Issue 123979 - Crash when selecting last row of particular.doc
Summary: Crash when selecting last row of particular.doc
Alias: None
Product: Writer
Classification: Application
Component: editing (show other issues)
Version: 3.3.0 or older (OOo)
Hardware: PC All
: P3 Major (vote)
Target Milestone: 4.2.0
Assignee: Oliver-Rainer Wittmann
QA Contact:
Keywords: crash
Depends on:
Reported: 2014-01-06 18:31 UTC by Guido Rizzo Cavadi
Modified: 2017-05-20 10:35 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

testkit for bug analysis (31.53 KB, application/zip)
2014-01-07 11:14 UTC, Guido Rizzo Cavadi
no flags Details
step-by-step pdf tutorial w. screenshots to cause bug (58 bytes, text/plain)
2014-01-07 11:15 UTC, Guido Rizzo Cavadi
no flags Details
Minimum Sample what reproduces Crash (10.72 KB, application/vnd.oasis.opendocument.text)
2014-01-07 12:39 UTC, Rainer Bielefeld
no flags Details

Note You need to log in before you can comment on or make changes to this issue.
Description Guido Rizzo Cavadi 2014-01-06 18:31:15 UTC
I would like to inform developers about a recurring error I experienced several times that caused the program to crash without getting back to working status (and made me lost all unsaved work every time I experienced this issue).

This specific issue recurs when doing the following steps:

1- Open any text file (I tested with .doc and .odt files only but I think this bug is not related to the format of file).

2- Manually select paragraphs/rows of text by holding LEFT-SHIFT and LEFT-CTRL and pressing DOWN ARROW key as many times as many paragraphs/rows you want to select.

3- When you get to the last row of document, if you keep holding LEFT-SHIFT and LEFT-CTRL and press RIGHT ARROW key, you cause the bug and the program crashes.

It doesn't matter how much text you manually select because it seems that only manually selecting last row causes the bug to happen.

I hope you fix it in the next update.

Best regards,
Comment 1 Rainer Bielefeld 2014-01-07 06:22:47 UTC
NOT reproducible with "AOO 4.0.1   – German UI / German locale  [Rev. 1524958 2013-09-20 11:40:29]" on  German WIN7 Home Premium (64bit)", “historic”  4.0  User Profile used for all  predecessor versions.

1. From AOO Start Center 'File' menu
   open "readme.txt" in <C:\Program Files (x86)\OpenOffice 4>
   Document with heading "OpenOffice 4.0.1 Lies Mich" will open
2. Click left from first word below heading
3. Press <control+shift+downarrow> until last row of document has been selected
   (+ 1s longer)
   > All document contents selected
4. release <downarrow> (keep <control+shift> pressed
5. <rightarrow>
   > Does not crash

Additional info:
(m) without influence are
(m1) Autospell on / off
(m2) Whether I use arrow keys or arrow keys in numeric keys block
(m3) Starting (step 2) at different places in the document
(n) Also not reproducible with some of my other normal .odt I use every day
Thank you for your feedback – unfortunately important information we will 
need to reproduce your problem is missing.
Please add all information requested in following:
a) Write a meaningful Summary describing exactly what the problem is
b) Attach a sample document (not only screenshot) or refer to an existing 
  sample document in an other Bug with a link; to attach a file to this 
  bug report, just click on "Add an attachment" right on this page.
  If you want to attach a test kit with multiple documents zip them into
  a single and attach the
c) Contribute a document related step by step instruction containing every 
  key press and every mouse click how to reproduce your problem 
d) Attach screenshots with comments if you believe that that might explain the 
  problem better than a text comment. Best way is to insert your screenshots
  into a DRAW document and to add comments that explain what you want to show
e) if possible contribute an instruction how to create a sample document 
  from the scratch
f) add information 
  f3) concerning your PC (video card, ...)
  f4) concerning your Operating System (Version, Distribution, Language)
  f5) concerning your AOO version (with Build/revision ID if it's not a 
     public release) and localization (UI language, Locale setting)
  f6) AOO settings that might be related to your problems 
     (video hardware acceleration, ...)
  f7) how you launch AOO and how you opened the sample document
  f8) Whether your problem persists when you renamed your user profile 
     (Quit Quickstart before!) before you launch AOO (please see
  f9) Whether that worked in former OOO / AOO Versions
Comment 2 Guido Rizzo Cavadi 2014-01-07 11:14:50 UTC
Created attachment 82233 [details]
testkit for bug analysis
Comment 3 Guido Rizzo Cavadi 2014-01-07 11:15:35 UTC
Created attachment 82234 [details]
step-by-step pdf tutorial w. screenshots to cause bug
Comment 4 Guido Rizzo Cavadi 2014-01-07 11:35:46 UTC
PC specs:
- O.S. (genuine) Windows 7 Home Premium 64 bit - Italian
- RAM: 4,00 GB
- Processor:  Intel Core I5-2320 @ 3GHz
- Video card: NVIDIA GeForce GT520 (default video card supplied)

AOO specs:
- Version: 4.0.1
- Build: 9714
- Rev: 1524958
- Language: Italian

Further note:
Quickstart disabled. I disabled OpenOffice run on Windows startup.
I mostly use Writer program and I mostly run it straight from my documents by double-clicking them wherever they are stored in my PC.
When I want to make new project, I run program from OpenOffice Writer shortcut in Programs Folder under Start menu.

Some custom settings I have memory about are:
- Customized font/size/colour for default writing: Arial, 12, Blue
- Save info for automatic backup every 1 minute (I put this setting after experiencing the same bug many many times because I wanted to protect somehow my work from the bug; now that I figured out how to reproduce bug, I might change again this setting but, since it doesn't give me any trouble, I left it to 1 minute)
- User data customized with my real name
- Rulers are not shown

Any other setting related to OpenOffice Writer program, I think it is left to default.
Comment 5 Rainer Bielefeld 2014-01-07 12:24:06 UTC
Reproducible with reporter's sample document "A03 - Reato.doc" (others too) and "AOO 4.0.1   – German UI / German locale  [Rev. 1524958 2013-09-20 11:40:29]" on  German WIN7 Home Premium (64bit)", “historic”  4.0  User Profile used for all  predecessor versions:

1. From AOO Start Center open sample document via File menu
2. Press <control+shift+downarrow> until last row of document has been selected
   (+ 1s longer)
   > All document contents selected
3. release <downarrow> (keep <control+shift> pressed
4. <rightarrow>
   > AOO stops responding

Additional info:
(o) also crashes after I used menu 'Format -> Default Formatting'
(p) Even after I deleted all contents from document I was able to reproduce 
    the crash
(q) already 
(r) still worked fine with 
* OOo 2.0.2
Can you narrow down the root of the problem? Vague suspect: might have to do with
the hidden picture at the end of the document? Unfortunately I don't know how to handle hidden Pictures, but I can see it with OOo 1.1.5?
Can you tell us how to create such a document?
Comment 6 Rainer Bielefeld 2014-01-07 12:39:48 UTC
Created attachment 82235 [details]
Minimum Sample what reproduces Crash
Comment 7 Rainer Bielefeld 2014-01-07 12:55:22 UTC
But definitively should not crash ...
Comment 8 Rainer Bielefeld 2014-01-07 13:02:02 UTC
picture image graphicReproducible with LibO Build 350m1(Build:2) on UBUNTU Linux 12.04 x64 (VirtualBox)
Comment 9 Guido Rizzo Cavadi 2014-01-07 14:20:56 UTC
I forgot to specify that most of my documents have NOT been created from scratch (Start menu -> OpenOffice Writer shortcut).  

Instead, I created each new document by making a copy of previous document file and writing new text inside it (I will call "cloning method"). So, for example:
- I had document A;
- then I made a copy of "document A" which I renamed "document B" and whose content I changed accordingly to what I needed to write;
- then I made a copy of "document B" which I renamed "document C" and whose content I changed accordingly to what I needed to write;
- then I made a copy of "document C" which I renamed "document D" and whose content I changed accordingly to what I needed to write;
- and so on...

Reason of my behaviour is I wanted to keep the same looking for all documents that needed to be collected in the same "book" and I didn't want to check, every time I had to made new document, what font/size I choosed for title and for the main text in the previous document. Therefore I used cloning method and I just overwrote new text above the previous one.

Since I wrote lot of documents with this method, I don't remember anymore which one is the original source file I used. However, it seems this original source file got some minor corruption error which has been "cloned" as well as the rest of document every time I made new document. This may be the reason why this bug seems only to affect my files and not the files belonging to Rainer Bielefeld.

Assuming this hypothesis is true and thanks to feedback comments sent from Rainer Bielefeld, I made two test in order to check if bug still happens.
Therefore I created two documents from scratch (Start menu -> OpenOffice Writer shortcut): first document I wrote some example text and second document I copied/pasted text from "A03 - Reato.doc" sample file. Both tests failed because bug didn't occur (side effect detected on Test #2 is that text got pasted with some black coloured paragraphs and some blue coloured ones).

Possible conclusion: I got a lightly-corrupted document which affected all the following documents created upon it. It seems this is not an actual bug of program but just an error of my saved documents only.

Thank you very much for your attention to my case.
Comment 10 Armin Le Grand 2014-02-24 22:40:08 UTC
Loaded minimal example from comment 6 on Win7 version 'AOO410m1(Build:9750)  -  Rev. 1569541', no crash here (but an empty document)
Comment 11 Rainer Bielefeld 2014-02-25 05:25:44 UTC
(In reply to Armin Le Grand from comment #10)
> , no crash here (but an empty document)

Did you do complete test due to Comment 5?
Comment 12 Armin Le Grand 2014-02-25 15:57:34 UTC
@Rainer: As I wrote, just loaded minimum sample from comment 6, using description from comment 5 makes the office hang as described. I get the following stack when breaking:

>	sw.dll!SwTxtFrm::IsA(void * (void)* aSameOrSuperType)  Line 90	C++
 	sw.dll!SwClientIter::First(void * (void)* nType)  Line 495 + 0x1a bytes	C++
 	sw.dll!SwIterator<SwFrm,SwModify>::First()  Line 35 + 0x17 bytes	C++
 	sw.dll!GetFrmOfModify(const SwRootFrm * pLayout, const SwModify & rMod, const unsigned short nFrmType, const Point * pPoint, const SwPosition * pPos, const unsigned char bCalcFrm)  Line 3399 + 0x8 bytes	C++
 	sw.dll!SwCntntNode::getLayoutFrm(const SwRootFrm * _pRoot, const Point * pPoint, const SwPosition * pPos, const unsigned char bCalcFrm)  Line 1154 + 0x1f bytes	C++
 	sw.dll!SwCursor::IsSelOvr(int eFlags)  Line 418 + 0x69 bytes	C++
 	sw.dll!SwShellCrsr::IsSelOvr(int eFlags)  Line 942	C++
 	sw.dll!SwCursor::LeftRight(unsigned char bLeft, unsigned short nCnt, unsigned short nMode, unsigned char bVisualAllowed, unsigned char bSkipHidden, unsigned char bInsertCrsr)  Line 1770 + 0x3b bytes	C++
 	sw.dll!SwCrsrShell::LeftRight(unsigned char bLeft, unsigned short nCnt, unsigned short nMode, unsigned char bVisualAllowed)  Line 412 + 0x54 bytes	C++
 	sw.dll!SwCrsrShell::Right(unsigned short nCnt, unsigned short nMode, unsigned char bAllowVisual)  Line 381 + 0x20 bytes	C++
 	sw.dll!SwWrtShell::_NxtWrd()  Line 94 + 0xe bytes	C++
 	sw.dll!SwWrtShell::SimpleMove(unsigned char (void)* FnSimpleMove, unsigned char bSelect)  Line 97 + 0x9 bytes	C++
 	sw.dll!SwWrtShell::NxtWrd(unsigned char bSelect)  Line 204 + 0x2c bytes	C++
 	sw.dll!SwTextShell::ExecMoveLingu(SfxRequest & rReq)  Line 211 + 0x19 bytes	C++

Setting a breakpoint in SwWrtShell::_NxtWrd() in wrtsh4.cxx line 94 shows that writer loops there.
If forcing to leave that loop it stays in the next loop (line 105). If also forcing to leave that loop then AOO continues to run.
Maybe we should check why it can loop endlessly or the loop should get a max count to break it ...(?)
Comment 13 Armin Le Grand 2014-02-25 15:58:37 UTC
Adding olli to cc...
Comment 14 Oliver-Rainer Wittmann 2014-02-28 10:23:34 UTC
taking over to have a look
Comment 15 Oliver-Rainer Wittmann 2014-02-28 10:48:52 UTC
The documents contain some Microsoft Word binary file format magic:
- At the end of the document is a paragraph with an as-character anchored images. The characters of this paragraph are hidden. Microsoft Word uses these 'hidden' images for graphic bullet lists.

I strongly assume that the hidden characters at the end of the document causes which Armin has found.

I reproduced the freeze also in OOo 3.0.0 and OOo 3.3.0
--> adjusting version field
Comment 16 SVN Robot 2014-03-05 13:29:11 UTC
"orw" committed SVN revision 1574468 into trunk:
123979: method <SwCursor::IsSelOvr(..)> - treat application of new position d...
Comment 17 Oliver-Rainer Wittmann 2014-03-17 07:02:38 UTC
fixed on trunk