[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2019-06-03 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

   See Also||https://bugs.documentfounda
   ||tion.org/show_bug.cgi?id=10
   ||9376

--- Comment #19 from Xisco Faulí  ---
I guess this issue got fixed by the same commits fixing bug 109376

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2019-06-03 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Telesto  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WORKSFORME

--- Comment #18 from Telesto  ---
(In reply to Dan Carr from comment #17)
> (In reply to Dan Carr from comment #16)
> > I have updated my version from 5.4.5 to 6.0.5 and cannot recreate the
> > problem.
> 
> That is when using the original process of opening the primary document,
> selecting compare document, and then closing the comparison list pop up
> window.  This did not cause LO Writer to creash.

@Dan Carr
Thanks for testing.. Moving my crash to a new report (bug 125660). Marking this
one RESOLVED WORKSFORME

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2019-06-03 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #16 from Dan Carr  ---
I have updated my version from 5.4.5 to 6.0.5 and cannot recreate the problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2019-06-03 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #17 from Dan Carr  ---
(In reply to Dan Carr from comment #16)
> I have updated my version from 5.4.5 to 6.0.5 and cannot recreate the
> problem.

That is when using the original process of opening the primary document,
selecting compare document, and then closing the comparison list pop up window.
 This did not cause LO Writer to creash.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2019-06-03 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #15 from Telesto  ---
@Dieter/Xisco
Are you able to confirm comment 14?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2019-06-02 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #14 from Telesto  ---
Created attachment 151856
  --> https://bugs.documentfoundation.org/attachment.cgi?id=151856=edit
Example file

I'm able to produce a crash in swlo!SwRedlineData::SetSeqNo (not sure if this
is the same crash reported here ..)

Anyway
1. Open the attached file 
2. Download attachment 141990
3. Edit -> Track changes -> Compare documents & select attachment 141990
4. Accept all in the dialog & close
5. Repeat step 3/4
6. Press CTRL+Z -> Crash

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-09-06 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #13 from Telesto  ---
I'm not able to reproduce this
Version: 6.2.0.0.alpha0+
Build ID: 76bf3939b0583212a56c317c85aea110f8ac6fee
CPU threads: 4; OS: Mac OS X 10.12.6; UI render: default; 
TinderBox: MacOSX-x86_64@49-TDF, Branch:master, Time: 2018-07-27_06:01:47
Locale: nl-NL (nl_NL.UTF-8); Calc: group threaded

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-09-06 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #12 from Xisco Faulí  ---
(In reply to Noel Grandin from comment #8)
> Good spotting!
> 
> If m_nBlock is 1, then m_nCur must be 0, and we should use the very first
> block of logic in that function, and exit early.
> 
> Unless some higher level code is asking for a position that does not exist,
> in which case we would fall through to the binary search, and trigger an
> access violation by dereferencing a null pointer.
> 
> So the real bug is somewhere higher up the call stack.

Hi Noel,
This crash is among the top 10 in 6.1.0.3.
Do you think you could take a look at the problem described in your comment
above at some point ?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-07-16 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #11 from Telesto  ---
No repro with
Version: 6.2.0.0.alpha0+
Build ID: e7d3976cb80f7e7401be071f905a764dd6cb4d6e
CPU threads: 4; OS: Windows 6.3; UI render: default; 
TinderBox: Win-x86@42, Branch:master, Time: 2018-06-29_04:46:32
Locale: nl-NL (nl_NL); Calc: CL

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-06-01 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #10 from Dan Carr  ---
Late response to Comment 6 -
Does it happen every time?

It happened twice in succession and I have not tried repeating the activity
until today (Jun 1, 2018)  and it did not occur. 
In the interim period I have updated Windows 7 with a major update and now it
does not occur.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-31 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

   See Also||https://bugs.documentfounda
   ||tion.org/show_bug.cgi?id=11
   ||6688

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-31 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

   Priority|medium  |high
 Status|UNCONFIRMED |NEW
 Ever confirmed|0   |1
   Severity|normal  |major

--- Comment #9 from Xisco Faulí  ---
Putting this to NEW and increasing severity...

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-09 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #8 from Noel Grandin  ---

Good spotting!

If m_nBlock is 1, then m_nCur must be 0, and we should use the very first block
of logic in that function, and exit early.

Unless some higher level code is asking for a position that does not exist, in
which case we would fall through to the binary search, and trigger an access
violation by dereferencing a null pointer.

So the real bug is somewhere higher up the call stack.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-09 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

 CC||noelgran...@gmail.com,
   ||sberg...@redhat.com

--- Comment #7 from Xisco Faulí  ---
(In reply to fiftyigfuci_f_mi from comment #1)
> It looks like the binary search algorithm in Index2Block has a bug:
> If the value of "m_nBlock" is 1, then "n" is 0 and "cur" becomes 1,
> thus "m_ppInf[ cur ]" is semantically out of the range.
> 
> // binary search: always successful
> sal_uInt16 lower = 0, upper = m_nBlock - 1;
> sal_uInt16 cur = 0;
> for(;;)
> {
> sal_uInt16 n = lower + ( upper - lower ) / 2;
> cur = ( n == cur ) ? n+1 : n;
> p = m_ppInf[ cur ];

@Noel, @Stephan, I thought you might be interested in this comment...

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-09 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #6 from Xisco Faulí  ---
Thanks for attaching the document.
So you open the first document, Go to Edit - Track Changes - Compare Documents
and it crashes all the time ?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-09 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

 Status|NEEDINFO|UNCONFIRMED
 Ever confirmed|1   |0

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-08 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #5 from Dan Carr  ---
Created attachment 141991
  --> https://bugs.documentfoundation.org/attachment.cgi?id=141991=edit
secondary file in compare

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-08 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #4 from Dan Carr  ---
Created attachment 141990
  --> https://bugs.documentfoundation.org/attachment.cgi?id=141990=edit
Primary Writer file in compare

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-08 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

 Status|UNCONFIRMED |NEEDINFO
 Ever confirmed|0   |1

--- Comment #3 from Xisco Faulí  ---
Setting to NEEDINFO until the document has been provided...

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-07 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Xisco Faulí  changed:

   What|Removed |Added

 CC||xiscofa...@libreoffice.org

--- Comment #2 from Xisco Faulí  ---
@Dan, Thanks for reporting the issue.
Could you please attach the two documents you're comparing?

@fiftyigfuci, thanks for the analysis.
Would you mind submitting a patch to gerrit for review? ->
https://wiki.documentfoundation.org/Development/gerrit

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-07 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

Dieter Praas  changed:

   What|Removed |Added

 CC||dgp-m...@gmx.de
   See Also||https://bugs.documentfounda
   ||tion.org/show_bug.cgi?id=98
   ||202

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 117444] Crash in: BigPtrArray::Index2Block(unsigned __int64)

2018-05-06 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=117444

--- Comment #1 from fiftyigfuci_f...@yahoo.co.jp ---
It looks like the binary search algorithm in Index2Block has a bug:
If the value of "m_nBlock" is 1, then "n" is 0 and "cur" becomes 1,
thus "m_ppInf[ cur ]" is semantically out of the range.

// binary search: always successful
sal_uInt16 lower = 0, upper = m_nBlock - 1;
sal_uInt16 cur = 0;
for(;;)
{
sal_uInt16 n = lower + ( upper - lower ) / 2;
cur = ( n == cur ) ? n+1 : n;
p = m_ppInf[ cur ];

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs