https://bugs.freedesktop.org/show_bug.cgi?id=70726
Priority: medium
Bug ID: 70726
CC: [email protected]
Assignee: [email protected]
Summary: abort when printing a particular sheet
Severity: normal
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: All
Status: UNCONFIRMED
Version: 4.2.0.0.alpha0+ Master
Component: Spreadsheet
Product: LibreOffice
When printing a particular sheet, a dbgutil build of LibreOffice aborts because
rtl::OUString::copy has been called with argument count bigger than length of
the string.
I can send the document privately to any bona fide dev wanting to work on this
bug.
However, my guess is that this comes from the String -> OUString conversion in
commit db3f16317e0b0f931fdfcb6f19f8cc474bd70683
Author: Noel Grandin <[email protected]>
Date: Wed Aug 7 14:03:59 2013 +0200
convert String to OUString in VCL
Change-Id: Ie5c6874298641dc6fc1b6b4e2206a704acd7cc10
(gdb) frame 6
#6 0x00007f42266ba660 in vcl::PDFWriterImpl::playMetafile (this=0x43d67d0,
i_rMtf=..., i_pOutDevData=0x0, i_rContext=...,
pDummyVDev=0x43908d0) at
/home/master/src/libreoffice/workdirs/libreoffice-4.2/vcl/source/gdi/pdfwriter_impl2.cxx:845
845 m_rOuterFace.DrawText( pA->GetPoint(),
pA->GetText().copy( pA->GetIndex(), pA->GetLen() ) );
(gdb) print *pA
$9 = (MetaTextAction) {
<MetaAction> = {
_vptr.MetaAction = 0x7f4227040a10,
mnRefCount = 2,
mnType = 112
},
members of MetaTextAction:
maPt = Point = {
x = 6897,
y = 2046
},
maStr = "Prises",
mnIndex = 0,
mnLen = 65535
}
gdb) down
#5 0x00007f4226389f21 in rtl::OUString::copy (this=0x43805a8,
beginIndex=beginIndex@entry=0, count=count@entry=65535)
at
/home/master/src/libreoffice/workdirs/libreoffice-4.2/include/rtl/ustring.hxx:1482
1482 rtl_uString_newFromSubString( &pNew, pData, beginIndex, count
);
(gdb) down
#4 0x00007f422c2502dd in rtl_uString_newFromSubString (ppThis=0x7fffaa6a4978,
pFrom=0x357c620, beginIndex=0, count=65535)
at
/home/master/src/libreoffice/workdirs/libreoffice-4.2/sal/rtl/strtmpl.cxx:1269
1269 assert(false); // fail fast at least in debug builds
(gdb) list
1264 IMPL_RTL_STRINGNAME( assign )( ppThis, const_cast<
IMPL_RTL_STRINGDATA * >( pFrom ) );
1265 return;
1266 }
1267 if ( count < 0 || beginIndex < 0 || beginIndex + count >
pFrom->length )
1268 {
1269 assert(false); // fail fast at least in debug builds
1270 IMPL_RTL_STRINGNAME( newFromLiteral )( ppThis, "!!br0ken!!",
10, 0 );
1271 return;
1272 }
1273
My guess is that length 65535 was a special magic value in the old code, to say
"the whole string", or "undefined" or something like that. But here, it is
suddenly being interpreted as an actual length.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
