Apache OpenOffice (AOO) Bugzilla – Issue 99894
Using the now() XPath function in XForms crashes or lock up OO.o and corrupts your file.
Last modified: 2010-04-22 12:09:15 UTC
Details: The now() XPath function works fine by itself in OO.o, but the moment you try to use it with anything else (such as calculations or other functions), OO.o either crashes or freezes. What I have done: * Tried to use now() with operations such as + and - and OO.o still crashes. * Tried to use now() with other functions and OO.o still crashes. * Tried to reference the now() function using XPath nodes and THAT WORKS but is roundabout. Rational: OO.o should not need to have one XPath node have the now() value and require another node to reference that node in order to do any operation. OO.o should be able to, for example, work with substring(now(), 1, 4) or days-from-date(now()) or now()-1 or now()+now() without crashing. Steps to reproduce: Open a new XForm File New XML Form Document Ensure form control toolbar is enabled: View Toolbars Form controls Ensure form design toolbar is enabled: View Toolbars Form design Ensure XML Data Navigator window is enabled: Withing Form design toolbar toggle on XML data navigator using icon Insert a node using the XML data navigator In the XML data navigator, click the instance tab Right-click the instanceData and select to edit element This brings up the edit element window Alter the element (also called node) data From the edit element window go to the Settings section Select any of the checkboxes in the Settings section, say calculate Click the calculate Condition button Type one of the example above such as now()+now() or choose your own using the now() function Poof. . . OO.o is either locked or crashes.
I was told by es@openoffice.org that I should reassign XForm issues to MSC.
Reassigned to MSC
This is even worse now with OOo version 3.1. OOo now crashes/locks up when ANY data changes in the instance tree when you are using now() ANYWHERE in your XForm. Even if you use now() all by itself!!!! Effectively, the standard now() XForm function has become a simple way to crash OOo and render the entire XForm useless.
I hope we really understand the magnitude of this bug. A user can no longer even remove the now() funtion from his document if he realizes this is the problem. Let me say it another way: He can't fix his broken XForms document. It is toast.
The only way to recovery from this is to unzip the odt file, search for the now() function in content.xml, delete it or replace it with another XForm function, zip up the file again, and finally open it in OOo.
safway, I can't repro the crash - please provide detailed steps for the part "Click the calculate Condition button Type one of the example above such as now()+now() or choose your own using the now() function"
Attached is a PDF screenshot visually showing what I described in my steps. Please let me know if this is sufficient or not.
Created attachment 62689 [details] Screenshot showing how to recreate crash
Well, after what you said, I decided to download the Windows OO,o 3.1 version and install it on Windows. The problem is not manifest under Windows. I have changed the OS above to reflect that the problem is manifest under Linux. The problem manifests itself under both Ubuntu 10.4 Linux and Suse 11.1 Linux.
Also I've discovered same behavour in OOo 3.00 & 3.01/Fedora10/Centos5.3
Confirming as per bigandy. Keywords.
reassign to fs to have a look into this issue
A big Thank You! Now, let's please not just let it sit here at this stage. :-)
The problem is in bad pairing of memory allocation/deallocation functions. I.e. the xmlChar* string representing date is allocated by rtl_allocateMemory (xforms_nowFunction() in forms/source/xforms/xpathlib/xpathlib.cxx), but deallocated by xmlFree on deletion of the representative xmlXPathObject (xmlXPathFreeObject() in xpath.c).
Created attachment 63944 [details] use the right allocation function
dtardon, thanks a ton for your effort! I assume you already filed Joint Copyright Agreement with Sun? Herbert, Philipp, please evaluate the patch so that it would not miss 3.2. TIA. WBR, KP.
As a Red Hat employee dtardon is covered by that JCA.
The patch looks good to me. Thanks for analyzing this! The issue is already correctly assigned to FS. I'm sure the fix will get on track for OOo3.2 when he returns from his vacation...
(back from vacation, sorry for the delay) Will commit the patch to a 3.2-targeted CWS as soon as I have one available, which isn't the case currently.
patch committed to CWS dba32f - thanks for providing it!
verified the patch made it into CWS dba32f
integrated in DEV300_m58