Issue 121917 - Crash when editing a drawing object anchored to header paragraph
Crash when editing a drawing object anchored to header paragraph
Status: VERIFIED FIXED
Product: Writer
Classification: Application
Component: editing
3.4.1
PC All
: P3 major (vote)
: 4.0.0
Assigned To: AOO issues mailing list
: crash
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-19 16:48 UTC by Regina Henschel
Modified: 2013-07-17 10:48 UTC (History)
7 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation on: ---
Developer Difficulty: ---
jsc: 4.0.0_release_blocker+


Attachments
document with text box anchored to header (17.77 KB, application/vnd.oasis.opendocument.text)
2013-03-19 16:48 UTC, Regina Henschel
no flags Details

Note You need to log in before you can comment on or make changes to this issue.
Description Regina Henschel 2013-03-19 16:48:14 UTC
Created attachment 80434 [details]
document with text box anchored to header

Open the attached document.
Goto page 2
Right-click on the text box A.
Choose "Position & Size" from its context menu.
Crash.

The text box is anchored to the paragraph in the header. Therefore the drawing object on the second page is not the original one, but a clone, which is generated for header repeating. If it is not intended, that the drawing object can be edit from such position, then the drawing object should not be selectable there. If the object should be editable at that position--like other header content--then it should not crash.
Comment 1 Ariel Constenla-Haile 2013-03-20 08:27:11 UTC
It crashes in 3.4.1, but also 3.2.1-OOO320_m18-9502 and 3.4.0-BETA-OOO340_m0-9583
Comment 2 brinzing 2013-03-21 11:36:04 UTC
crash confirmed in oo32
Comment 3 Andre 2013-06-18 09:23:25 UTC
Crash takes place in SwDrawVirtObj::GetPlusHdl() because a NULL pointer is dereferenced.
Comment 4 Armin Le Grand 2013-06-18 12:03:06 UTC
ALG: Taking a look...
Comment 5 Armin Le Grand 2013-06-18 12:50:08 UTC
ALG: UhOh. GetPlusHdl should not even be called, it's only called due to casting a SdrObject to SdrTextObj which is in this case a SwDrawVirtObj. At that object HasText is called, but lands on GetPlusHdl (jumping over the wrong virtual table). Two steps:
- Change the cast to dynamic_cast and adapt code
- Take the chance and make methods at SwDrawVirtObj more safe.
Comment 6 Armin Le Grand 2013-06-18 13:03:38 UTC
ALG: Made a short check with Symphony, from the code it should also crash there. It does.
Comment 7 Armin Le Grand 2013-06-18 13:06:42 UTC
ALG: Checked that my changes do the fix, preparing checkin.
Comment 8 Armin Le Grand 2013-06-18 13:08:10 UTC
ALG: Okay, done.
Comment 9 Armin Le Grand 2013-06-18 13:13:12 UTC
ALG: Setting to fixed
Comment 10 jsc 2013-07-03 08:45:30 UTC
grant showstopper flag to get clear status, already fixed
Comment 11 fanyuzhen 2013-07-10 09:56:39 UTC
I still reproduce the crash with revision 1499347
Comment 12 Regina Henschel 2013-07-10 10:57:24 UTC
Still crashes in non-pro build of r1501409. The crash is triggered be calling the dialog, not by setting width or height in the sidebar.
Comment 13 Armin Le Grand 2013-07-10 11:03:38 UTC
ALG: Checked on mac at r1499347, all is well. Indeed crashes on Win7 also on r1499347. Does not crash on current trunk build. Maybe snapshot build was not up-to-date? Controlling checkin, also no automatic note added to this task...
Comment 14 Regina Henschel 2013-07-10 11:11:41 UTC
My build is from a fresh clone (~18h ago) of trunk, and it crashes.
Comment 15 Armin Le Grand 2013-07-10 11:15:57 UTC
ALG: Okay, thanks, Regina. Found commit r1494127, also changes are in trunk, verified. Getting the buildbot win build r1501409, checking...
Comment 16 Armin Le Grand 2013-07-10 11:28:13 UTC
ALG: Also crashes with buildbot build r1501409, need to make a clean, fresh windows build to check (current trunk does not crash)...
Comment 17 Armin Le Grand 2013-07-10 12:33:13 UTC
ALG: Re-checked: Mac and Linux are okay.
Comment 18 Armin Le Grand 2013-07-10 14:25:13 UTC
ALG: Found another place in cui where a SdrObject is casted the old way to a SdrTextObj because the SdrObjKind is a text type; this is not safe as long as we have SdrVirtObjs in Writer. In this case, the wrong cast leads to a wrong function call (SwDrawVirtObj::GetPlusHdl instead of HasText). Other system compilers somehow survive that, as the win compiler does in non-pro build. Anyways, it's an error. Checking with a pro-build if this is the error.
Comment 19 Armin Le Grand 2013-07-11 09:18:13 UTC
ALG: Adapted three places with bad/dangerous casts in cui, needed a pro build to test if this helps. Works as expected, indeed this causes the trouble. Did some more deep tests with debugger and manipulating that 2nd objects, looks good. Preparing commit...
Comment 20 SVN Robot 2013-07-11 09:19:43 UTC
"alg" committed SVN revision 1502162 into trunk:
i121917 secure SdrTextObj casts in cui
Comment 21 SVN Robot 2013-07-11 09:23:14 UTC
"alg" committed SVN revision 1502164 into branches/AOO400:
i121917 secure SdrTextObj casts in cui
Comment 22 Armin Le Grand 2013-07-11 09:28:21 UTC
ALG: Comitted in trunk and branch AOO400, cui needs rebuild but is compatible.
Comment 23 Armin Le Grand 2013-07-11 10:56:46 UTC
ALG: Added #122720# to clean this up on trunk in general
Comment 24 fanyuzhen 2013-07-17 10:48:58 UTC
I do not see the crash in RC, Rev. 1502185 on Win 7