[Libreoffice-bugs] [Bug 114479] New: Crash when loading an ods file when threading is enabled

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Fri Dec 15 05:32:03 UTC 2017 

https://bugs.documentfoundation.org/show_bug.cgi?id=114479

            Bug ID: 114479
           Summary: Crash when loading an ods file when threading is
                    enabled
           Product: LibreOffice
           Version: 6.1.0.0.alpha0+ Master
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Calc
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: dennisfrancis.in at gmail.com

Description:
The LO build from master crashes on loading
https://bugs.documentfoundation.org/attachment.cgi?id=120128 when formula group
threading is enabled in calc.

Steps to Reproduce:
1. Open the file https://bugs.documentfoundation.org/attachment.cgi?id=120128
with calc with threading enabled.

Actual Results:  
Calc crashes on loading

Expected Results:
No crash


Reproducible: Always


User Profile Reset: No



Additional Info:
There are multiple issues with this document from a threading perspective :

1) assert() fails inside ScDocument::GetFormatTable()

2) A SUMIF() implicit range problem.

The offending SUMIF here in the document is :

=SUMIF($ResPer.$G$5:$G$593,"^"&D272,ResPer.$R$5)+SUMIF($ResPer.$G$5:$G$
593,"^"&D272,ResPer.$S$5)+SUMIF($ResPer.$G$5:$G$593,"^"&D272,ResPer.$AD
$5)+SUMIF($ResPer.$G$5:$G$593,"^"&D272,ResPer.$AE$5)


Notice that the third arg to each SUMIF is just a single ref, but
during evaluation, it will be implicitly expanded to the length/size of
the first argument doubleref.

The ScDependantsCalculator::Doit() simply pre-interprets all singlerefs
and doublerefs in the token array before any threading begins, hence
misses this special case requirement of SUMIF.

3) Apart from this, we need to blacklist MATCH() opcode for threading as this
one leads to calling of the slot machine like VLOOKUP does.

4) Finally there is the problem of sharing the TextSearch object
between threads without any mutex protection that happens on SUMIF(S),
COUNTIF(S) or anything that involves a call to
ScInterpreter::IterateParametersIfs().


User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/62.0.3202.94 Safari/537.36

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20171215/7d86389a/attachment.html>

More information about the Libreoffice-bugs mailing list