Bug 332220 - Calligra words crash upon file open.
Summary: Calligra words crash upon file open.
Status: RESOLVED FIXED
Alias: None
Product: calligrawords
Classification: Applications
Component: general (show other bugs)
Version: 2.8.0
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: ---
Assignee: Pierre Ducroquet
URL:
Keywords: drkonqi
Depends on:
Blocks:
 
Reported: 2014-03-16 17:00 UTC by Martin Bednar
Modified: 2015-01-15 23:03 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
crashing file (27.29 KB, application/octet-stream)
2014-03-19 10:25 UTC, Martin Bednar
Details
New crash information added by DrKonqi (5.28 KB, text/plain)
2014-06-02 02:39 UTC, Jay
Details
Work around this crash (no line for the anchor position is found) (1.89 KB, patch)
2014-09-22 22:05 UTC, Pierre Ducroquet
Details
Smallest test case possible... (4.57 KB, application/vnd.oasis.opendocument.text)
2014-09-25 21:17 UTC, Pierre Ducroquet
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Bednar 2014-03-16 17:00:42 UTC
Application: calligrawords (2.8.0)
KDE Platform Version: 4.12.90
Qt Version: 4.8.5
Operating System: Linux 3.13.6-gentoo x86_64
Distribution (Platform): Gentoo Packages

-- Information about the crash:
- What I was doing when the application crashed:

Open an odt file last modified with libreoffice with tracked changes and quite a few comments. Will attach it if I get permission from author, or will try creating another one.

The crash can be reproduced every time.

-- Backtrace:
Application: Calligra Words (calligrawords), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[KCrash Handler]
#6  detach (this=0x0) at ../../include/QtCore/../../src/corelib/tools/qvector.h:147
#7  data (this=0x0) at ../../include/QtCore/../../src/corelib/tools/qvector.h:152
#8  operator[] (i=0, this=0x0) at ../../include/QtCore/../../src/corelib/tools/qvector.h:360
#9  QTextLine::y (this=this@entry=0x7fffc973f3f0) at text/qtextlayout.cpp:1379
#10 0x00007fc07b853d02 in KoTextDocumentLayout::positionAnchorTextRanges (this=0x271bc00, pos=pos@entry=2194, length=length@entry=71, effectiveDocument=effectiveDocument@entry=0x271e480) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextDocumentLayout.cpp:620
#11 0x00007fc07b83c892 in KoTextLayoutArea::layoutBlock (this=this@entry=0x2a44380, cursor=cursor@entry=0x48c5780) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextLayoutArea.cpp:1215
#12 0x00007fc07b83f0c3 in KoTextLayoutArea::layout (this=this@entry=0x2a44380, cursor=cursor@entry=0x48c5780) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextLayoutArea.cpp:602
#13 0x00007fc07b851d6b in KoTextLayoutRootArea::layoutRoot (this=this@entry=0x2a44380, cursor=cursor@entry=0x48c5780) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextLayoutRootArea.cpp:63
#14 0x00007fc07b854308 in KoTextDocumentLayout::doLayout (this=this@entry=0x271bc00) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextDocumentLayout.cpp:750
#15 0x00007fc07b854df8 in layout (this=0x271bc00) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextDocumentLayout.cpp:693
#16 KoTextDocumentLayout::layout (this=0x271bc00) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/textlayout/KoTextDocumentLayout.cpp:676
#17 0x00007fc07baeb618 in KoFillConfigWidget::updateWidget (this=0x365cdb0, shape=0x29399a0) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/widgets/KoFillConfigWidget.cpp:473
#18 0x00007fc07baec459 in qt_static_metacall (_a=<optimized out>, _id=<optimized out>, _o=<optimized out>, _c=<optimized out>) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0_build/libs/widgets/KoFillConfigWidget.moc:63
#19 KoFillConfigWidget::qt_static_metacall (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=<optimized out>) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0_build/libs/widgets/KoFillConfigWidget.moc:52
#20 0x00007fc07c1ca65f in QMetaObject::activate (sender=0x2951080, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3547
#21 0x00007fc07c1cfb1e in QObject::event (this=0x2951080, e=<optimized out>) at kernel/qobject.cpp:1194
#22 0x00007fc07cbcd5cc in QApplicationPrivate::notify_helper (this=this@entry=0x23fcee0, receiver=receiver@entry=0x2951080, e=e@entry=0x4141f70) at kernel/qapplication.cpp:4562
#23 0x00007fc07cbcff3b in QApplication::notify (this=0x7fffc97408b0, receiver=receiver@entry=0x2951080, e=e@entry=0x4141f70) at kernel/qapplication.cpp:4423
#24 0x00007fc07d70f418 in KoApplication::notify (this=<optimized out>, receiver=0x2951080, event=0x4141f70) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/libs/main/KoApplication.cpp:590
#25 0x00007fc07c1b622e in QCoreApplication::notifyInternal (this=0x7fffc97408b0, receiver=receiver@entry=0x2951080, event=event@entry=0x4141f70) at kernel/qcoreapplication.cpp:949
#26 0x00007fc07c1b9841 in sendEvent (event=0x4141f70, receiver=0x2951080) at kernel/qcoreapplication.h:231
#27 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x23be020) at kernel/qcoreapplication.cpp:1573
#28 0x00007fc07c1b9b73 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1466
#29 0x00007fc07c1e44e3 in sendPostedEvents () at kernel/qcoreapplication.h:236
#30 postEventSourceDispatch (s=s@entry=0x23fd9a0) at kernel/qeventdispatcher_glib.cpp:280
#31 0x00007fc078e3eb75 in g_main_dispatch (context=0x23fd220) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3066
#32 g_main_context_dispatch (context=context@entry=0x23fd220) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3642
#33 0x00007fc078e3eeb8 in g_main_context_iterate (context=context@entry=0x23fd220, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3713
#34 0x00007fc078e3ef74 in g_main_context_iteration (context=0x23fd220, may_block=1) at /var/tmp/portage/dev-libs/glib-2.38.2-r1/work/glib-2.38.2/glib/gmain.c:3774
#35 0x00007fc07c1e4676 in QEventDispatcherGlib::processEvents (this=0x23bf4e0, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#36 0x00007fc07cc6dbee in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#37 0x00007fc07c1b4edf in QEventLoop::processEvents (this=this@entry=0x7fffc9740820, flags=...) at kernel/qeventloop.cpp:149
#38 0x00007fc07c1b5168 in QEventLoop::exec (this=this@entry=0x7fffc9740820, flags=...) at kernel/qeventloop.cpp:204
#39 0x00007fc07c1ba3a8 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1221
#40 0x00007fc07cbcbf3c in QApplication::exec () at kernel/qapplication.cpp:3823
#41 0x00007fc07ddb4015 in kdemain (argc=<optimized out>, argv=0x7fffc97409c8) at /home/build/portage/app-office/calligra-2.8.0/work/calligra-2.8.0/words/app/main.cpp:44
#42 0x00007fc07da2abf5 in __libc_start_main (main=0x400810 <main(int, char**)>, argc=2, ubp_av=0x7fffc97409c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffc97409b8) at libc-start.c:258
#43 0x0000000000400841 in _start ()

Reported using DrKonqi
Comment 1 Inge Wallin 2014-03-18 11:43:34 UTC
Hi Martin, and thanks for the bug report.

Yes, a file that makes Words crash would help fixing this bug significantly. We have tested the comments quite a lot so I doubt that it's that only that does it.  It could be the combination with tracked changes or something else.
Comment 2 Martin Bednar 2014-03-19 10:25:51 UTC
Created attachment 85634 [details]
crashing file
Comment 3 Jay 2014-06-02 02:39:55 UTC
Created attachment 86960 [details]
New crash information added by DrKonqi

calligrawords (2.8.0) on KDE Platform 4.12.3 using Qt 4.8.1

- What I was doing when the application crashed:
Was attempting to open the file found with  https://bugs.freedesktop.org/attachment.cgi?id=93106

-- Backtrace (Reduced):
#7  0xb6ce0bd3 in QTextLine::y() const () from /usr/lib/i386-linux-gnu/libQtGui.so.4
#8  0xb61a1079 in KoTextDocumentLayout::positionAnchorTextRanges(int, int, QTextDocument const*) () from /usr/lib/libkotextlayout.so.13
#9  0xb61868e7 in KoTextLayoutArea::layoutBlock(FrameIterator*) () from /usr/lib/libkotextlayout.so.13
#10 0xb618953c in KoTextLayoutArea::layout(FrameIterator*) () from /usr/lib/libkotextlayout.so.13
#11 0xb619e6f9 in KoTextLayoutRootArea::layoutRoot(FrameIterator*) () from /usr/lib/libkotextlayout.so.13
Comment 4 Pierre Ducroquet 2014-09-22 22:05:30 UTC
Created attachment 88795 [details]
Work around this crash (no line for the anchor position is found)
Comment 5 Camilla Boemann 2014-09-22 22:24:50 UTC
obviously guarding like this is a good - but i am wondering if we see the correct result or if we should look deeper
Comment 6 Pierre Ducroquet 2014-09-22 22:42:27 UTC
I am still trying to simplify the document while still reproducing the crash so I could understand what goes really wrong here.
This preliminary patch is just to say «hey, look here, I'm buggy» while crying «fix me, fix me» :)
Comment 7 Pierre Ducroquet 2014-09-25 21:17:26 UTC
Created attachment 88841 [details]
Smallest test case possible...

This new test case is an heavily stripped down version of the first submitted test case for this bug.
It contains what is needed to create the crash, nothing more :
Styles => default for all paragraphs : fo:line-height="100%"
Content => paragraph over a few lines then a span containing an annotation with a text:p and a piece of text after the annotation in the span
Comment 8 Pierre Ducroquet 2014-09-26 07:02:41 UTC
Git commit 389745aa2e2a5ceb0de79b7e03150d3d65cf4bc5 by Pierre Ducroquet.
Committed on 25/09/2014 at 22:05.
Pushed by ducroquet into branch 'master'.

Don't look further than what we are currently layouting

This code was off by one and tried to look for anchors after the line current
layouting.

Testing done on :
- the two test cases for bug 332220 : no more crash, comment still visible.
- a simple non-crashing file : no crash, comment still visible.

REVIEW: 120375

M  +1    -1    libs/textlayout/KoTextDocumentLayout.cpp

http://commits.kde.org/calligra/389745aa2e2a5ceb0de79b7e03150d3d65cf4bc5
Comment 9 Camilla Boemann 2015-01-15 23:03:51 UTC
even though i reverted the fix i can't reproduce the crash either - so keeping the bug closed