Issue 117962 - crash comparing documents
Summary: crash comparing documents
Status: CLOSED FIXED
Alias: None
Product: Writer
Classification: Application
Component: code (show other issues)
Version: 3.4.0 Beta (OOo)
Hardware: PC Windows NT
: P3 Normal (vote)
Target Milestone: ---
Assignee: mst.ooo
QA Contact: issues@sw
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2011-04-29 17:51 UTC by Mathias_Bauer
Modified: 2012-06-20 05:53 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description Mathias_Bauer 2011-04-29 17:51:23 UTC
load testautomation/writer/optional/input/regression/issuezilla/i65094a.odt

Edit - CompareDocuments

with

load testautomation/writer/optional/input/regression/issuezilla/i65094b.odt

Crash

worked fine in OOo3.2
Comment 1 Mathias_Bauer 2011-04-29 17:58:59 UTC
find in DEV300 m103
broken in DEV300 m106
Comment 2 Mathias_Bauer 2011-05-02 10:22:19 UTC
so candidates for regression are: sw34bf04 and sw34bf05
Comment 3 mst.ooo 2011-05-02 15:10:10 UTC
for me it works with m103, m104 and crashed with m105, m106

it crashes because in SwFrm::SetInfFlags the pointer pUpper is invalid
Comment 4 Mathias_Bauer 2011-05-02 16:52:17 UTC
Further investigation revealed that it worked in sw34bf04, so the culprit is in sw34bf05.
Comment 5 Mathias_Bauer 2011-05-02 22:09:15 UTC
The "naughty change" is 77412d1dc47a, done by od:

#i76669# - reestablish call-back DrawingLayer to Writer in order to let the Writer decide, if a certain draing object should be drawn or not.
Comment 6 mst.ooo 2011-05-04 09:46:01 UTC
valgrind says:

==29049== Invalid read of size 4
==29049==    at 0x10AD154C: SwAnchoredObject::AnchorFrm() (anchoredobject.cxx:166)
==29049==    by 0x10A18939: SwDrawContact::GetAnchorFrm(SdrObject*) (dcontact.cxx:904)
==29049==    by 0x10B5C509: SwFlyFrm::IsPaint(SdrObject*, ViewShell const*) (paintfrm.cxx:3457)
==29049==    by 0x10B5A34E: (anonymous namespace)::SwViewObjectContactRedirector::createRedirectedPrimitive2DSequence(sdr::contact::ViewObjectContact const&, sdr::contact::DisplayInfo const&) (paintfrm.cxx:2731)
==29049==    by 0xDF9EBB6: sdr::contact::ViewObjectContact::getPrimitive2DSequence(sdr::contact::DisplayInfo const&) const (in /net/x4240-so2/export/home/ms216673/inst/OO_sw34bf06_li/OOo_3.4.0_Linux_x86_install-arc_en-US/openoffice.org/basis3.4/program/libsvxcoreli.so)

==29049==  Address 0xcb5e5f0 is 4 bytes after a block of size 36 alloc'd
==29049==    at 0x4024F50: malloc (vg_replace_malloc.c:236)
==29049==    by 0x40296F4: rtl_allocateMemory (in /so/ws/DEV300/unxlngi6/lib.m106/libsalalloc_malloc.so.3)
==29049==    by 0x8049046: ??? (in /net/x4240-so2/export/home/ms216673/inst/OO_sw34bf06_li/OOo_3.4.0_Linux_x86_install-arc_en-US/openoffice.org3/program/soffice.bin)
==29049==    by 0x8049185: operator new(unsigned int) (in /net/x4240-so2/export/home/ms216673/inst/OO_sw34bf06_li/OOo_3.4.0_Linux_x86_install-arc_en-US/openoffice.org3/program/soffice.bin)
==29049==    by 0x10DABA98: SwXFrame::GetOrCreateSdrObject(SwFlyFrmFmt*) (unoframe.cxx:905)
==29049==    by 0x109214BE: SwDoc::CopyLayoutFmt(SwFrmFmt const&, SwFmtAnchor const&, bool, bool) (doclay.cxx:445)

the allocation site:
  SwFlyDrawContact* pContactObject
      = new SwFlyDrawContact( pFmt, pDrawModel );

but SwDrawContact does not derive from SwFlyDrawContact:
both SwDrawContact and SwFlyDrawContact are direct subclasses of SwContact.
=> somewhere there is a wrong static cast
Comment 7 Oliver-Rainer Wittmann 2011-05-06 07:23:30 UTC
fixed in cws sw34bf06 - changed file:
/sw/source/core/layout/paintfrm.cxx,
change set http://hg.services.openoffice.org/cws/sw34bf06/rev/5f7a7d1da132

od->mst,mba: can one of you review the fix?
Comment 8 mst.ooo 2011-05-06 09:36:52 UTC
SwFlyDrawContact is always created with a SwFlyDrawObj, so i guess od fixed it.
Comment 9 Oliver-Rainer Wittmann 2012-06-13 12:33:27 UTC
getting rid of value "enhancement" for field "severity".
For enhancement the field "issue type" shall be used.
Comment 10 binguo 2012-06-20 05:53:19 UTC
Verified it on Aoo_Trunk_20120616.1800.1350879 and it does not reproduce, so close it as fixed.