Apache OpenOffice (AOO) Bugzilla – Issue 24308
Crash in lingucomponent thesaurus
Last modified: 2013-02-24 20:34:19 UTC
This one is created from a crash report: ChildEBP RetAddr 0012f80c 1e7b4646 lth645mi!ThesLookup::binsearch 0xb [o:\srx645\src.m19\lingucomponent\source\thesaurus\libth\thlookup.cxx @ 271] 0012f840 1e7b3f8a lth645mi!ThesLookup::Lookup 0x56 [o:\srx645\src.m19\lingucomponent\source\thesaurus\libth\thlookup.cxx @ 168] 0012f8b0 1e5e2923 lth645mi!Thesaurus::queryMeanings 0x22a [o:\srx645\src.m19\lingucomponent\source\thesaurus\libth\thesimp.cxx @ 346] 0012f91c 2028436a lng645mi!ThesaurusDispatcher::queryMeanings 0x2b3 [o:\srx645\src.m19\linguistic\source\thesdsp.cxx @ 261] 0012f950 202e7861 svx645mi!ThesDummy_Impl::queryMeanings 0x5a [o:\srx645\src.m19\svx\source\editeng\unolingu.cxx @ 513] 0012f9a4 202e7a6e svx645mi!SvxThesaurusDialog::UpdateMeaningBox_Impl 0x81 [o:\srx645\src.m19\svx\source\dialog\thesdlg.cxx @ 317] 0012f9c8 202e8443 svx645mi!SvxThesaurusDialog::Init_Impl 0xbe [o:\srx645\src.m19\svx\source\dialog\thesdlg.cxx @ 386] 0012fa28 20a33a6b svx645mi!SvxThesaurusDialog::SvxThesaurusDialog 0x4f3 [o:\srx645\src.m19\svx\source\dialog\thesdlg.cxx @ 285] 0012fac4 20a34057 sw645mi!SwView::StartThesaurus 0x1bb [o:\srx645\src.m19\sw\source\ui\uiview\viewling.cxx @ 730] 0012fad0 209d8daf sw645mi!SwView::ExecLingu 0x27 [o:\srx645\src.m19\sw\source\ui\uiview\viewling.cxx @ 201] 0012fadc 1f9bbf62 sw645mi!SfxStubSwViewExecLingu 0xf [o:\srx645\src.m19\sw\wntmsci8.pro\inc\swslots.hxx @ 10114] 0012fbb0 1f9beb1e sfx645mi!SfxDispatcher::Call_Impl 0x4c2 [o:\srx645\src.m19\sfx2\source\control\dispatch.cxx @ 347] 0012fc0c 1f9bea2f sfx645mi!SfxDispatcher::PostMsgHandler 0xde [o:\srx645\src.m19\sfx2\source\control\dispatch.cxx @ 1564] 0012fc18 1f98cbb8 sfx645mi!SfxDispatcher::LinkStubPostMsgHandler 0xf [o:\srx645\src.m19\sfx2\source\control\dispatch.cxx @ 1524] 0012fc28 1f98cb72 sfx645mi!SfxHintPoster::Event 0x28 [o:\srx645\src.m19\sfx2\source\notify\hintpost.cxx @ 120] 0012fc38 21251da3 sfx645mi!SfxHintPoster::LinkStubDoEvent_Impl 0x12 [o:\srx645\src.m19\sfx2\source\notify\hintpost.cxx @ 114] 0012fc48 212feb8f vcl645mi!Link::Call 0x13 [o:\srx645\wntmsci8.pro\inc.m19\tools\link.hxx @ 160] 0012fc50 21300159 vcl645mi!ImplHandleUserEvent 0x5f [o:\srx645\src.m19\vcl\source\window\winproc.cxx @ 1929] 0012fc98 2138a078 vcl645mi!ImplWindowFrameProc 0x2d9 [o:\srx645\src.m19\vcl\source\window\winproc.cxx @ 2305] 0012fcb0 2138bf1a vcl645mi!ImplHandleUserEvent 0x28 [o:\srx645\src.m19\vcl\win\source\window\salframe.cxx @ 4161] 0012fcec 2138c427 vcl645mi!SalFrameWndProc 0x63a [o:\srx645\src.m19\vcl\win\source\window\salframe.cxx @ 5181] 0012fd18 77e02ca8 vcl645mi!SalFrameWndProcW 0x27 [o:\srx645\src.m19\vcl\win\source\window\salframe.cxx @ 5288] Unable to load image C:\WINNT\system32\USER32.DLL *** WARNING: Unable to verify timestamp for USER32.DLL *** ERROR: Module load completed but symbols could not be loaded for USER32.DLL WARNING: Stack unwind information not available. Following frames may be wrong. 0012fd38 77e02dc5 USER32 0x2ca8 0012fdc4 77e02f0f USER32 0x2dc5 0012fddc 2138d8b9 USER32 0x2f0f 0012fe08 2138d961 vcl645mi!ImplSalYield 0x69 [o:\srx645\src.m19\vcl\win\source\app\salinst.cxx @ 679] 0012fe28 2127e6fb vcl645mi!SalInstance::Yield 0x81 [o:\srx645\src.m19\vcl\win\source\app\salinst.cxx @ 719] 0012fe34 0042c14c vcl645mi!Application::Execute 0x5b [o:\srx645\src.m19\vcl\source\app\svapp.cxx @ 740] 0012fef8 2136cd99 soffice!desktop::aDesktop 0012ff18 0041d6e5 vcl645mi!SVMain 0x49 [o:\srx645\src.m19\vcl\source\app\svmain.cxx @ 285] 0012ff1c 0041e4e4 soffice!WinMain 0x5 [o:\srx645\src.m19\vcl\win\source\app\salmain.cxx @ 88] 0012ffc0 77e787f5 soffice!WinMainCRTStartup 0x191 [f:\vs70builds\9466\vc\crtbld\crt\src\crtexe.c @ 392] 0012fff0 00000000 KERNEL32 0x87f5 There were 6 records in total. Two users left their e-mail address: john@kingshome.co.uk fabrice_henriot@hotmail.com For all reports the platform was wntmsci8.pro. TL->Kevin: Can you please have a look?
Hi Thomas, sal_Int32 ThesLookup::binsearch(sal_Char * sw, sal_Char* list[], int nlst) { sal_Int32 lp, up, mp, j, indx; lp = 0; up = nlst-1; indx = -1; if (rtl_str_compare(sw,list[lp]) < 0) return -1; if (rtl_str_compare(sw,list[up]) > 0) return -1; This segfault seems to indicate that either a null pointer was passed to ThLookup or the thesaurus data file itslef is corrupted since the list itself should always have entries in it. So unless OString aTmp(OU2ENC(rTerm,aEnc)); can somehow return a NULL string even when when rTerm has positive length (tested ealier), this bug is probably from corrupt data in the list. So are they using the thesaurus I built or some replacement thesaurus like the German or other thesaurus? If they are using the German thesaurus, then this really is an issue for the German thesaurus author since his/her data file is corrupt. I will try to add some code to prevent "corrupt" data from crashing here to make this code more robust. Luckily the whole thesaurus code is moving away form binary pre-processed data files to pure text format for OOo 2.0 so the problem of corrupt input files being passed to the thesaurus code will be a thing of the past. Thanks, Kevin
The thesaurus code was heavily modified for 2.0, I think this report can be closed.
Closing this report, as the thesaurus data format has been changed for OOo 2.0 and this shouldn't happen anymore.
*** Issue 24307 has been marked as a duplicate of this issue. ***
closing.