Description: Crash after undo operation Steps to Reproduce: 1. Open the attached file 2. Press CTRL+A and + CTRL+C 3. Position the mouse cursor (caret) after "ABC" below the blue image 4. Paste CTRL+V 5. Undo paste CTRL+Z -> Crash crashreport.libreoffice.org/stats/crash_details/6b2a72a2-80d4-4759-84bc-b695350653d4 Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Versie: 5.4.0.0.beta1 Build ID: 8672113ead4e403c55e31b1d9a3d1e0f3b299577 CPU-threads: 4; Besturingssysteem:Windows 6.2; UI-render: standaard; Locale: nl-NL (nl_NL); Calc: CL User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Created attachment 133424 [details] Example file
Confirmed in Version: 5.4.0.0.alpha1+ Build ID: 74d2e606fd3605fe0a585f596eaa215ae4e20d18 CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk3; Locale: en-US (ca_ES.UTF-8); Calc: group and Version: 5.2.0.0.alpha1+ Build ID: 5b168b3fa568e48e795234dc5fa454bf24c9805e CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; Locale: ca-ES (ca_ES.UTF-8) but not in Version: 5.0.0.0.alpha1+ Build ID: 0db96caf0fcce09b87621c11b584a6d81cc7df86 Locale: ca-ES (ca_ES.UTF-8)
Created attachment 133434 [details] backtrace
Regression introduced in range https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=240d1f289c5788845cd4336f223f2c4bc8975a99..4f918cd5daed963287805da761e6983a392ae050 Bibisected with lo-linux-dbgutil-daily-till51
I got a freeze during bibisection, and the other symptom is that the blue image got moved, not copied to its new place. Adding Cc: to Michael Stahl, please take a look. While it's a revert, the reverted commit is from a year before. https://cgit.freedesktop.org/libreoffice/core/commit/?id=e84f0a9b3223f49b0829f2f55dacbf11ae201c1e author Michael Stahl <mstahl@redhat.com> 2015-09-11 15:20:27 (GMT) committer Michael Stahl <mstahl@redhat.com> 2015-09-11 15:44:27 (GMT) Revert "Fix single node CopyRange"
I do confirm LibreOffice crashes before 9099e21b89184bd4e39def497e483cac4a77ec5a. Tested with bibisect-44max
Regression introduced initially by: author Luboš Luňák <l.lunak@collabora.com> 2014-08-12 16:39:02 (GMT) committer Luboš Luňák <l.lunak@collabora.com> 2014-08-12 18:23:16 (GMT) commit 2903d85d6197829633d7f96c95cd55821c2c20ff (patch) tree c73b28cb073885647e4e9274735bc7e4ed93fa10 parent 95f0811c093680e6258f3bc973a3f7a3731a28f4 (diff) fix deleting an image anchored to last paragraph in document It only compared nodes instead of SwPositions, thus refusing to delete anything anchored at the last content node. Also, select-all makes rEnd point to the last content node, after its content. So if an anchor-to-char image is anchored at the end of the paragraph, it points to this place, too, so that must be checked. Bisected with bibisect-44max
Created attachment 133609 [details] bt with debug symbols On pc Debian x86-64 with master sources updated 2 days ago, I could reproduce this. I attached a bt + content of BigPtrArray when crash happened.
the commit in comment #7 is a good idea but unfortunately incomplete; there are other places than the one changed there that need to agree as to whether flys in a selection are deleted or not. this includes Undo as in this report and OOo issue 97570 (Insert File instead of Paste) which was incidentally re-introduced by this commit, as well as redlining. the Undo currently has difficulties distinguishing between flys that were already there vs. flys that were inserted by the Paste, so if it deletes too many flys all the nodes-indexes stored in Undo objects are off and can cause out-of-bounds indexing. there is some mechanism in shellio.cxx to track inserted flys; i forgot if that is used during Paste or not... unfortunately i'm short on time to investigate how this should work, so i'll just revert the commit for now, shouldn't crash any more at least. fixed on master
Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=14d2255cbd254dea6e87a04f747e7d6d3d54ceb9 tdf#107975: Revert "fix deleting an image anchored to last paragraph It will be available in 6.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Hi Michael, Thanks for fixing this. Do you know, by any change, the steps to reproduce the problem 2903d85d6197829633d7f96c95cd55821c2c20ff was meant to fix? I'd like to create a follow-up issue since the commit has been reverted
(In reply to Xisco Faulí from comment #11) > Do you know, by any change, the steps to reproduce the problem > 2903d85d6197829633d7f96c95cd55821c2c20ff was meant to fix? I'd like to > create a follow-up issue since the commit has been reverted i am not sure about this. one problem is that if the deletion ends in the middle of a paragraph, then flys anchored AT char in the selection don't get deleted but are just anchored at the start of the paragraph. actually there is the symmetric problem at the start of the selection, for which the commit didn't help at all. another is if you anchor a fly AT char at the very end of the document, i don't think there is a way to delete it by deleting text, you have to delete it by doing a fly selection and then deleting that.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-5-3": http://cgit.freedesktop.org/libreoffice/core/commit/?id=1450f9f56c2053a1584f2f1a9e40c54971b57edd&h=libreoffice-5-3 tdf#107975: Revert "fix deleting an image anchored to last paragraph It will be available in 5.3.6. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-5-4": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2327554df607b8f74d8cb91d81659bcc125a99dc&h=libreoffice-5-4 tdf#107975: Revert "fix deleting an image anchored to last paragraph It will be available in 5.4.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-5-3-5": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c3b0e4e456d10d3f73900049afda1a9e181ead7f&h=libreoffice-5-3-5 tdf#107975: Revert "fix deleting an image anchored to last paragraph It will be available in 5.3.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Zdeněk Crhonek committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/cd4ec0c236483d4c478157b08e310e1585412c7c%5E%21 uitest for bug tdf#107975 It will be available in 6.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
UI test was added in https://git.libreoffice.org/core/+/cd4ec0c236483d4c478157b08e310e1585412c7c%5E%21 I've removed "needUITest" keyword
Zdeněk Crhonek committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/+/1145f62936c4979a50b26ddf3d6b9127dd749ab9%5E%21 uitest for bug tdf#107975 It will be available in 6.3.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
The test exist, set status to Verified.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2c5655d72401e6b6e917ece381e879b30680d20f tdf#107975: move UItest to CppunitTest It will be available in 7.0.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.