soffice.bin crashed with SIGABRT in os::abort()

Problem description:

On using an undo for a search&replace operation corrupt the text in a way that the replaced term is not substituted back by the original term. Instead the original term is just placed in in front of the new term, which gives a mashup. The original term was "Biolinux" it was replaced by "Bio-Linux" on 31 occurences and after this the menu Edit-> undo was used. The result is "BiolinuxBio-Linux" on 31 occurences.

Steps to reproduce:
1. Open up the attached document"Impacting the bioscience prograss..."
2. Use Search&Replace with the search term "Biolinux" and the replace term "Bio-Linux"
3.See the replacing finishing with success.
4.Use Menu -> Edit -> Undo
5.See that failing with the mashup "BiolinuxBio-Linux"

Current behavior: See above

Expected behavior:

The undo oeration should bring back the original term "Biolinux" and not the mashup "BiolinuxBio-Linux" from the original term "Biolinux" and the replace term "Bio-Linux"

Operating System: Ubuntu
Version: 4.1.1.2 release

> ....
>
> Steps to reproduce:
> 1. Open up the attached document"Impacting the bioscience prograss..."
>
> ....

there's no attachment here. please upload it again.

Sorry, the file is arround 5MB and the upload is limited here to 3MB-> Could not do the upload.

I have retested it with LibreOffice 4.1.2rc3 on Ubuntu. The procedure causes on this LibreOffice version a crash.

The downstream report can be found here:

https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1235935

The here missed .odt file can be found here:

https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1235935/+attachment/3862408/+files/Impacting%20the%20bioscience%20progress%20by%20backporting%20software%20fro%20Biolinux.odt

But the file has got some changes during the last two days. Now you must search for "Bio-Linux" and replace all with "Biolinux" (you see it is now the other way arround).

Confirmed on Ubuntu with version 4.1.2.3 .

I will add a backtrace.

Created attachment 87196
GDB trace

Oups not the same, for me it is a core dump.

So two bugs, the first one is mis replacement when the text replaced is in a frame.

Second is the crash.

Also case in links

Only appears if we use the backwards search.

Confirmed with LibO 4.0.1.2 on WinXP
Change version

The bug is NOT present in LibO 4.0.0.3 on WinXP
Add regression as Keyword

Simple procedure to reproduce:
1. New document in Writer
2. type toto
3. Ctrl+H, Search for=toto, Replace with=titi, More Options > check Backwards
4. Replace all, OK, Close
5. Ctrl+Z

Current behavior:
text is now tototiti

Expected behavior:
text should be toto

Reproduce with Version 4.0.1.1 (Build ID: 2c0c17a6e4bee0ee28131ea4bdc47edc700d659)
Change Version
The bug appears between 4.0.0.3 and 4.0.1.1, probably somewhere here:
https://wiki.documentfoundation.org/Releases/4.0.1/RC1

regression from:

commit 6b08fe833186a04f9aef698a540d3a7493ac4519
Author: Michael Stahl <email address hidden>
AuthorDate: Fri Feb 15 15:28:24 2013 +0100

    fdo#60732: check max size in SwTxtNode::ReplaceText

    Also adjust SwUndoReplace to not assume that everything was inserted and
    use the stored indexes instead in Undo.

... which changed SwUndoReplace::Impl::SetEnd to use the wrongly set
end position in rPam.

Arnaud Versini committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=9685d20f2a0526a4c454cea1bd947eccbaeefa84

Fix fdo#70143 by reporting swaping of positions

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

... and then i noticed that the replacement of paragraph
breaks (via regex "$") is also broken by that commit,
and things get really annoying.

hopefully fixed now, OOo issue 102333 has some interesting testcases.
and commit e0d4e6f22a4290a4b11a342fd59523b28963838c too.

Michael Stahl committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=f011a5c5071ed4a60f0ee7117608b72cecbb958d

fdo#70143: fix SwDoc::ReplaceRangeImpl() a bit more

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Arnaud Versini committed a patch related to this issue.
It has been pushed to "libreoffice-4-1":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ca83560f3079289df88dd7df7c00917efbd72dc0&h=libreoffice-4-1

fdo#70143: fix SwDoc::ReplaceRangeImpl()

It will be available in LibreOffice 4.1.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Arnaud Versini committed a patch related to this issue.
It has been pushed to "libreoffice-4-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=f431f2fbaad8098870b1f9bdb71b6db514d2cbda&h=libreoffice-4-0

fdo#70143: fix SwDoc::ReplaceRangeImpl()

It will be available in LibreOffice 4.0.7.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Arnaud Versini committed a patch related to this issue.
It has been pushed to "libreoffice-4-0-6":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=bb90748abbe4196bf0bca324b979fcc44bd643a2&h=libreoffice-4-0-6

fdo#70143: fix SwDoc::ReplaceRangeImpl()

It will be available already in LibreOffice 4.0.6.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Arnaud Versini committed a patch related to this issue.
It has been pushed to "libreoffice-4-1-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=a55ba57c0ad4d5c2d8f49d4d57d00e7e05380351&h=libreoffice-4-1-3

fdo#70143: fix SwDoc::ReplaceRangeImpl()

It will be available already in LibreOffice 4.1.3.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.