Created attachment 133406 [details] File with linked image and the image itself This bug was filed from the crash reporting server and is br-f1b9bf5b-e601-4792-9e9e-5737b7abd247. ========================================= Open attached archive. Open file "Target.odg". It contains a linked image. Click the image and use the tool "Color Replacer" to change the White parts in the image to transparent. You get a message, whether you want to unlink the image. Click yes. Close color replacer. Close document. Crash.
BTW: Unlinking does not work. The image keeps linked.
Repro with: Version: 5.5.0.0.alpha0+ Build ID: d57e6cd9dcc96112994ca2b14ac45896e86b26e5 CPU threads: 4; OS: Windows 6.19; UI render: default; TinderBox: Win-x86@42, Branch:master, Time: 2017-05-18_22:43:07 Locale: nl-NL (nl_NL); Calc: CL
Reproduced in Version: 5.4.0.0.alpha1+ Build ID: 74d2e606fd3605fe0a585f596eaa215ae4e20d18 CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk3; Locale: en-US (ca_ES.UTF-8); Calc: group and Version: 5.2.0.0.alpha1+ Build ID: 5b168b3fa568e48e795234dc5fa454bf24c9805e CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; Locale: ca-ES (ca_ES.UTF-8) but not in Version: 5.0.0.0.alpha1+ Build ID: 0db96caf0fcce09b87621c11b584a6d81cc7df86 Locale: ca-ES (ca_ES.UTF-8)
Created attachment 133418 [details] backtrace
Regression introduced in range https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=9ce08dcc2e32c5554ddf71b79173f8854e0568ad..f626b886d03f882fc72589db846f24df5290bb03
I noticed that SDRATTR_GRAFINVERT wasn't in include/svx/unoshprp.hxx I added it with this: { OUString(UNO_NAME_GRAPHIC_IS_INVERTED), SDRATTR_GRAFINVERT , cppu::UnoType<bool>::get(), 0, 0}, \ (+ #define UNO_NAME_GRAPHIC_IS_INVERTED "GraphicIsInverted" in include/editeng/unoprnms.hxx) but I still got the crash at the same place. I also noticed this in the logs before the crash: warn:sd:26504:1:sd/source/ui/unoidl/DrawController.cxx:836: Calling disposed DrawController object. Throwing exception: warn:sd:26504:1:sd/source/ui/unoidl/DrawController.cxx:836: Calling disposed DrawController object. Throwing exception: Björn: thought you might be interested in this one since you were working on SfxItemPool and other related stuff. If I'm wrong, don't hesitate to uncc yourself.
Bibisected from the range identified by Xisco in comment 5 using bibisect-win32-5.1. cb2361d78e68581a75f4e9451e25eff1431cd75d is the first bad commit commit cb2361d78e68581a75f4e9451e25eff1431cd75d Author: Norbert Thiebaud <nthiebaud@gmail.com> Date: Fri Sep 18 12:34:17 2015 -0700 source 217a22188274221035aec988eccea5e5c9768921 # bad: [818f6dab9de1b9955f04d0094da526c2b27118ab] source f626b886d03f882fc72589db846f24df5290bb03 # good: [095b850af9a58839387ce1c36509d2e51c60b258] source 9ce08dcc2e32c5554ddf71b79173f8854e0568ad git bisect start '818f6dab9de1b9955f04d0094da526c2b27118ab' '095b850af9a58839387ce1c36509d2e51c60b258' # good: [1e83e0ef4cdefa2f4e5842289eac2917e1e2b350] source 637ad743bb74a826ddd4db5efbcd33779b9132cd git bisect good 1e83e0ef4cdefa2f4e5842289eac2917e1e2b350 # good: [e37ea112cdff8a2877349e8bee89ff74f6bad941] source 5db6ec77d851b2aa9f22a735d1d2a9a5465759cc git bisect good e37ea112cdff8a2877349e8bee89ff74f6bad941 # bad: [1ce638df3e68fd507d1e7801a1ccfdbc15ba7331] source 494aa9ee5d01699c0dcbc912091de30a314c09fc git bisect bad 1ce638df3e68fd507d1e7801a1ccfdbc15ba7331 # good: [cae6d6b7a15b6a65dd7a17a8fe253bec528d763f] source 1de1b63c2243c8b89789a180bfeed3bbb2ff01ae git bisect good cae6d6b7a15b6a65dd7a17a8fe253bec528d763f # bad: [cb2361d78e68581a75f4e9451e25eff1431cd75d] source 217a22188274221035aec988eccea5e5c9768921 git bisect bad cb2361d78e68581a75f4e9451e25eff1431cd75d # first bad commit: [cb2361d78e68581a75f4e9451e25eff1431cd75d] source 217a22188274221035aec988eccea5e5c9768921
Apparently, the crash was introduced with the commit referenced below. Adding Cc: to Caolán McNamara, please take a look. https://cgit.freedesktop.org/libreoffice/core/commit/?id=217a22188274221035aec988eccea5e5c9768921 author Caolán McNamara <caolanm@redhat.com> 2015-09-18 13:40:24 (GMT) committer Caolán McNamara <caolanm@redhat.com> 2015-09-18 14:28:27 (GMT) "valgrind, leak in SdStyleSheet"
Yup, reverting the mentioned commit avoids LibreOffice to crash
Seems to be a a SdrGrafObj still alive at the destruction time of the stylesheets. It seems to be leaked actually, so there's another underlying bug I think
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=118401aae4516bf4cc122e96b376d129ab3a3d5e Resolves: tdf#107959 SdrGrafObj leak triggers later crash It will be available in 5.4.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-4": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e4db2fc10ba4447fa5393853d0cfed795b260f0b&h=libreoffice-5-4 Resolves: tdf#107959 SdrGrafObj leak triggers later crash It will be available in 5.4.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
backport to 5-3 in gerrit
Fix targets.
With master sources updated today, I don't reproduce this. Thank you Caolán!
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-3": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c00af602013b840f4f92c15b259ce6cdeeaabcae&h=libreoffice-5-3 Resolves: tdf#107959 SdrGrafObj leak triggers later crash It will be available in 5.3.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.