[Libreoffice-bugs] [Bug 44721] New: Report builder: upon mouse-resize control, (nearly) infinite loop and memory consumption

Thu, 12 Jan 2012 06:29:54 -0800 

https://bugs.freedesktop.org/show_bug.cgi?id=44721

             Bug #: 44721
           Summary: Report builder: upon mouse-resize control, (nearly)
                    infinite loop and memory consumption
    Classification: Unclassified
           Product: LibreOffice
           Version: LibO 3.5.0 Beta3
          Platform: Other
        OS/Version: All
            Status: UNCONFIRMED
          Keywords: regression
          Severity: normal
          Priority: medium
         Component: Database
        AssignedTo: [email protected]
        ReportedBy: [email protected]
            Blocks: 37361


Problem observed with current libreoffice-3-5, but not with libreoffice 3.4.4,
on Debian GNU/Linux amd64 architecture.

Reproduction instructions: Edit a report in a an .odb file. Select a control.
Resize the control with the mouse.

Result: LibreOffice consumes all CPU and has an ever increasing memory
consumption. On GTK/X11, the mouse pointer is grabbed by LibreOffice and

This makes the design (edit) view of report builder rather unusable...

I traced that to the following loop in file basegfx/source/polygon/, function 
applyLineDashing, line 1426

  while(fTools::less(fDotDashMovingLength, fEdgeLength))
  {
    (...)
    aSnippet.append(interpolate(aCurrentEdge.getStartPoint(),
aCurrentEdge.getEndPoint(), fDotDashMovingLength / fEdgeLength));
    (...)
    pLineTarget->append(aSnippet);
    (...)
    aSnippet.clear();
    (...)
    fDotDashMovingLength += rDotDashArray[(++nDotDashIndex) % nDotDashCount];
  }

Each execution of that loop allocates memory (the return value of interpolate,
which is saved into pLineTarget or pGapTarget); this explains the ever
increasing memory consumption. In the example I investigated, that loop was up
for about 30,000,000 executions, because each element of rDotDashArray is about
70 and fEdgelength is 2,147,483,648, about 30,000,000 times more. If every
execution consumes about 100 bytes, we are already at 3GB memory consumption
before this loop finishes... This seems infinite to the user.

FYI, aCurrentEdge.getStartPoint() and aCurrentEdge.getEndPoint() are (0;
-2,147,483,648) and (-2,147,483,648; -2,147,483,648). I'm a bit surprised at
the negative numbers, but not sure what they are supposed to mean, or in what
units they are. Points? Hundredths of a millimeter?

As a stopgap measure, I added


                                if (nDotDashIndex >= 10000)
                                    break;

To the end of the loop. It makes the resize slow, but works.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

Reply via email to