reproducible crash after libreoffice update

Jan Beich jbeich at FreeBSD.org
Thu May 16 12:17:55 UTC 2019 

Joan Picanyol i Puig <pica at biaix.org> writes:

> It does seem that somehow the collator's settings get lost, some more details:
>
> (gdb) up 1
> #1  0x0000000800b5a241 in icu::RuleBasedCollator::doCompare (this=0x8173c41c0, left=0x7fffffffce02 u"pre.conf\xffff", leftLength=8, right=0x7fffffffcdc2 u"parent.conf", 
>     rightLength=11, errorCode=@0x7fffffffcd94: U_ZERO_ERROR) at rulebasedcollator.cpp:1003
> 1003        UBool numeric = settings->isNumeric();
>

Does the following sample crash? If not rebuild libreoffice with debug
symbol to get more context. Maybe libreoffice "delete" or "ucol_close"
UCollator pointer but then ends up using it, anyway

$ cat a.cc
#include <unicode/coll.h>

using namespace icu;

int main()
{
  UErrorCode status = U_ZERO_ERROR; 
  Collator *coll = Collator::createInstance(Locale("ca", "ES"), status);
  coll->compare(u"pre.conf\xffff", u"parent.conf");

  return 0;
}

$ c++ a.cc $(icu-config --cppflags --ldflags)
$ ./a.out

> (gdb) up 1
> #3  0x0000000800b31b39 in icu::Collator::compare (this=0x8173c41c0, source=..., target=...) at coll.cpp:495
> 495     return (EComparisonResult)compare(source, target, ec);
> (gdb) print *this
> $1 = {<icu::UObject> = {<icu::UMemory> = {<No data fields>}, _vptr$UObject = 0x800ce7930 <vtable for icu::RuleBasedCollator+16>}, <No data fields>}

>From the above example:

(gdb) p *this
$1 = {<icu::Collator> = {<icu::UObject> = {<icu::UMemory> = {<No data fields>},
      _vptr$UObject = 0x800658578 <vtable for icu::RuleBasedCollator+16>}, <No data fields>},
  data = 0x800f21000, settings = 0x800f08000, tailoring = 0x800f01000, cacheEntry = 0x800f50400,
  validLocale = {<icu::UObject> = {<icu::UMemory> = {<No data fields>},
      _vptr$UObject = 0x8008d8a80 <vtable for icu::Locale+16>},
    language = "ca\000\000\000\000\000\000\000\000\000", script = "\000\000\000\000\000",
    country = "\000\000\000", variantBegin = 2, fullName = 0x800f61058 "ca",
    fullNameBuffer = "ca", '\000' <repeats 154 times>, baseName = 0x800f61058 "ca", fIsBogus = 0 '\000'},
  explicitlySetAttributes = 0, actualLocaleIsSameAsValid = 0 '\000'}

but if "delete coll" happens before coll->compare()

(gdb) p *this
$2 = {<icu::UObject> = {<icu::UMemory> = {<No data fields>},
    _vptr$UObject = 0x800658578 <vtable for icu::RuleBasedCollator+16>}, <No data fields>}

Did you notice "settings" was lost?

More information about the freebsd-office mailing list