Bug 65619 - segfault querying spreadsheet with LIKE criterion
Summary: segfault querying spreadsheet with LIKE criterion
Status: RESOLVED DUPLICATE of bug 65653
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Base (show other bugs)
Version:
(earliest affected)
4.1.0.0.alpha0+ Master
Hardware: Other Linux (All)
: high critical
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisected, regression
Depends on:
Blocks:
 
Reported: 2013-06-10 21:42 UTC by Terrence Enger
Modified: 2015-12-15 11:03 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments
.csv of Bugzilla query, Product = "LibreOffice", and Keyword = "regression" or Whiteboard contains the string bibisect. 1641 data rows. (358.10 KB, text/csv)
2013-06-10 21:42 UTC, Terrence Enger
Details
typescript with gdb backtrace (9.21 KB, text/plain)
2013-06-10 21:46 UTC, Terrence Enger
Details
bt with symbols on master sources (7.65 KB, text/plain)
2013-06-11 19:57 UTC, Julien Nabet
Details
typescript with backtrace from segfault in Query Designer (11.03 KB, text/plain)
2013-06-11 21:27 UTC, Terrence Enger
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Terrence Enger 2013-06-10 21:42:01 UTC
Created attachment 80645 [details]
.csv of Bugzilla query, Product = "LibreOffice", and Keyword = "regression" or Whiteboard contains the string bibisect.  1641 data rows.

To reproduce ...

( 1) Download attached .csv file to a convenient location.

( 2) Run LibreOffice with a command something like
        soffice --norestore --base
     Program presents Database Wizard step 1 "Select database".

( 3) Click "Connect to an existing database" and in the dropdown list
     click on Spreadsheet.

( 4) Click <Next>.  Program displays Database Wizard step 2 "Set up
     Spreadsheet connection".

( 5) Click <Browse>.  Program displays Open diaplog.

( 6) Navigate to the file you downloaded and click <Open>.  Program
     returns focus to Database Wizard step 2 with "Location and file
     name" filled in.

( 7) Click <Next>.  Program displays Database Wizard step 3 "Save and
     proceed".

( 8) Select "No, do not register the database" and "Open the database
     for editing" and click <Finish>.  Program displays Save dialog
     with field Name selected.

( 9) Type /tmp/thing1 and click <Save>.  Program displays window
     thing1.odb; the left pane has <Tables> selected and the lower
     right pane shows Sheet1.

(10) In the left pane, click <Queries>.  Program displays options in
     the Tasks pane at the upper right.

(11) In the Tasks pane, click "Create Query in SQL View...".  Program
     displays window "thing1.odb: Query 1".

(12) In the entry area, type

        select count( * )
          from Sheet1
         where Keywords like 'regression' and
               Status = 'UNCONFIRMED' 

     and type <F5>.

     Program action expected: I was guessing at the syntax for the
     select statement, so I would have been happy with either a number
     or a report of a syntax error.

     Program action actual:  segmentation fault


For comparison, I have seen the crash in 4.1.0.0.beta2 but 3.6.4.3
displays a number.  The same SQL query crashes master when the backend
is an .ods file.


My LibreOffice in the soon-to-be-attached typescript is master 45abf35
pulled 2013-05-29 configured with

    --enable-option-checking
    --enable-dbgutil
    --enable-crashdump
    --disable-build-mozilla
    --without-system-postgresql
    --without-myspell-dicts
    --without-help
    --with-extra-buildid

built and executing on ubuntu-natty 32-bit (11.04)

    $ uname -a
    Linux cougar-natty 2.6.38-16-generic #67-Ubuntu SMP Thu Sep 6 18:00:43 UTC 2012 i686 athlon i386 GNU/Linux

    $ gcc --version
    gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2
    Copyright (C) 2010 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions.  There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

    $ java -version
    java version "1.6.0_24"
    OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~11.04.1)
    OpenJDK Client VM (build 20.0-b12, mixed mode, sharing)
Comment 1 Terrence Enger 2013-06-10 21:46:08 UTC
Created attachment 80646 [details]
typescript with gdb backtrace
Comment 2 Terrence Enger 2013-06-10 21:49:40 UTC
I shall try to do the bibisect as soon as I am on a 64-bit system.
Comment 3 Julien Nabet 2013-06-11 19:57:16 UTC
Created attachment 80707 [details]
bt with symbols on master sources

On pc Debian x86-64 with master sources updated today, I reproduced the crash.
I attached a bt with symbols.
Comment 4 Julien Nabet 2013-06-11 20:25:22 UTC
Lionel: in connectivity/source/parse/sqlnode.cxx, in function columnMatchP, rParam.xField is NULL, so it's a problem at least for lines 143 and 145.
Any idea? 
If you want me to add some traces, don't hesitate to tell, I build with --enable-dbgutil
Comment 5 Julien Nabet 2013-06-11 20:43:09 UTC
I increase the importance since:
- it's a regression
- it's a crash
- it has been reproduced
- the sql request is quite basic (so it's not a cornercase)
Comment 6 Terrence Enger 2013-06-11 21:27:37 UTC
Created attachment 80708 [details]
typescript with backtrace from segfault in Query Designer

I have succeeded in creating a similar failure in the Query
Designer.  Briefly, ...

(1) In the .odb file as it was left by the steps described in the
    original report, call up the Query Designer.

(2) Add Sheet1 to the query.

(3) Drag field Keywords from Sheet1 to the first column of the query.

(4) For criterion, type "like 'regression'".

(5) Click the Run icon.
Comment 7 Terrence Enger 2013-06-11 21:32:01 UTC
Playing around with in daily bibisect, I have concluded that the
problem entered the program between commits c41dfa1 and a965715.
Looking at commits within that range, my attention goes to

    commit 16c9ce4877def18ca4578171a96615a632d08092
    Author: Lionel Elie Mamane <lionel@mamane.lu>
    Date:   Fri Apr 26 16:44:43 2013 +0200

        QueryDesign: in criteria, remove matching column_ref in simple expressions
    
        Basically, in first children of infix predicates in search_conditions
    
        Change-Id: I0e2f8fbdde023b088f33d2e2fcbd41110f0e02a8

and

    commit 1bc4a49d9ba99ff0531bafc2cf0183f726bfe14b
    Author: Lionel Elie Mamane <lionel@mamane.lu>
    Date:   Fri Apr 26 12:14:33 2013 +0200

        QueryDesign: in criteria, remove column_ref when table *and* column name match
    
        As opposed to only the column name
    
        Change-Id: I261d13f23214f950daa55a5b63cd486e59a0e127

These two commits, between them, changed several functions in
swnode.cxx that are evident in the backtraces.


Lionel ...

Do you want to take this over?  If not, I can do some digging in gdb.
Comment 8 Tamás Zolnai 2013-06-15 11:39:13 UTC
*** This bug has been marked as a duplicate of bug 65653 ***
Comment 9 Robinson Tryon (qubit) 2015-12-15 11:03:24 UTC
Migrating Whiteboard tags to Keywords: (bibisected)
[NinjaEdit]