Bug 89348

Summary:	EDITING infinite loop after paste in SwCntntFrm::MakeAll
Product:	LibreOffice	Reporter:	Lionel Elie Mamane <lionel>
Component:	Writer	Assignee:	Not Assigned <libreoffice-bugs>
Status:	RESOLVED WORKSFORME
Severity:	normal	CC:	michael.stahl, raal, serval2412
Priority:	medium	Keywords:	haveBacktrace
Version:	4.3.3.2 release
Hardware:	x86-64 (AMD64)
OS:	Linux (All)
See Also:	https://bugs.documentfoundation.org/show_bug.cgi?id=89343
Whiteboard:
Crash report or crash signature:		Regression By:
Bug Depends on:
Bug Blocks:	101280, 132261
Attachments:	reproduction case

Description Lionel Elie Mamane 2015-02-12 19:08:49 UTC

Created attachment 113349 [details]
reproduction case

Reproduced with 4.3.3.2 (Debian x86-64 build) and master as of 2015-02-05 (my own debug build).

Reproduction instructions

1. Open attached odt file.

2. In the table, go to the middle cell in the row that starts with
   "AMN Healthcare".

3. Go to any other program (emacs, terminal, ...)

4. Select any text; copy it if you are not using X11.

5. Go back to the LibreOffice window.

6. Paste the text (with middle mouse button on X11)

Expected behaviour: the text is pasted and LibreOffice continues to function.

Actual behaviour: nearly each time, LibreOffice goes into an infinite CPU loop (pumps 100% CPU and is completely unresponsive). Sometimes it doesn't enter infinite loop immediately after the paste, the paste happens, but if one presses the left arrow button on the keyboard, LibreOffice then goes into infinite CPU loop.

I ran LibreOffice (master) under gdb to see the infinite loop. It happens in function SwCntntFrm::MakeAll in file sw/source/core/layout/calcmove.cxx.

The overall execution pattern is:

The loop starts on line 1194:

    while ( !mbValidPos || !mbValidSize || !mbValidPrtArea )
    {
       ....
    }

It executes until line 1445:

        // - loop prevention
        {
            if ( aOldFrm_StopFormat == Frm() &&
                 aOldPrt_StopFormat == Prt() )
            {
                ++nConsecutiveFormatsWithoutChange;
            }
            else
            {
                nConsecutiveFormatsWithoutChange = 0;
            }
        }

        // Yet again an invalid value? Repeat from the start...
        if ( !mbValidPos || !mbValidSize || !mbValidPrtArea )
            continue;


Each time it arrives there, the state has been toggled between two states:

STATE 1
=======

aOldFrm_StopFormat and aOldPrt_StopFormat look good. Frm() and Prt() have zero height in their size.

We have !mbValidPos && !mbValidSize && !mbValidPrtArea

STATE 2
=======

Frm() and Prt() look good. aOldFrm_StopFormat and aOldPrt_StopFormat have zero height in their size.

We have mbValidPos && mbValidSize && !mbValidPrtArea



In each case, nConsecutiveFormatsWithoutChange is set to zero and the "continue" is invoked since at least one flag is false.


The backtrace looks like:

#7  0x00007fa2397d1d73 in SwCntntFrm::MakeAll (this=0x4035030)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/calcmove.cxx:1333
#8  0x00007fa2397cc546 in SwFrm::OptPrepareMake (this=this@entry=0x4035030)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/calcmove.cxx:359
#9  0x00007fa23982afdc in SwFrm::OptCalc (this=this@entry=0x4035030)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/inc/frame.hxx:1001
#10 0x00007fa239828c70 in SwLayAction::_FormatCntnt (this=this@entry=0x7ffffd004180, pCntnt=pCntnt@entry=0x4035030, 
    pPage=pPage@entry=0x40394f0)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/layact.cxx:1818
#11 0x00007fa23982810c in SwLayAction::FormatCntnt (this=this@entry=0x7ffffd004180, pPage=pPage@entry=0x40394f0)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/layact.cxx:1649
#12 0x00007fa2398246a1 in SwLayAction::InternalAction (this=this@entry=0x7ffffd004180)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/layact.cxx:780
#13 0x00007fa239822fdb in SwLayAction::Action (this=this@entry=0x7ffffd004180)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/layact.cxx:370
#14 0x00007fa23982a248 in SwLayIdle::SwLayIdle (this=0x7ffffd0043b0, pRt=0x3fc04e0, pI=0x3fbde80)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/layout/layact.cxx:2167
#15 0x00007fa239cf1a88 in SwViewShell::LayoutIdle (this=0x3fc0e80)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/view/viewsh.cxx:701
#16 0x00007fa239543296 in sw::DocumentTimerManager::DoIdleJobs (this=this@entry=0x3cdd8a0, pTimer=pTimer@entry=0x3cdd8b8)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/doc/DocumentTimerManager.cxx:120
#17 0x00007fa239542fb3 in sw::DocumentTimerManager::LinkStubDoIdleJobs (pThis=0x3cdd8a0, pCaller=0x3cdd8b8)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/sw/source/core/doc/DocumentTimerManager.cxx:82
#18 0x00007fa254b05ffa in Link::Call (this=this@entry=0x3cdd8d8, pCaller=pCaller@entry=0x3cdd8b8)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/include/tools/link.hxx:139
#19 0x00007fa2550da76d in Idle::DoIdle (this=this@entry=0x3cdd8b8)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/vcl/source/app/timer.cxx:436
#20 0x00007fa254da0678 in Idle::Timeout (this=0x3cdd8b8)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/include/vcl/timer.hxx:118
#21 0x00007fa2550da8c4 in ImplTimerData::Invoke (this=this@entry=0x86c1510)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/vcl/source/app/timer.cxx:54
#22 0x00007fa2550d9e75 in Timer::ImplTimerCallbackProc (idle=<optimized out>)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/vcl/source/app/timer.cxx:162
#23 0x00007fa2454a4c74 in SalTimer::CallCallback (this=0x37351a0, idle=idle@entry=true)
    at /home/master/src/libreoffice/workdirs/libreoffice-4-5/vcl/inc/saltimer.hxx:53

Comment 1 raal 2015-02-13 17:04:07 UTC

I can confirm with Version: 4.5.0.0.alpha0+
Build ID: 62969accf9c01b71b738424d4d643db8bfaed182
TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2015-02-08_23:22:32

middle click doesn't work for me in LO (works in another programs), but just right click-> paste freeze LO. I pasted text from terminal.

Comment 2 Julien Nabet 2015-02-17 22:26:57 UTC

Michael: noticing your recent fixes about infinite loop, I thought you might be interested in this one.

Comment 3 QA Administrators 2016-02-21 08:37:34 UTC Comment hidden (obsolete)

** Please read this message in its entirety before responding **

To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.

There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present.

If you have time, please do the following:

Test to see if the bug is still present on a currently supported version of LibreOffice
(5.0.5 or 5.1.0) https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the version of LibreOffice and
your operating system, and any changes you see in the bug behavior

If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave
a short comment that includes your version of LibreOffice and Operating System

Please DO NOT

Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not
appropriate in this case)

If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3)

http://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to "inherited from OOo"; 4b. If the bug was not present in 3.3 - add "regression" to keyword

Feel free to come ask questions or to say hello in our QA chat: http://webchat.freenode.net/?channels=libreoffice-qa

Thank you for your help!

-- The LibreOffice QA Team This NEW Message was generated on: 2016-02-21

Comment 4 QA Administrators 2019-05-14 02:53:44 UTC Comment hidden (obsolete)

Dear Lionel Elie Mamane,

To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.

If you have time, please do the following:

Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.

If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.

Please DO NOT

If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword

Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-UntouchedBug

Comment 5 QA Administrators 2022-04-20 03:37:29 UTC Comment hidden (obsolete)

Dear Lionel Elie Mamane,

To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.

If you have time, please do the following:

Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.

If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.

Please DO NOT

If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword

Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-UntouchedBug

Comment 6 Gabor Kelemen (allotropia) 2023-05-16 09:03:56 UTC

I can't reproduce this issue with recent 7.5.0 version, nor in old 4.3/4.4/5.0 under Windows. I tried under Linux with recent versions, and with older 5.3 - no issue either.

Let's say WFM.