Description: Crash when closing the document after a specific undo redo operation (ucrtbase) Steps to Reproduce: 1. Open attachment 133424 [details] (bug 117152 & bug 107975) 2. CTRL+A 3. CTRL+C 4. Press Enter ABC (below the image) 4. Paste (CTRL+V) 5. Enter 5. Paste (CTRL+V) 6. Undo three times 7. Redo (CTRL+Y) 8. Close the document (grey cross) Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Version: 6.1.0.0.alpha0+ Build ID: 2ed7c02478968852d7d39c2c4677f2ecf3441bc7 CPU threads: 4; OS: Windows 6.3; UI render: default; TinderBox: Win-x86@42, Branch:master, Time: 2018-04-22_01:00:56 Locale: nl-NL (nl_NL); Calc: CL User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Created attachment 141567 [details] GDB trace of crash with master Repro. Arch Linux 64-bit Version: 6.1.0.0.alpha0+ Build ID: 14184060bd2249a492ea44d36463914c421e6ce5 CPU threads: 8; OS: Linux 4.16; UI render: default; VCL: kde4; Locale: fi-FI (fi_FI.UTF-8); Calc: group Built on April 23rd 2018
Also reproducible with Version: 5.4.6.2 (x64) Build-ID: 4014ce260a04f1026ba855d3b8d91541c224eab8 CPU-Threads: 4; BS: Windows 6.19; UI-Render: Standard; Gebietsschema: en-US (de_DE); Calc: group crashreport.libreoffice.org/stats/crash_details/c2c0ebe1-dffe-4b7a-8af7-b044539b3685
I can also reproduce it Version 4.1.0.0.alpha0+ (Build ID: efca6f15609322f62a35619619a6d5fe5c9bd5a)
I get a different crash signature thougt: http://crashreport.libreoffice.org/stats/signature/AttrSetHandleHelper::SetParent(std::shared_ptr%3CSfxItemSet%20const%20%3E%20&,SwContentNode%20const%20&,SwFormat%20const%20*,SwFormat%20const%20*)
Actually it's the same crash signature than in the backtrace...
*** Bug 117152 has been marked as a duplicate of this bug. ***
the problem is that the last Paste action inserts a fly that is anchored AT_CHAR at the end of the last paragraph in the document, but the SwUndoInserts::UndoImpl does not remove this fly, which causes the indexes that are stored in the Undo actions to point to the wrong nodes due to the added fly-section at the start of the SwNodes. this situation was previously fixed by: commit 2903d85d6197829633d7f96c95cd55821c2c20ff fix deleting an image anchored to last paragraph in document It only compared nodes instead of SwPositions, thus refusing to delete anything anchored at the last content node. Also, select-all makes rEnd point to the last content node, after its content. So if an anchor-to-char image is anchored at the end of the paragraph, it points to this place, too, so that must be checked. but unfortunately this commit introduced a different problem (see bug 107975) and re-introduced OOo issue 97570, hence i've reverted it in commit 14d2255cbd254dea6e87a04f747e7d6d3d54ceb9 due to lack of time, see also https://bugs.documentfoundation.org/show_bug.cgi?id=107975#c9
@Michael Stahl, then, is this a dupe of bug 117215 or viceversa ?
Michael Stahl committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/28b77c89dfcafae82cf2a6d85731b643ff9290e5%5E%21 tdf#117185 tdf#110442 sw: bring harmony & peace to fly at-char selection It will be available in 6.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
fixed on master
*** Bug 124720 has been marked as a duplicate of this bug. ***
*** Bug 124721 has been marked as a duplicate of this bug. ***
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/+/3345feb67f2c49a1b76639965b56968e1c5f03ee%5E%21 tdf#117185 tdf#110442 sw: bring harmony & peace to fly at-char selection It will be available in 6.3.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in Version: 6.4.0.0.alpha0+ Build ID: 0d36b32755ac662299e6a8165e9fa57311b74a2f CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Michael Stahl, thanks for fixing this issue!