Issue 121285 - calc crashes when inserting row's via macro
Summary: calc crashes when inserting row's via macro
Status: CLOSED FIXED
Alias: None
Product: Calc
Classification: Application
Component: ui (show other issues)
Version: 4.0.0-dev
Hardware: All Windows, all
: P3 Critical (vote)
Target Milestone: 4.0.0
Assignee: AOO issues mailing list
QA Contact:
URL:
Keywords: crash, regression
Depends on:
Blocks:
 
Reported: 2012-10-28 15:20 UTC by Oliver Brinzing
Modified: 2013-07-12 11:09 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
test library (7.18 KB, application/x-compressed)
2012-10-28 15:20 UTC, Oliver Brinzing 		no flags Details
test file (13.86 KB, application/vnd.oasis.opendocument.spreadsheet)
2012-10-28 15:21 UTC, Oliver Brinzing 		no flags Details
import lib (41.92 KB, image/gif)
2012-10-29 11:44 UTC, Oliver Brinzing 		no flags Details
installed lib (22.13 KB, image/gif)
2012-10-29 11:45 UTC, Oliver Brinzing 		no flags Details
Test document with Basic libraries embedded (20.82 KB, application/vnd.oasis.opendocument.spreadsheet)
2012-10-29 13:35 UTC, Ariel Constenla-Haile 		no flags Details
patch (638 bytes, patch)
2012-11-08 09:23 UTC, Clarence GUO 		clarence.guo.bj: review?
Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Oliver Brinzing 2012-10-28 15:20:40 UTC 
Created attachment 79832 [details]
test library

aoo3.5m1 rev 1400866 crashes immediately if i run attached macro on attached spreadsheet. the macro insert rows and copy's cell ranges
on the second sheet. don't care about what is really happening.

arielch already found the crash happens asynchronously, 
and there is no direct way to relate it to the macro.

i can confirm crash on Win764bit and WinXP32bit (VM),

please notice: same code run without any problems with aoo3.4.1
and below,  so its a regression.

steps to reproduce:

- unzip attached  "testBibl.zip"
- install macro libryary "testBibl"
- open attached "test_basic_crash.ods" file
- press "click to start" 
- aoo will crash *)

*) maybe you have to increase value in cell "D3" (3 -> insert and copy 3
   times) before you click the button.

btw: if i remove some named ranges, e.g. "G_STOPPZ" before i click start,
        aoo will not crash.
Comment 1 Oliver Brinzing 2012-10-28 15:21:47 UTC 
Created attachment 79833 [details]
test file
Comment 2 Oliver Brinzing 2012-10-28 15:22:04 UTC 
added keywords
Comment 3 Ariel Constenla-Haile 2012-10-28 17:34:15 UTC 
(In reply to comment #0)
> Created attachment 79832 [details]
> test library
> 
> aoo3.5m1 rev 1400866 crashes immediately if i run attached macro on attached
> spreadsheet. the macro insert rows and copy's cell ranges
> on the second sheet. don't care about what is really happening.
> 
> arielch already found the crash happens asynchronously, 
> and there is no direct way to relate it to the macro.

with these stripped version of the document, it's easier to reproduce.
Set a break point in 

ModulZellBereich2.ZeilenOderSpaltenEinfuegen
line 171: oNRanges.getByName(sCpyRange).setContent(sTmpRange)

and run the macro. It will stop in this line with the following values:


sCpyRange = "A_CPY"
sTmpRange = "$ORG_BipoDiff.$B$8:$H$13"

Press Continue. Crash.

#0  0x0000003d9dee59d0 in vtable for __cxxabiv1::__class_type_info () from /lib64/libstdc++.so.6
#1  0x00007f1c91e0bc71 in ScTokenArray::ImplGetReference (this=0x2f85f78, rRange=..., bValidOnly=1 '\001')
    at /build/aoo/src/playground/trunk/main/sc/source/core/tool/token.cxx:1290
#2  0x00007f1c91e0be42 in ScTokenArray::IsValidReference (this=0x2f85f78, rRange=...) at /build/aoo/src/playground/trunk/main/sc/source/core/tool/token.cxx:1315
#3  0x00007f1c91df76ce in ScRangeData::IsValidReference (this=0x2f85f18, rRange=...) at /build/aoo/src/playground/trunk/main/sc/source/core/tool/rangenam.cxx:410
#4  0x00007f1c9177a29f in ScPosWnd::FillRangeNames (this=0x2ce32f0) at /build/aoo/src/playground/trunk/main/sc/source/ui/app/inputwin.cxx:1448
#5  0x00007f1c9177a643 in ScPosWnd::Notify (this=0x2ce32f0, rHint=...) at /build/aoo/src/playground/trunk/main/sc/source/ui/app/inputwin.cxx:1524
#6  0x00007f1cb5574136 in SfxBroadcaster::Broadcast(SfxHint const&) () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsvl.so
#7  0x00007f1c9181fd1f in ScDocFunc::SetNewRangeNames (this=0x7fff342b2df0, pNewRanges=0x333ba68) at /build/aoo/src/playground/trunk/main/sc/source/ui/docshell/docfunc.cxx:4482
#8  0x00007f1c91adb8b0 in ScNamedRangeObj::Modify_Impl (this=0x333baf0, pNewRangeName=0x0, pNewTokens=0x0, pNewContent=0x7fff342b2ea0, pNewPos=0x0, pNewType=0x0, eGrammar=
    formula::FormulaGrammar::GRAM_PODF_A1, pNewScopeName=0x0) at /build/aoo/src/playground/trunk/main/sc/source/ui/unoobj/nameuno.cxx:192
#9  0x00007f1c91adbe45 in ScNamedRangeObj::setContent (this=0x333baf0, aContent="$ORG_BipoDiff.$B$8:$H$13")
    at /build/aoo/src/playground/trunk/main/sc/source/ui/unoobj/nameuno.cxx:265


The backtrace is always the same. The SC_HINT_AREAS_CHANGED is broadcaster asynchronously, the notified instance tries to access a dangling object. That said, I have no idea what that code does, so let's hope someone in the know fixes it.

The crash is reproducible with latest trunk: r1402787
Comment 4 Ariel Constenla-Haile 2012-10-28 18:09:28 UTC 
(In reply to comment #3)
> with these stripped version of the document, it's easier to reproduce.
> Set a break point in 
> 
> ModulZellBereich2.ZeilenOderSpaltenEinfuegen
> line 171: oNRanges.getByName(sCpyRange).setContent(sTmpRange)
> 
> and run the macro. It will stop in this line with the following values:
> 
> 
> sCpyRange = "A_CPY"
> sTmpRange = "$ORG_BipoDiff.$B$8:$H$13"
> 
> Press Continue. Crash.

Another test: stop the macro, without executing that line. It will crash later when you close the document:

Program received signal SIGSEGV, Segmentation fault.
0x0000003d9c07f99c in __GI___libc_free (mem=0x7fd1444f0c58) at malloc.c:2987
2987      ar_ptr = arena_for_chunk(p);
Missing separate debuginfos, use: debuginfo-install gvfs-1.12.3-1.fc17.x86_64 libbluray-0.2.3-1.fc17.x86_64
(gdb) bt
#0  0x0000003d9c07f99c in __GI___libc_free (mem=0x7fd1444f0c58) at malloc.c:2987
#1  0x00007fd156434c90 in rtl_freeMemory (p=0x7fd1444f0c58) at alloc_global.c:308
#2  0x0000000000401569 in deallocate (p=0x7fd1444f0c60, rTraits=...) at /build/aoo/src/playground/trunk/main/sal/cpprt/operators_new_delete.cxx:179
#3  0x00000000004015cd in operator delete (p=0x7fd1444f0c60) at /build/aoo/src/playground/trunk/main/sal/cpprt/operators_new_delete.cxx:196
#4  0x00007fd126f306d2 in formula::FormulaToken::~FormulaToken (this=0x7fd1444f0c60, __in_chrg=<optimized out>)
    at /build/aoo/src/playground/trunk/main/formula/source/core/api/token.cxx:86
#5  0x00007fd127ad2a1c in ScFormulaCell::~ScFormulaCell (this=0x7fd14452e008, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/cell.cxx:828
#6  0x00007fd127ad2ada in ScFormulaCell::~ScFormulaCell (this=0x7fd14452e008, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/cell.cxx:829
#7  0x00007fd127ad0960 in ScBaseCell::Delete (this=0x7fd14452e018) at /build/aoo/src/playground/trunk/main/sc/source/core/data/cell.cxx:170
#8  0x00007fd127af5dc8 in ScColumn::FreeAll (this=0x2ba9108) at /build/aoo/src/playground/trunk/main/sc/source/core/data/column3.cxx:257
#9  0x00007fd127ae6289 in ScColumn::~ScColumn (this=0x2ba9108, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/column.cxx:82
#10 0x00007fd127c10932 in ScTable::~ScTable (this=0x2ba8fb8, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/table1.cxx:142
#11 0x00007fd127b39baa in ScDocument::Clear (this=0x2cf5d10, bFromDestructor=1 '\001') at /build/aoo/src/playground/trunk/main/sc/source/core/data/documen9.cxx:596
#12 0x00007fd127b172e4 in ScDocument::~ScDocument (this=0x2cf5d10, __in_chrg=<optimized out>) at /build/aoo/src/playground/trunk/main/sc/source/core/data/documen2.cxx:415
#13 0x00007fd1276c61de in ScDocShell::~ScDocShell (this=0x2cf5c98, __in_chrg=<optimized out>, __vtt_parm=<optimized out>)
    at /build/aoo/src/playground/trunk/main/sc/source/ui/docshell/docsh.cxx:2611
#14 0x00007fd1276c6392 in ScDocShell::~ScDocShell (this=0x2cf5c98, __in_chrg=<optimized out>, __vtt_parm=<optimized out>)
    at /build/aoo/src/playground/trunk/main/sc/source/ui/docshell/docsh.cxx:2644
#15 0x00007fd15514b155 in SfxViewFrame::ReleaseObjectShell_Impl() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#16 0x00007fd15514bab2 in SfxViewFrame::~SfxViewFrame() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#17 0x00007fd15514bbef in SfxViewFrame::~SfxViewFrame() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#18 0x00007fd15514bdc5 in SfxViewFrame::Close() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
#19 0x00007fd155135367 in SfxFrame::DoClose_Impl() () from /home/ariel/aoo/openoffice.org3/program/../basis-link/program/libsfx.so
Comment 5 Oliver Brinzing 2012-10-28 18:47:44 UTC 
@arielch:
I can confirm your above mentioned scenarios.
for me it will crash always the second time in the loop at ".setcontent"
and if I remove some of the named ranges before running the macro it will not crash immediately, but on close ...
Can we add this to the stopper issues?
Comment 6 Ariel Constenla-Haile 2012-10-28 18:53:14 UTC 
(In reply to comment #5)
> @arielch:
> I can confirm your above mentioned scenarios.
> for me it will crash always the second time in the loop at ".setcontent"
> and if I remove some of the named ranges before running the macro it will
> not crash immediately, but on close ...
> Can we add this to the stopper issues?

we are not in release mode ;) that flag has no meaning right now.

For the last backtrace, the bug seems related to changes in revision 1388342
Comment 7 Ariel Constenla-Haile 2012-10-28 23:13:15 UTC 
(In reply to comment #6) 
> For the last backtrace, the bug seems related to changes in revision 1388342

Reverting that commit there is no crash.
CC'ing the developers.
Comment 8 Clarence GUO 2012-10-29 03:33:53 UTC 
I will investigate this defect.
But could anybody tell me how to install these macro library xba and xlb files in AOO which is mentioned in reproduce step 2?
Comment 9 Oliver Brinzing 2012-10-29 08:01:48 UTC 
>But could anybody tell me how to install these macro library

- unzip the zip "testBilb.zip" file
- open dialog from menu "Tools - Macros - Organize Macros - Ooo-dev Basic..."
- select button "Organizer..."
- select tab "Libraries"
- select button "Import..."
- select from unzipped folder "testBilb" file "script.xlb"
- library will be installed
- restart aoo
Comment 10 Clarence GUO 2012-10-29 09:10:31 UTC 
I cannot reproduce this crash... Only get a error box with message "BASIC runtime error. Sub-procedure or function procedure not defined" when click the button.
Is any of my steps wrong?

What does the reproduce step "maybe you have to increase value in cell "D3" (3 -> insert and copy 3 times) before you click the button" mean? change value from 3 to 4 for example and copy the cell, paste to other cells 3 times?
Comment 11 Oliver Brinzing 2012-10-29 11:43:29 UTC 
>BASIC runtime error. Sub-procedure or function procedure not defined"

this error indicates the library is not installed

please check: "Tools - Macros - Organize Macros - Ooo-dev Basic..."
Comment 12 Oliver Brinzing 2012-10-29 11:44:46 UTC 
Created attachment 79835 [details]
import lib
Comment 13 Oliver Brinzing 2012-10-29 11:45:07 UTC 
Created attachment 79836 [details]
installed lib
Comment 14 Oliver Brinzing 2012-10-29 12:13:31 UTC 
>BASIC runtime error. Sub-procedure or function procedure not defined"

or the basic lib is already installed, but not activated.
in that case open dialog "Tools - Macros - Organize Macros - Ooo-dev Basic..."
and select "+testBibl" (see attached picture "installed lib", the icon will
change from grey to yellow.
Comment 15 Oliver Brinzing 2012-10-29 12:35:10 UTC 
if you add "GlobalScope.BasicLibraries.LoadLibrary("testBibl")"
before "Call ZeilenOderSpaltenEinfuegen(...)", the library will
be activated before the sub is called.


Sub StartKonfig()
 GlobalScope.BasicLibraries.LoadLibrary("testBibl")
 Call ZeilenOderSpaltenEinfuegen(...
End Sub
Comment 16 Ariel Constenla-Haile 2012-10-29 13:35:17 UTC 
Created attachment 79837 [details]
Test document with Basic libraries embedded

@Clarence: this document has the library inside, simply open it and run the macro by pressing the button, it should work :)
Comment 17 Clarence GUO 2012-11-08 09:23:28 UTC 
Created attachment 79880 [details]
patch

In my fix of i120962, I added a pointer pValidRefToken in ScFormulaCell, this pointer will keep the top ScToken in the stack during interpretion if the formula is a reference formula so that any data range defined by a reference formula can get the correct range.
However, in the clone contruction of ScFormulaCell, I simpley assign the pointer from the old ScFormulaCell to the new one. So any delete action in one object will cause invalid reference in another one.
Comment 18 Wang Lei 2012-11-08 09:26:36 UTC 
The patch looks good, submit in revision 1406978
Comment 19 binguo 2012-11-13 05:48:05 UTC 
Verified on build Aoo_Trunk_20121109.1800 rev 1407366, open the sample file with macros, run it, no crash, and also run the scenarios as following:

- unzip the zip "testBilb.zip" file
- open dialog from menu "Tools - Macros - Organize Macros - Ooo-dev Basic..."
- select button "Organizer..."
- select tab "Libraries"
- select button "Import..."
- select from unzipped folder "testBilb" file "script.xlb"
- library will be installed
- restart aoo

No Crash, so this bug is fixed.
Comment 20 binguo 2012-11-13 05:49:46 UTC 
Close it.