You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openoffice.apache.org by bu...@apache.org on 2012/01/30 05:44:37 UTC
DO NOT REPLY [Bug 118851] New: Calc crashed if paste unsupport
formula from MS Excel
https://issues.apache.org/ooo/show_bug.cgi?id=118851
Bug #: 118851
Issue Type: DEFECT
Summary: Calc crashed if paste unsupport formula from MS Excel
Classification: Application
Product: Spreadsheet
Version: OOo 3.4 Beta
Platform: PC
OS/Version: Windows 7
Status: UNCONFIRMED
Severity: critical
Priority: P5
Component: ui
AssignedTo: ooo-issues@incubator.apache.org
ReportedBy: yanji.yj@gmail.com
1. Open attached sample file
2. Copy cell F4 and F5 which contain formula "PMT" and "Table.
3. New a spreadsheet and paste
Defect: Calc crashed.
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 118851] [From Symphony] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
--- Comment #8 from ChaoHuang <ch...@gmail.com> ---
Created attachment 77591
--> https://issues.apache.org/ooo/attachment.cgi?id=77591&action=edit
a patch for bug 118851
--
You are receiving this mail because:
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] [From Symphony] Create summary slide in
.odp file which has expanded blank slides in,there is a crash.Calc crashed if
paste unsupport formula from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
Rob Weir <ro...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Calc crashed if paste |[From Symphony] Create
|unsupport formula from MS |summary slide in .odp file
|Excel |which has expanded blank
| |slides in,there is a
| |crash.Calc crashed if paste
| |unsupport formula from MS
| |Excel
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 118851] [From Symphony] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
--- Comment #7 from ChaoHuang <ch...@gmail.com> ---
////// Root cause
There is a data table in cell F5 on the first sheet. A ScFormulaCell will be
created when do pasting from MS excel to Aoo3.4 spreatsheet.
Please refer to call stacks below
sc.dll!ScFormulaCell::ScFormulaCell(ScDocument * pDoc=0x0960fb98, const
ScAddress & rPos={...}, const String & rFormula={...},
formula::FormulaGrammar::Grammar eGrammar=GRAM_NATIVE, unsigned char cMatInd=0)
Line 678 C++
> sc.dll!ScDocument::InsertTableOp(const ScTabOpParam & rParam={...}, short nCol1=5, long nRow1=4, short nCol2=5, long nRow2=8, const ScMarkData & rMark={...}) Line 288 C++
scfilt.dll!ImportExcel::TableOp() Line 1107 C++
scfilt.dll!ImportExcel8::Read() Line 1145 + 0xb bytes C++
scfilt.dll!ScFormatFilterPluginImpl::ScImportExcel(SfxMedium &
rMedium={...}, ScDocument * pDocument=0x0960fb98, EXCIMPFORMAT
eFormat=EIF_AUTO) Line 208 + 0x28 bytes C++
sc.dll!ScViewFunc::PasteDataFormat(unsigned long nFormatId=121, const
com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable> &
rxTransferable={...}, short nPosX=4, long nPosY=3, Point *
pLogicPos=0x00000000, unsigned char bLink=0, unsigned char bAllowDialogs='�')
Line 543 + 0x2e bytes C++
sc.dll!ScViewFunc::PasteFromSystem(unsigned long nFormatId=121, unsigned
char bApi=0) Line 811 + 0x50 bytes C++
sc.dll!ScViewFunc::PasteFromSystem() Line 651 + 0x11 bytes C++
sc.dll!ScCellShell::PasteFromClipboard(ScViewData * pViewData=0x053563c8,
ScTabViewShell * pTabViewShell=0x05356378, bool bShowDialog=true) Line 2188
C++
sc.dll!ScCellShell::ExecuteEdit(SfxRequest & rReq={...}) Line 1179 + 0x21
bytes C++
The construction for "ScFormulaCell::ScFormulaCell" on line 651 in file
"main/sc/source/core/data/cell.cxx" will call function "ScFormulaCell::Compile(
rFormula, sal_True, eGrammar )".
Please refer to code snippet below.
void ScFormulaCell::Compile( const String& rFormula, sal_Bool bNoListening,
const FormulaGrammar::Grammar eGrammar )
{
if ( pDocument->IsClipOrUndo() ) return;
sal_Bool bWasInFormulaTree = pDocument->IsInFormulaTree( this );
if ( bWasInFormulaTree )
pDocument->RemoveFromFormulaTree( this );
// pCode darf fuer Abfragen noch nicht geloescht, muss aber leer sein
if ( pCode )
pCode->Clear();
ScTokenArray* pCodeOld = pCode;
ScCompiler aComp( pDocument, aPos);
aComp.SetGrammar(eGrammar);
pCode = aComp.CompileString( rFormula );
if ( pCodeOld )
delete pCodeOld;
if( !pCode->GetCodeError() )
{
if ( !pCode->GetLen() && aResult.GetHybridFormula().Len() && rFormula
== aResult.GetHybridFormula() )
{ // #65994# nicht rekursiv
CompileTokenArray/Compile/CompileTokenArray
if ( rFormula.GetChar(0) == '=' )
pCode->AddBad( rFormula.GetBuffer() + 1 );
else
pCode->AddBad( rFormula.GetBuffer() );
}
bCompile = sal_True;
CompileTokenArray( bNoListening );
}
else
{
bChanged = sal_True;
SetTextWidth( TEXTWIDTH_DIRTY );
SetScriptType( SC_SCRIPTTYPE_UNKNOWN );
}
if ( bWasInFormulaTree )
pDocument->PutInFormulaTree( this );
}
The initialization for pCode will be ignored by condition " if (
pDocument->IsClipOrUndo() ) ". After that, any operation on pCode will cause to
"bad memory access", which is usually a crash on Windows.
////// Solution
The initialization for pCode should not be ignored by condition " if (
pDocument->IsClipOrUndo() ) " in function " ScFormulaCell::Compile ". The
condition can be changed to " if ( pDocument->IsClipOrUndo() && (pCode != NULL)
) ".
The clone for pCode in function "ScFormulaCell::ScFormulaCell" on line 750 in
file "main/sc/source/core/data/cell.cxx" also should be improved
from
pCode = rCell.pCode->Clone();
to
pCode = (rCell.pCode) ? (rCell.pCode->Clone()) : NULL;
--
You are receiving this mail because:
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
yanji.yj@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 |P2
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
yanji.yj@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |CONFIRMED
Ever Confirmed|0 |1
--- Comment #2 from yanji.yj@gmail.com 2012-02-07 02:14:17 UTC ---
The problem can be reproduced.
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] [From Symphony] Calc crashed if paste
unsupport formula from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
mayongl <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ACCEPTED |RESOLVED
Resolution| |FIXED
--- Comment #3 from mayongl <ma...@apache.org> 2012-02-13 01:04:09 UTC ---
This is caused by uninitialized call of pCode pointer in
SCDocument::InsertTableOp()
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 118851] [From Symphony] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
--- Comment #6 from ChaoHuang <ch...@gmail.com> ---
////// Key step to reproduce the defect
1. Open the sample file in MS excel on Windows
2. Copy cell F5 on the sheet
3. Open Aoo3.4, select a cell, paste from clipboard
Aoo3.4 will crash after execute these 3 steps.
--
You are receiving this mail because:
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
--- Comment #1 from yanji.yj@gmail.com 2012-01-30 04:46:41 UTC ---
Created attachment 77176
--> https://issues.apache.org/ooo/attachment.cgi?id=77176
sample file
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] [From Symphony] Calc crashed if paste
unsupport formula from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
mayongl <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #4 from mayongl <ma...@apache.org> 2012-02-13 01:07:08 UTC ---
Reopened this for fix.
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] [From Symphony] Calc crashed if paste
unsupport formula from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
Rob Weir <ro...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|[From Symphony] Create |[From Symphony] Calc
|summary slide in .odp file |crashed if paste unsupport
|which has expanded blank |formula from MS Excel
|slides in,there is a |
|crash.Calc crashed if paste |
|unsupport formula from MS |
|Excel |
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] [From Symphony] Calc crashed if paste
unsupport formula from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
mayongl <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |ACCEPTED
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 118851] [From Symphony] Calc crashed if paste
unsupport formula from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
mayongl <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |ACCEPTED
CC| |mayongl@apache.org
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 118851] [From Symphony] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
zhangjf <zh...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zhangjf@apache.org
Assignee|ooo-issues@incubator.apache |zhangjf@apache.org
|.org |
--- Comment #9 from zhangjf <zh...@apache.org> ---
Take over the bug to commit it's patch.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 118851] [From Symphony] Calc crashed if paste unsupport formula
from MS Excel
Posted by bu...@apache.org.
https://issues.apache.org/ooo/show_bug.cgi?id=118851
ChaoHuang <ch...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chao.dev.h@gmail.com
--- Comment #5 from ChaoHuang <ch...@gmail.com> ---
(In reply to comment #3)
> This is caused by uninitialized call of pCode pointer in
> SCDocument::InsertTableOp()
In file "main\sc\source\core\data\cell.cxx", there is a function
"ScFormulaCell::Compile"
void ScFormulaCell::Compile( const String& rFormula, sal_Bool bNoListening,
const FormulaGrammar::Grammar eGrammar )
{
if ( pDocument->IsClipOrUndo() ) return;
sal_Bool bWasInFormulaTree = pDocument->IsInFormulaTree( this );
if ( bWasInFormulaTree )
pDocument->RemoveFromFormulaTree( this );
// pCode darf fuer Abfragen noch nicht geloescht, muss aber leer sein
if ( pCode )
pCode->Clear();
ScTokenArray* pCodeOld = pCode;
ScCompiler aComp( pDocument, aPos);
aComp.SetGrammar(eGrammar);
pCode = aComp.CompileString( rFormula );
if ( pCodeOld )
delete pCodeOld;
if( !pCode->GetCodeError() )
{
if ( !pCode->GetLen() && aResult.GetHybridFormula().Len() && rFormula
== aResult.GetHybridFormula() )
{ // #65994# nicht rekursiv
CompileTokenArray/Compile/CompileTokenArray
if ( rFormula.GetChar(0) == '=' )
pCode->AddBad( rFormula.GetBuffer() + 1 );
else
pCode->AddBad( rFormula.GetBuffer() );
}
bCompile = sal_True;
CompileTokenArray( bNoListening );
}
else
{
bChanged = sal_True;
SetTextWidth( TEXTWIDTH_DIRTY );
SetScriptType( SC_SCRIPTTYPE_UNKNOWN );
}
if ( bWasInFormulaTree )
pDocument->PutInFormulaTree( this );
}
The construction of "pCode" will be ignored by condition "if (
pDocument->IsClipOrUndo() )" at the first line in function
"ScFormulaCell::Compile". In other places, there is no judgement for "pCode"
before using it.
Can we remove the returning condition "if ( pDocument->IsClipOrUndo() )" ?
Thanks!
(In reply to comment #3)
> This is caused by uninitialized call of pCode pointer in
> SCDocument::InsertTableOp()
--
You are receiving this mail because:
You are the assignee for the bug.