Apache OpenOffice (AOO) Bugzilla – Issue 89158
input with MS pinyin 2003, crash.
Last modified: 2009-07-12 19:35:07 UTC
OOo2.4RC6_zh-CN, windowsXP(probobly all the windows OS will occur) 1. Create a calc document, swith input to MS-pinyin2003; 2. input some Chinese characters, go on input, press backspace to delete some pre-input and already input characters. just like we have something wrong with the input character and try to correct it. After several operation, calc will not response, and after a long term of hang, it crashes. with system information tells us Virtual memory low.
this bug may caused by origin oo version mistake. i find a logic fault in function "Font::operator=(const Font& rFont)". the key codes is: if ( rFont.mpImplFont->mnRefCount ) rFont.mpImplFont->mnRefCount++; if ( mpImplFont->mnRefCount ) { if ( mpImplFont->mnRefCount == 1 ) delete mpImplFont; else mpImplFont->mnRefCount--; } mpImplFont = rFont.mpImplFont; return *this; if mpImplFont's mnRefCount more than 1, program will dont delete mpImplFont memory, and then mpImplFont point to another memory(rFont.mpImplFont) which cause memory leak
there are no memory leak if i debug step by step , but memory leak be founded when run the program no break, i think class Font 's functions lack of synchronization.
The font assignment operator is correct this way. Impl_Font is a reference counted structure, meaning many Font objects can point to the same Impl_Font. Only if the last Font object pointing to a specific Impl_Font releases its reference on that Impl_Font that Impl_Font instance gets freed. The concept is similar to what boost::shared_ptr does (e.g. look at http://www.boost.org/doc/libs/1_35_0/libs/smart_ptr/shared_ptr.htm )
during i debug code for this bug, i find class "ImpEditEngine"'s private variable - "aParaPortionList" (type: "ParaPortionList") is the key point. the problem is i don't know the way to initialize or modify this variable content in other modules. and obviously some modules have modified it's content in some place. can you give some tip about how to observe this variable ("aParaPortionList")'s change?
have debug ooo for this bug several days and find the pImplSVData's content's error when the bug occurs , and i find program's message mechanism don't consider the special condtion of MS-pinyin2003 input. when user delete all content of in blue pre-input frame and one already input character,thepSVData->maWinData.mpExtTextInputWin)->ImplGetWindowImpl()- >mbExtTextInput dont equal to NULL which result in a serial logical mistake. I cannt understand the message processing detail part about delete character, can you give me some tip about the message processing ? Thanks you. ------------------------------------------------------------------------------- -
mbExtTextInput on a window gets set the first time an extended text input event occurs on a window (that is you changed the preedit buffer or commited text). It is set to false again when extended input mode is left, that is usually when you committed text. The windows layer in vcl/win/source/window/salframe.cxx notfies this by sending a SALEVENT_ENDEXTTEXTINPUT event to the indpendent layer in vcl/source/window/winproc.cxx.
hi pl: thank you for give me the tip about mbExtTextInput change rule,but i dont find mbExtTextInput be set to false when extended input mode is left in ms-pinyin input by track the program step by step. in face i find program will receive a Event(SALEVENT_ENDEXTTEXTINPUT ) when end of extended input mode by click "enter" or double click "backspace" key,but it dont receive this event when click "backspace" key to quit character in extended input mode in ms- pinyin input. i guest it is the orgin matter that cause this bug.what's your opinion?
still not reproducible - setting worksforme. Please retry with the latest version
worksforme -> closed