o and corrupts your file. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | gsl | Reporter: | safway <valdenlonghurst> | ||||||
Component: | code | Assignee: | Frank Schönheit <frank.schoenheit> | ||||||
Status: | CLOSED FIXED | QA Contact: | issues@gsl <issues> | ||||||
Severity: | Trivial | ||||||||
Priority: | P2 | CC: | bigandy, dtardon, hdu, issues, kpalagin, philipp.lohmann | ||||||
Version: | OOo 3.1 | Keywords: | crash, regression | ||||||
Target Milestone: | OOo 3.2 | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Issue Type: | PATCH | Latest Confirmation in: | --- | ||||||
Developer Difficulty: | --- | ||||||||
Attachments: |
|
Description
safway
2009-03-04 19:14:55 UTC
I was told by es@openoffice.org that I should reassign XForm issues to MSC. Reassigned to MSC This is even worse now with OOo version 3.1. OOo now crashes/locks up when ANY data changes in the instance tree when you are using now() ANYWHERE in your XForm. Even if you use now() all by itself!!!! Effectively, the standard now() XForm function has become a simple way to crash OOo and render the entire XForm useless. I hope we really understand the magnitude of this bug. A user can no longer even remove the now() funtion from his document if he realizes this is the problem. Let me say it another way: He can't fix his broken XForms document. It is toast. The only way to recovery from this is to unzip the odt file, search for the now() function in content.xml, delete it or replace it with another XForm function, zip up the file again, and finally open it in OOo. safway, I can't repro the crash - please provide detailed steps for the part "Click the calculate Condition button Type one of the example above such as now()+now() or choose your own using the now() function" Attached is a PDF screenshot visually showing what I described in my steps. Please let me know if this is sufficient or not. Created attachment 62689 [details]
Screenshot showing how to recreate crash
Well, after what you said, I decided to download the Windows OO,o 3.1 version and install it on Windows. The problem is not manifest under Windows. I have changed the OS above to reflect that the problem is manifest under Linux. The problem manifests itself under both Ubuntu 10.4 Linux and Suse 11.1 Linux. Also I've discovered same behavour in OOo 3.00 & 3.01/Fedora10/Centos5.3 Confirming as per bigandy. Keywords. reassign to fs to have a look into this issue A big Thank You! Now, let's please not just let it sit here at this stage. :-) The problem is in bad pairing of memory allocation/deallocation functions. I.e. the xmlChar* string representing date is allocated by rtl_allocateMemory (xforms_nowFunction() in forms/source/xforms/xpathlib/xpathlib.cxx), but deallocated by xmlFree on deletion of the representative xmlXPathObject (xmlXPathFreeObject() in xpath.c). Created attachment 63944 [details]
use the right allocation function
dtardon, thanks a ton for your effort! I assume you already filed Joint Copyright Agreement with Sun? Herbert, Philipp, please evaluate the patch so that it would not miss 3.2. TIA. WBR, KP. As a Red Hat employee dtardon is covered by that JCA. The patch looks good to me. Thanks for analyzing this! The issue is already correctly assigned to FS. I'm sure the fix will get on track for OOo3.2 when he returns from his vacation... (back from vacation, sorry for the delay) Will commit the patch to a 3.2-targeted CWS as soon as I have one available, which isn't the case currently. patch committed to CWS dba32f - thanks for providing it! verified the patch made it into CWS dba32f integrated in DEV300_m58 |