Bug 161712

Summary: Crash when undoing after fill down while in edit mode (comment 7)
Product: LibreOffice Reporter: Heiko Tietze <heiko.tietze>
Component: CalcAssignee: Not Assigned <libreoffice-bugs>
Status: NEW ---    
Severity: critical CC: miguelangelrv, noelgrandin, stephane.guillou
Priority: medium Keywords: bibisected, bisected, regression
Version: 7.1.0.3 release   
Hardware: All   
OS: All   
Whiteboard:
Crash report or crash signature: ["ScSimpleUndo::EndUndo()","SfxUndoManager::IsUndoEnabled() const","libc.so.6"] Regression By: Noel Grandin
Bug Depends on:    
Bug Blocks: 105948, 112128, 133092    

Description Heiko Tietze 2024-06-20 10:53:40 UTC 
Enter some content, ensure being in edit mode, fill down, and undo => crash. Does not happen after escape or when not in edit mode. Likely an issue for many other commands too; we should verify whether commands make sense in edit mode.
Comment 1 m_a_riosv 2024-06-21 01:05:57 UTC 
Sorry @Heiko, how to fill down while in edit mode?
Comment 2 Stéphane Guillou (stragu) 2024-06-21 04:55:49 UTC 
Couldn't reproduce, I tried these steps:

1. Select range A1:A5
2. Press F2 to enter Edit Mode in cell A1
3. Enter number "1"
4. Ctrl + D to fill down (does not fill down; can't use handle, see bug 93298)
5. Undo

No crash.

Version: 24.2.4.2 (X86_64) / LibreOffice Community
Build ID: 51a6219feb6075d9a4c46691dcfe0cd9c4fff3c2
CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3

Which steps did you use, Heiko?
Comment 3 Heiko Tietze 2024-06-21 06:06:23 UTC 
1. Insert 1 in B2
2. Enter + up (to finish input and refocus the cell; immediately after the input nothing happens on ctrl+D)
3. ctrl+D => cell becomes empty
4. ctrl+Z => crash

Version: 24.2.4.2 (X86_64) / LibreOffice Community
Build ID: 420(Build:2)
CPU threads: 32; OS: Linux 6.9; UI render: default; VCL: kf6 (cairo+xcb)
Locale: de-DE (en_US.UTF-8); UI: en-US
24.2.4-2
Calc: threaded
Comment 4 Stéphane Guillou (stragu) 2024-06-21 11:48:49 UTC 
No crash in:

Version: 24.2.4.2 (X86_64) / LibreOffice Community
Build ID: 51a6219feb6075d9a4c46691dcfe0cd9c4fff3c2
CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3

Nor with kf5 or gen VCL plugins.

kf6-specific?
Comment 5 Heiko Tietze 2024-07-02 12:29:28 UTC 
Nope, kf5 crashes too. The situation is very special: while in edit mode, press the ctrl+D and ctrl+Z.

Call stack is:
libsclo.so!ScDocument::IsUndoEnabled(const ScDocument * const this) (/home/ht/Sources/libreoffice/sc/inc/document.hxx:1628)
libsclo.so!(anonymous namespace)::DisableUndoGuard::DisableUndoGuard((anonymous namespace)::DisableUndoGuard * const this, ScDocShell * pDocShell) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undobase.cxx:113)
libsclo.so!ScSimpleUndo::EndUndo(ScSimpleUndo * const this) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undobase.cxx:130)
libsclo.so!ScBlockUndo::EndUndo(ScBlockUndo * const this) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undobase.cxx:273)
libsclo.so!ScUndoAutoFill::Undo(ScUndoAutoFill * const this) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undoblk3.cxx:556)
libsvllo.so!SfxUndoAction::UndoWithContext(SfxUndoAction * const this) (/home/ht/Sources/libreoffice/svl/source/undo/undo.cxx:117)
libsvllo.so!SfxUndoManager::ImplUndo(SfxUndoManager * const this, SfxUndoContext * i_contextOrNull) (/home/ht/Sources/libreoffice/svl/source/undo/undo.cxx:726)
libsvllo.so!SfxUndoManager::UndoWithContext(SfxUndoManager * const this, SfxUndoContext & i_context) (/home/ht/Sources/libreoffice/svl/source/undo/undo.cxx:678)
libsclo.so!ScTabViewShell::ExecuteUndo(ScTabViewShell * const this, SfxRequest & rReq) (/home/ht/Sources/libreoffice/sc/source/ui/view/tabvwshb.cxx:850)
libsclo.so!SfxStubScTabViewShellExecuteUndo(SfxShell * pShell, SfxRequest & rReq) (/home/ht/Sources/libreoffice/workdir/SdiTarget/sc/sdi/scslots.hxx:1499)
libsfxlo.so!SfxDispatcher::Call_Impl(SfxDispatcher * const this, SfxShell & rShell, const SfxSlot & rSlot, SfxRequest & rReq, bool bRecord) (/home/ht/Sources/libreoffice/sfx2/source/control/dispatch.cxx:254)
libsfxlo.so!SfxDispatcher::Execute_(SfxDispatcher * const this, SfxShell & rShell, const SfxSlot & rSlot, SfxRequest & rReq, SfxCallMode eCallMode) (/home/ht/Sources/libreoffice/sfx2/source/control/dispatch.cxx:753)
libsfxlo.so!SfxBindings::Execute_Impl(SfxBindings * const this, SfxRequest & aReq, const SfxSlot * pSlot, SfxShell * pShell) (/home/ht/Sources/libreoffice/sfx2/source/control/bindings.cxx:1057)
...
Comment 6 QA Administrators 2024-07-03 03:15:28 UTC 
[Automated Action] NeedInfo-To-Unconfirmed
Comment 7 Stéphane Guillou (stragu) 2024-07-03 04:49:46 UTC 
OK, reproduced now, with extra step 3:

1. Insert 1 in B2
2. Enter + Up (to finish input and refocus the cell)
3. F2 to enter Edit Mode (or Edit > Cell Edit Mode)
3. Ctrl + D => cell emptied
4. Ctrl + Z => crash

Crash reports:
- 24.2.4.2: https://crashreport.libreoffice.org/stats/crash_details/8ffcde71-fbfd-4cbf-8346-58512b80754c
- 7.6.7.2 with signature "ScSimpleUndo::EndUndo()": https://crashreport.libreoffice.org/stats/crash_details/42e7f6bd-4fbf-46b8-ba9b-3a5663abf3ee
- 7.2.0.4 with signature "SfxUndoManager::IsUndoEnabled() const": https://crashreport.libreoffice.org/stats/crash_details/b123c6aa-2550-4d70-aeb2-591d3a510f9e
- 7.1.0.4 with signature "libc.so.6": https://crashreport.libreoffice.org/stats/crash_details/8b568a6d-b57a-45dc-9750-bee9d04e7917

Also crashes on macOS.

No crash in 7.0.0.3 -> regression.

Bibisected with linux-64-7.1 repo to first bad build [5f4b710d4d26bc0ae09f46a0a5be484ed726aae3] which is:

commit 9ab64dc48a6a61edce6ff3724093162ca1cf8331
author	Noel Grandin 	Fri May 29 16:14:52 2020 +0200
committer	Noel Grandin 	Sat May 30 10:49:19 2020 +0200
pass ScSheetLimits around
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95153

Noel, can you please have a look?