[Libreoffice-bugs] [Bug 40195] crash using introspection on createTextCursorByRange use

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Aug 22 04:53:52 PDT 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=40195

Noel Power <nopower at novell.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|libreoffice-bugs at lists.free |cedric.bosdonnat.ooo at free.f
                   |desktop.org                 |r

--- Comment #4 from Noel Power <nopower at novell.com> 2011-08-22 04:53:50 PDT ---

valgrind log follows ( sorry the line numbers are slightly skewed due to some
local debug statements )

unocrsrhelper.cxx:501 should read 
unocrsrhelper.cxx:499 ( if I didn't have the extra debug )

basically the lines should read

    498             if((pTxtNode = (SwTxtNode*)rPam.GetNode( sal_True )) ==
rPam.GetNode(sal_False) &&
    499                     pTxtNode->GetpSwpHints())
    500             {

and what the valgrind log below is saying is that the cast to SwTxtNode is
illegal, in fact the node in question is a SwTableNode.

It would be possible to defensively code the getCrsrPropertyValue(..) method
against this situation but it seems that something deeper is wrong here.
Clearly the SwXTextCursor believes the SwPam is pointing at text nodes but this
isn't the case. It seems the treatment/representation XTextRange for Tables(s)
is somewhat weird or strange ( see. SwXTextRange::getStart()/getEnd() wrt
treatment of RANGE_IS_TABLE ) 
My gut feeling is the best solution here would be to throw an exception when
calling, alternatively I guess SwTextCursor needs to know how to handle itself
when it is this special table XTextRange

cursor = doc.text.createTextCursorByRange(table.anchor)

assigning to Cedric who hopefully will know the right thing to do


==30353== Invalid read of size 8
==30353==    at 0x2175507C: SwTxtNode::GetpSwpHints() (ndtxt.hxx:228)
==30353==    by 0x21C0646C:
SwUnoCursorHelper::getCrsrPropertyValue(SfxItemPropertySimpleEntry const&,
SwPaM&, com::sun::star::uno::Any*, com::sun::star::beans::PropertyState&,
SwTxtNode const*) (unocrsrhelper.cxx:501)
==30353==    by 0x21C63397: SwUnoCursorHelper::GetPropertyValue(SwPaM&,
SfxItemPropertySet const&, rtl::OUString const&) (unoobj.cxx:1875)
==30353==    by 0x21C64E53: SwXTextCursor::getPropertyValue(rtl::OUString
const&) (unoobj.cxx:2233)
==30353==    by 0x2C352E22: ??? (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/INSTALL_LINK/ure/lib/introspection.uno.so)
==30353==    by 0x2C35530B: ??? (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/INSTALL_LINK/ure/lib/introspection.uno.so)
==30353==    by 0x2C355373: ??? (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/INSTALL_LINK/ure/lib/introspection.uno.so)
==30353==    by 0xAAAF029: SbUnoObject::Notify(SfxBroadcaster&, SfxHint const&)
(sbunoobj.cxx:2163)
==30353==    by 0x7B144B3: SfxBroadcaster::Broadcast(SfxHint const&) (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/solver/340/unxlngx6.pro/lib/libsvllx.so)
==30353==    by 0xAB7F2D6: SbxVariable::Broadcast(unsigned long)
(sbxvar.cxx:185)
==30353==    by 0xAB68F14: SbxValue::Get(SbxValues&) const (sbxvalue.cxx:389)
==30353==    by 0x2CCB3312: WatchTreeListBox::ImplGetSBXForEntry(SvLBoxEntry*,
bool&) (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/clone/components/basctl/unxlngx6.pro/lib/libbasctllx.so)
==30353==  Address 0xe238410 is 0 bytes after a block of size 112 alloc'd
==30353==    at 0x4C2683D: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30353==    by 0x400F9A: ??? (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/INSTALL_LINK/program/soffice.bin)
==30353==    by 0x401026: operator new(unsigned long) (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/INSTALL_LINK/program/soffice.bin)
==30353==    by 0x21886DE3: SwStartNode::operator new(unsigned long) (in
/data4/OOO_BUILD_GIT/ooo-build/bootstrap/solver/340/unxlngx6.pro/lib/libswlx.so)
==30353==    by 0x218922CB: SwNodes::InsertTable(SwNodeIndex const&, unsigned
short, SwTxtFmtColl*, unsigned short, unsigned short, SwTxtFmtColl*, SwAttrSet
const*) (ndtbl.cxx:585)
==30353==    by 0x218913CB: SwDoc::InsertTable(SwInsertTableOptions const&,
SwPosition const&, unsigned short, unsigned short, short, SwTableAutoFmt
const*, SvUShorts const*, unsigned char, unsigned char) (ndtbl.cxx:400)
==30353==    by 0x21CDB234:
SwXTextTable::attachToRange(com::sun::star::uno::Reference<com::sun::star::text::XTextRange>
const&) (unotbl.cxx:2316)
==30353==    by 0x21CDB5F3:
SwXTextTable::attach(com::sun::star::uno::Reference<com::sun::star::text::XTextRange>
const&) (unotbl.cxx:2359)
                                                                               
                                                      37,53

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Libreoffice-bugs mailing list