Issue 122591 - Link to External Data crash
Summary: Link to External Data crash
Status: CLOSED FIXED
Alias: None
Product: Calc
Classification: Application
Component: open-import (show other issues)
Version: 4.0.0-dev
Hardware: All Windows, all
: P3 Blocker (vote)
Target Milestone: 4.0.0
Assignee: Oliver-Rainer Wittmann
QA Contact:
URL:
Keywords: crash, regression, release_blocker
Depends on:
Blocks:
 
Reported: 2013-06-25 13:59 UTC by Ariel Constenla-Haile
Modified: 2017-05-20 11:42 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---
jsc: 4.0.0_release_blocker+

Attachments
Backtrace (1.66 KB, text/plain)
2013-06-25 13:59 UTC, Ariel Constenla-Haile 		no flags Details
Dummy fix (1019 bytes, patch)
2013-06-25 14:00 UTC, Ariel Constenla-Haile 		no flags Details | Diff
Another dummy fix (3.62 KB, patch)
2013-06-25 14:01 UTC, Ariel Constenla-Haile 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Ariel Constenla-Haile 2013-06-25 13:59:09 UTC 
Created attachment 80909 [details]
Backtrace

- New Calc document
- Menu "Insert" - "Link To External Data..."
- In the "External Data" dialog, enter http://quickfacts.census.gov/qfd/states/01000.html in "URL of external data source" and press Enter, waiting a few seconds until the "Import Options" dialogue appears
- Press OK on the "Import Options" dialogue

AOO crashes.

Regression introduced by STLport removal.

Default constructed map iterators in ScHTMLTableIterator (sc/source/filter/html/htmlpars.cxx) do not have a container, this causes a crash with the iterator's operator== implementation in <xtree>.
Comment 1 Ariel Constenla-Haile 2013-06-25 14:00:39 UTC 
Created attachment 80910 [details]
Dummy fix

Checks the iterator validity with a flag
Comment 2 Ariel Constenla-Haile 2013-06-25 14:01:28 UTC 
Created attachment 80911 [details]
Another dummy fix

Removes ScHTMLTableIterator
Comment 3 jsc 2013-06-25 14:04:48 UTC 
set showstopper flag
Comment 4 Rob Weir 2013-06-25 18:36:12 UTC 
I wonder, is there any way to search for other occurrences of this kind of problem?
Comment 5 hdu@apache.org 2013-06-26 08:55:02 UTC 
(In reply to Rob Weir from comment #4)
> I wonder, is there any way to search for other occurrences of this kind of
> problem?

The crash happens when uninitialized iterators are dereferenced in MSVC's iterator debugging which is only enabled in developer builds (a.k.a as non-product / dbgutil-enabled builds). On MSVC2008_SP1's xtree the illegal dereferencing is protected by an _Has_container() check.

AFAIK there are two ways to search for such problems. A non-product build that was created on a system with such an older MSVC xtree header that doesn't do the _Has_container() check before dereferencing a container is needed for both ways:
- run the automatic tests on that build
- coverity is good at finding uses of uninitialized stuff and if such a cov-special build was submitted to their scan service there is a chance that it would be reported as medium or high impact problem.

Regarding the patches suggested by Ariel either one is fine: the first is minimally invasive and clear whereas the second results in cleaner code as it also removes a quite superfluous class.
Comment 6 Oliver-Rainer Wittmann 2013-07-02 08:23:55 UTC 
taking over to get the Ariel's patch into trunk for AOO 4.0
Comment 7 SVN Robot 2013-07-02 09:00:26 UTC 
"orw" committed SVN revision 1498846 into trunk:
122591: correct the iteration on an HTML table
Comment 8 Oliver-Rainer Wittmann 2013-07-02 09:14:25 UTC 
applied patch on trunk for AOO 4.0
Comment 9 liuping 2013-07-10 06:05:24 UTC 
Verify  Rev. 1499347 on Windows 7