124338 – Crash when opening ODF document containing combination of alphabetical index mark and bookmark at a paragraph

Issue 124338 - Crash when opening ODF document containing combination of alphabetical index mark and bookmark at a paragraph

Summary: Crash when opening ODF document containing combination of alphabetical index ...

Status:	CLOSED FIXED

Alias:	None

Product:	Writer
Classification:	Application
Component:	code (show other issues)
Version:	4.1.0-dev
Hardware:	PC Windows 7

Importance:	P3 Major (vote)
Target Milestone:	4.1.0
Assignee:	Oliver-Rainer Wittmann
QA Contact:	Edwin Sharp

URL:	http://www.libreoffice.org/get-help/d...
Keywords:	crash, regression

Depends on:
Blocks:

Reported:	2014-02-28 08:16 UTC by Edwin Sharp
Modified:	2017-05-20 10:35 UTC (History)
CC List:	3 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Flags:	jsc: 4.1.0_release_blocker+

Attachments
simple sample document created with AOO 4.0.1 (9.28 KB, application/vnd.oasis.opendocument.text) 2014-03-04 10:37 UTC, Oliver-Rainer Wittmann	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Edwin Sharp 2014-02-28 08:16:17 UTC

1) Download odt from URL
2) Open file

-> Crash (checked with Calc and Writer guides).

AOO410m14(Build:9760)  -  Rev. 1572807
Rev.1572807

OK with OpenOffice.org 2.4.3

Comment 1 Andre 2014-02-28 12:53:38 UTC

Crashes in MarkManager::deleteMark(const const_iterator_t) (sw/source/core/doc/docbm.cxx:814) in the IDocumentMarkAccess::UNO_BOOKMARK case:
lcl_FindMark() returns end() which is used unchecked as argument to erase().

@ORW: please have a look.

Comment 2 Oliver-Rainer Wittmann 2014-02-28 13:11:38 UTC

working on a solution

Documents open fine in AOO 4.0.1

Comment 3 Oliver-Rainer Wittmann 2014-03-04 09:35:50 UTC

fix in progress

This crash has been introduced in by the changes for the enhancement 'annotations/comments on text ranges' - bug 123771
--> it should be fixed for AOO 4.1

root cause:
the internally used containers for marks need to be sorted, but certain insert text actions 'breaks' the sorting.

Comment 4 Oliver-Rainer Wittmann 2014-03-04 10:37:00 UTC

Created attachment 82788 [details]
simple sample document created with AOO 4.0.1

document created with AOO 4.0.1 to reproduce this crash

Comment 5 Edwin Sharp 2014-03-04 10:58:58 UTC

(In reply to Oliver-Rainer Wittmann from comment #4)
> document created with AOO 4.0.1 to reproduce this crash
Crash with
AOO410m14(Build:9760)  -  Rev. 1572807
Rev.1572807
OK with OpenOffice.org 2.4.3
Win 7

Comment 6 SVN Robot 2014-03-04 12:35:02 UTC

"orw" committed SVN revision 1574058 into trunk:
124338: assure sorted mark containers when updating <SwIndex> instances due t...

Comment 7 jsc 2014-03-04 13:33:47 UTC

grant showstopper flag

Comment 8 SVN Robot 2014-03-04 14:39:44 UTC

"orw" committed SVN revision 1574113 into branches/AOO410:
124338: assure sorted mark containers when updating <SwIndex> instances due t...

Comment 9 Oliver-Rainer Wittmann 2014-03-04 14:41:24 UTC

Fixed for next release on trunk and on branch AOO410

Comment 10 Oliver-Rainer Wittmann 2014-03-05 10:06:54 UTC

The found defect is a general one when deleting a certain mark (1). The code for deleting a mark relies on the fact that the internal used containers for the marks are sorted. The sorting is based on the mark's starting position. The sorting 'got lost' in the following use case:
- There is a mark M1 at certain position X in paragraph P. It marks the position, not a text range
- There is another mark M2 which marks text range X..X+n in paragraph P.
- As M1's and M2's start position is X sorting in the internal containers is not relevant. As M2 is created after M1 the containers hold M2 before M1.
- Now, a character is inserted at position X in paragraph P.
--> mark M1 still marks position X in paragraph P, while M2 marks now text range X+1..X+1+n in paragraph P, but the internal containers holding M2 and M1 are not sorted.
- Now, delete M1
--> crash, because deleting code assumes sorted container and thus, does not found corresponding mark in the containers.

In the given documents M1 is a UNO mark and M2 is a Bookmark. The inserted character is a place-holder character inserted for the alphabetical index after M1 and M2 has been created. The UNO mark holding certain text positions for the ODF import is deleted afterwards and this caused the crash.

A manual use case is that M1 and M2 are both Bookmarks created by the user in a new or existing text document. The inserted character is also inserted by the user after the creation of M1 and M2. Afterwards M1 has to be deleted manually by the user. This use case also causes a crash in former OpenOffice versions, but not whose which are using STLport as STLport seems to be fault-tolerant when erasing 'end' iterators from a container. Thus, AOO 4.0.0 and AOO 4.0.1 are crashing. Former version on non-Windows platform may be crashing.

The crash becomes more visible in 4.1.0 code line as for the annotation marks further internal mark containers had been introduced.

Footnotes:
(1) Internally, OpenOffice Writer has certain mark types. These are:
- Bookmarks
- Cross-reference marks
- Fieldmarks
- Navigator reminders
- DDE marks
- UNO marks (also used during the ODF import)
- Annotation marks

Comment 11 jsc 2014-04-01 08:22:34 UTC

not 100% sure if it is really platform dependent, no crash on MacOS. Will check Windows and Linux as well

Comment 12 jsc 2014-04-02 14:54:01 UTC

verified with AOO 4.1 RC on MacOS and Windows

AOO410m15(Build:9761)  -  Rev. 1583666
2014-04-01 13:46:49 (Tue, 01 Apr 2014)