Bug 50896

Summary: Writer crash when applying an AutoFormat to a table
Product: LibreOffice Reporter: Muhammad Haggag <mhaggag>
Component: WriterAssignee: David Tardon <dtardon>
Status: RESOLVED FIXED    
Severity: major CC: dtardon, mhaggag, pz3
Priority: medium Keywords: regression
Version: Master old -3.6   
Hardware: Other   
OS: All   
See Also: https://bugs.documentfoundation.org/show_bug.cgi?id=105799
Whiteboard: target:3.7.0 target:3.6.0.0.beta2
Crash report or crash signature: Regression By:
Attachments: gdb log with full backtrace.

Description Muhammad Haggag 2012-06-08 14:39:39 UTC 
Created attachment 62819 [details]
gdb log with full backtrace.

Steps to reproduce:
1. Launch writer
2. Ctrl+F12 to insert a table. Accept the default table settings.
3. Table Properties->AutoFormat
4. Choose the "3D" autoformat, press OK

Result: Writer crashes. gdb log attached with full backtrace.

It's crashing because we're calling push_back on a boost ptr_vector with a null pointer. The crash occurs in sw/source/core/undo/untbl.cxx line 1320, and I tracked it back to the commit 2552420c by Noel Grandin (http://cgit.freedesktop.org/libreoffice/core/commit/?id=2552420cdc7588e1b0da06fd6810dba855e9d43c). The commit replaced SV_DECL_PTRARR goo with boost::ptr_vector.

It might be that SV_DECL_PTRARR accepted null pointers while boost::ptr_vector does not, or it might be that a regression happened causing the pointer to be null now when it wasn't before.
Comment 1 pz1 2012-06-09 00:33:11 UTC 
Bug confirmed here in version 3.6.0alpha1+ (Build ID: 793f240) on my Windows XOP machine
Comment 2 Noel Grandin 2012-06-11 05:31:58 UTC 
For 3.6, the best thing to do is to revert my change.

For master, I'll spin a patch that uses std::vector.
Comment 3 David Tardon 2012-06-11 06:16:24 UTC 
sorry, Noel, I have already done that...
Comment 4 Not Assigned 2012-06-11 06:21:53 UTC 
David Tardon committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=b3473b9d227df79a383d09c2f2ebf6d6eebf3697

fdo#50896 SfxItemSets can contain emtpy element
Comment 5 Not Assigned 2012-06-18 02:03:22 UTC 
David Tardon committed a patch related to this issue.
It has been pushed to "libreoffice-3-6":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=9334a18fdffeb2a2255b1cf82c2ebc511421f24c&g=libreoffice-3-6

fdo#50896 SfxItemSets can contain emtpy element


It will be available in LibreOffice 3.6.