Bug 158720 - Crash for attribute string search ("oo", "uno", "ooname") in the Expert Configuration dialog
Summary: Crash for attribute string search ("oo", "uno", "ooname") in the Expert Confi...
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
24.8.0.0 alpha0+
Hardware: All All
: medium critical
Assignee: Samuel Mehrbrodt (allotropia)
URL:
Whiteboard: target:24.8.0 target:24.2.0.0.beta2
Keywords: bibisected, haveBacktrace, regression
Depends on:
Blocks: Options-Dialog-Expert Crash
  Show dependency treegraph
 
Reported: 2023-12-15 15:25 UTC by V Stuart Foote
Modified: 2023-12-21 14:29 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:


Attachments
bt with debug symbols (21.91 KB, text/plain)
2023-12-16 09:08 UTC, Julien Nabet
Details
crash on 24.2.0beta1 with windbg Win10 ST w/symbols (37.15 KB, text/plain)
2023-12-16 16:03 UTC, V Stuart Foote
Details

Note You need to log in before you can comment on or make changes to this bug.
Description V Stuart Foote 2023-12-15 15:25:28 UTC
While setting up a nightly (297a66 - 20231214) for QA, running Expert Configuration... dialog from Tools -> Options -> Advanced "Open Expert Configuration"

Using the dialog's search bar

Type "ooname" and <Enter>

The dialog closes

LibreOffice crashes

Repeatable, with and without Skia Vulkan rendering.

Able to complete search and edit string 1 out of 10 attempts.

=-testing-=

Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 297a6673175308168669870882c016b496652a76
CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: threaded
Comment 1 V Stuart Foote 2023-12-15 15:32:15 UTC
Same system, steps, a search for attribute "minimumwidth" completes no issue.

But a search for "oo" or "uno" consistently will crash.

Buffer size overflow issue?
Comment 2 V Stuart Foote 2023-12-15 17:47:59 UTC
@Stéphane, could you have a look and also we need a BZ Version for the 24.8.0 alpha0+ -- thnx.
Comment 3 Stéphane Guillou (stragu) 2023-12-15 18:36:26 UTC
(In reply to V Stuart Foote from comment #2)
> @Stéphane, could you have a look and also we need a BZ Version for the
> 24.8.0 alpha0+ -- thnx.
Done

(In reply to V Stuart Foote from comment #0)
> Configuration... dialog from Tools -> Options -> Advanced "Open Expert
> Configuration"
> Using the dialog's search bar
> Type "ooname" and <Enter>
> The dialog closes
> LibreOffice crashes

Reproduced with gen VCL plugin:

Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: fdc87dd56548622e13353b4cf9864232ee0110fb
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: x11
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Also in 24.2 beta1.
No repro in 7.6.4.1 -> regression
No repro at 0f82e9d42822e627edd1fb3b3c87e1f8a22136a4, so seems recent.
No repro with gtk3.

Samuel, you might be interested. Maybe the fix for bug 157432?
Comment 4 Julien Nabet 2023-12-16 09:08:37 UTC
Created attachment 191456 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today, I could reproduce this with gen rendering.
Comment 5 Julien Nabet 2023-12-16 09:41:41 UTC
I confirm that reverting 030b72df0af04752157378e07703db0e035ff9c2 + 
diff --git a/configmgr/source/localizedvaluenode.cxx b/configmgr/source/localizedvaluenode.cxx
index 13d6a15f8982..816975063d29 100644
--- a/configmgr/source/localizedvaluenode.cxx
+++ b/configmgr/source/localizedvaluenode.cxx
@@ -34,7 +34,7 @@ LocalizedValueNode::LocalizedValueNode(int layer, css::uno::Any value):
 {}
 
 LocalizedValueNode::LocalizedValueNode(int layer):
-    Node(layer), modified_(false)
+    Node(layer)
 {}
 
 rtl::Reference< Node > LocalizedValueNode::clone(bool) const {

I don't reproduce the crash.
Comment 6 V Stuart Foote 2023-12-16 14:07:26 UTC
So confirming issue from https://gerrit.libreoffice.org/c/core/+/159986
Comment 7 V Stuart Foote 2023-12-16 16:03:58 UTC
Created attachment 191460 [details]
crash on 24.2.0beta1 with windbg Win10 ST w/symbols

Another ST from /a admin install of 24.2.0beta1 attached WinDbg w/symbols

in UI attempt expert config search for "ooname", 2nd chance error 
c0000005 (Access violation), and get this !analyze -v

STACK_COMMAND:  ~0s ; .cxr ; kb
FAULTING_SOURCE_LINE:  C:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\salvtables.cxx
FAULTING_SOURCE_FILE:  C:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\salvtables.cxx
FAULTING_SOURCE_LINE_NUMBER:  4426
SYMBOL_NAME:  mergedlo!SalInstanceTreeView::set_text_emphasis+50
MODULE_NAME: mergedlo
IMAGE_NAME:  mergedlo.dll

FAILURE_BUCKET_ID:  NULL_POINTER_READ_c0000005_mergedlo.dll!SalInstanceTreeView::set_text_emphasis
OS_VERSION:  10.0.19041.1
BUILDLAB_STR:  vb_release
OSPLATFORM_TYPE:  x64
OSNAME:  Windows 10
IMAGE_VERSION:  24.2.0.0
Comment 8 Commit Notification 2023-12-18 16:32:27 UTC
Samuel Mehrbrodt committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/3174749bb826fd653c923cadc98c7045a70bfd2f

tdf#158720 Fix crash when searching expert config with gen vcl plugin

It will be available in 24.8.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 9 Commit Notification 2023-12-18 21:27:05 UTC
Samuel Mehrbrodt committed a patch related to this issue.
It has been pushed to "libreoffice-24-2":

https://git.libreoffice.org/core/commit/89fe91ec83c8c5d690d753bc4011e2e3f9e3da89

tdf#158720 Fix crash when searching expert config with gen vcl plugin

It will be available in 24.2.0.0.beta2.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 10 V Stuart Foote 2023-12-21 14:29:26 UTC
(In reply to Commit Notification from comment #8)
> Samuel Mehrbrodt committed a patch related to this issue.
> It has been pushed to "master":
>
> https://git.libreoffice.org/core/commit/3174749bb826fd653c923cadc98c7045a70bfd2f
>
> tdf#158720 Fix crash when searching expert config with gen vcl plugin

> Affected users are encouraged to test the fix and report feedback.

Confirmed, no issues now with search in Tools -> Options -> Advanced 'Expert Configuration' and the "highlight" of stanzas with modified attributes is being applied.

=-testing-=

Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 2eb428a8890dda29fbdc8b639fc1377080fab59f
CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: Skia/Vulkan; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: CL threaded