Issue 125071 - When saving as doc, odt file crashes and immediately recovers
Summary: When saving as doc, odt file crashes and immediately recovers
Status: CLOSED FIXED
Alias: None
Product: Writer
Classification: Application
Component: save-export (show other issues)
Version: 4.2.0-dev
Hardware: All All
: P2 Normal (vote)
Target Milestone: 4.2.0
Assignee: hdu@apache.org
QA Contact:
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2014-06-08 00:13 UTC by Keith N. McKenna
Modified: 2017-05-20 10:35 UTC (History)
3 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
File I was saving as .doc format to share with a Microsoft Word user (20.86 KB, application/unknown)
2014-06-08 00:13 UTC, Keith N. McKenna 		no flags Details
relevant part of the save-as-doc crash stack (1.46 KB, text/plain)
2014-06-11 15:14 UTC, hdu@apache.org 		no flags Details
check SwFmt::GetItemState()'s ppItem for NULL (526 bytes, patch)
2014-06-11 15:47 UTC, hdu@apache.org 		no flags Details | Diff
check SwFmt::GetItemState()'s ppItem for NULL (791 bytes, patch)
2014-06-12 08:26 UTC, hdu@apache.org 		orw: review+
Details | Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Keith N. McKenna 2014-06-08 00:13:05 UTC 
Created attachment 83528 [details]
File I was saving as .doc format to share with a Microsoft Word user

Using administrative install of 4.2.0-dev_1600106. When doing a save as to Microsoft Wrod 97/2000/XP (.doc) format the odt file crashes and immediately recovers. Saving to .doc format is never accomplished.

Steps to cause problem

Open or create a writer document
add some text
file->save as
choose Micrsoft Word 97/2000/XP (.doc)
click save

Expected Result: file saves in .doc format
Actual Result: odt file crashes and immediately recovers.
Comment 1 hdu@apache.org 2014-06-11 14:05:53 UTC 
I saw a similar problem with tonight's buildbot build r1601656 when some of the autotests such as "fvt.uno.sw.DocumentTest:testSaveAsDocument()" failed because of such a crash.

Shortly before the crash it said: "formats.cxx:462 Do no longer use SvxBrushItem, instead use [XATTR_FILL_FIRST..XATTR_FILL_LAST] FillAttributes (simple fallback is in place and used)".

I'll attach a crash backtrace which shows an access violation at main/sw/source/core/attr/format.cxx:481 when it assigns zero to *ppItem, which unfortunately is NULL.

The crash stack and the error message suggest that the changes for issue 124638 might have caused this regression.
Comment 2 hdu@apache.org 2014-06-11 15:14:53 UTC 
Created attachment 83537 [details]
relevant part of the save-as-doc crash stack
Comment 3 hdu@apache.org 2014-06-11 15:47:50 UTC 
Created attachment 83538 [details]
check SwFmt::GetItemState()'s ppItem for NULL

The SwFmt::GetItemState() method shoud check its ppItem pointer argument before assigning something into it, because NULL is the default value according to main/sw/inc/format.hxx and thus is allowed.

The suggested patch solves the crash for both Keith's sample document and for the autotests, but debug logging still emits warnings like "Unhandled SfxPoolItem with id X" which hint at a deeper problem.
Comment 4 Oliver-Rainer Wittmann 2014-06-12 06:55:51 UTC 
take over for patch review and further investigations
Comment 5 hdu@apache.org 2014-06-12 08:26:39 UTC 
Created attachment 83542 [details]
check SwFmt::GetItemState()'s ppItem for NULL
Comment 6 Oliver-Rainer Wittmann 2014-06-12 08:52:33 UTC 
Comment on attachment 83542 [details]
check SwFmt::GetItemState()'s ppItem for NULL

adjusted patch looks good - bring it into trunk
Comment 7 SVN Robot 2014-06-12 09:08:54 UTC 
"hdu" committed SVN revision 1602097 into trunk:
#i125071# check SwFmt::GetItemState()'s ppItem parameter for NULL
Comment 8 hdu@apache.org 2014-06-12 09:14:17 UTC 
The crash is fixed with the commit above.

I suggest to fix the other problems with FillAttributes and unhandled SfxPoolItems in an own bug or in issue 124638.