Description: Crash after pasting an image into a new document Steps to Reproduce: 1. Open the attached file (file open); no other documents open 2. Copy CTRL+C the image blue square 3. Add a header 4. Press four times (4x) CTRL+V in the header 5. Close the document (not LibreOffice) 6. Select Writer Document in Start Center 7. Press CTRL+V -> Crash. If not add a header and paste again Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Versie: 5.4.0.0.beta1 Build ID: 8672113ead4e403c55e31b1d9a3d1e0f3b299577 CPU-threads: 4; Besturingssysteem:Windows 6.2; UI-render: standaard; Locale: nl-NL (nl_NL); Calc: CL http://crashreport.libreoffice.org/stats/crash_details/f0ae54eb-53f2-4886-ab8b-fdf3cf594ba8 User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Created attachment 133425 [details] Example file
About step 5: Saving isn't necessary when closing the document
I can reproduce it in Version: 5.4.0.0.alpha1+ Build ID: 74d2e606fd3605fe0a585f596eaa215ae4e20d18 CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk3; Locale: en-US (ca_ES.UTF-8); Calc: group and Version: 5.2.0.0.alpha1+ Build ID: 5b168b3fa568e48e795234dc5fa454bf24c9805e CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; Locale: ca-ES (ca_ES.UTF-8) sometimes, it needed to be tested a couple of times in order to reproduce the crash
i tried 5 times with Version: 5.0.0.0.alpha1+ Build ID: 0db96caf0fcce09b87621c11b584a6d81cc7df86 Locale: ca-ES (ca_ES.UTF-8) and I can't reproduce it. Adding regression keyword
Created attachment 133435 [details] backtrace
I tried to bibisect it with lo-linux-dbgutil-daily-till52 and it points me to this range: https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=a420a4346ec21ea561f1321767d6a5eed98df02b..45701913f642b17aabd67b52de9002cc79cf07ae, However, I'm not 100% sure as it's not always crashing, however I tried it several times...
So... bibisection had this result, but I'm kind of sceptical. https://cgit.freedesktop.org/libreoffice/core/commit/?id=df750471d757562671e612fe83d758231dd58b58 author Yeliz Taneroğlu <yeliztaneroglu@gmail.com> 2016-03-05 22:18:51 (GMT) committer Stephan Bergmann <sbergman@redhat.com> 2016-03-08 13:25:01 (GMT) "tdf#74608 comphelper: Constructor feature for InstanceLocker" If I only were to look at the trace, I'd be more inclined to say this could be responsible in the range, as it actually touches files in that are in the trace: https://cgit.freedesktop.org/libreoffice/core/commit/?id=ad5427c03cf4d6506039a994cfb8a51d3ecda3e2 author Miklos Vajna <vmiklos@collabora.co.uk> 2016-03-08 11:18:24 (GMT) committer Miklos Vajna <vmiklos@collabora.co.uk> 2016-03-08 12:36:43 (GMT) "sw: detect copy&paste from classified to non-classified documents" On the other hand, I couldn't reproduce with 5.3.3.2, yet it's evidently still there in 5.4beta1...
Yep, reverting https://cgit.freedesktop.org/libreoffice/core/commit/?id=ad5427c03cf4d6506039a994cfb8a51d3ecda3e2 locally seems to fix the crash. Adding Cc: to Miklos Vajna
Here's precise point: #4 0x00007ffff1eba01f in SfxObjectShell::getDocProperties (this=0x79999999999997d) at /home/julien/lo/libreoffice/sfx2/source/doc/objmisc.cxx:171 #5 0x00007fffc94c4369 in (anonymous namespace)::lcl_checkClassification (pSourceDoc=0x5555589b66a0, pDestinationDoc=0x555558e32e50) at /home/julien/lo/libreoffice/sw/source/uibase/dochdl/swdtflvr.cxx:3229 #6 0x00007fffc94c471c in SwTransferable::PrivatePaste (this=0x55555c1e65b0, rShell=...) at /home/julien/lo/libreoffice/sw/source/uibase/dochdl/swdtflvr.cxx:3292 (gdb) p pSourceShell $1 = (SwDocShell *) 0x79999999999997d pSourceShell comes from pSourceDoc->GetDocShell(); It seems to me that Miklos' change triggered an existing bug but is not the root cause.
Minimal list of steps that triggers the problem for me: 1) open the bugdoc 2) copy the shape 3) paste in the same document (once, body text is enough) 4) close and open an empty document 5) paste in the new document -> crash
(In reply to Miklos Vajna from comment #10) > Minimal list of steps that triggers the problem for me: > > 1) open the bugdoc > 2) copy the shape > 3) paste in the same document (once, body text is enough) > 4) close and open an empty document > 5) paste in the new document -> crash I can reproduce it in Versión: 5.3.2.2 Id. de compilación: 6cd4f1ef626f15116896b1d8e1398b56da0d0ee1 Subproc. CPU: 1; SO: Windows 6.1; Repr. de IU: predet.; Motor de trazado: HarfBuzz; Configuración regional: ro-RO (es_ES); Calc: group but it's not systematic, sometimes it crashes and sometimes not
I'll take a look at this.
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=336f893c57c3c0281d4899629ad55603837d5d40 tdf#107976 sw: let a view handle multiple transferables It will be available in 5.5.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in Version: 5.5.0.0.alpha0+ Build ID: 36b1e6270bf2fbb333e2a69c4bb5931eba418289 CPU threads: 1; OS: Windows 6.1; UI render: default; TinderBox: Win-x86@62-TDF, Branch:MASTER, Time: 2017-05-29_14:06:19 Locale: es-ES (es_ES); Calc: group
Miklos Vajna committed a patch related to this issue. It has been pushed to "libreoffice-5-4": http://cgit.freedesktop.org/libreoffice/core/commit/?id=49d0f4968290cbfc76e0c8bbda648404d0f8f64f&h=libreoffice-5-4 tdf#107976 sw: let a view handle multiple transferables It will be available in 5.4.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Is it possible to backport the patch? I'm seeing quite a lot of crashes in LibO5.3 http://crashreport.libreoffice.org/stats/signature/%60anonymous%20namespace'::lcl_checkClassification%28SwDoc%20*,SwDoc%20*%29#summary I can repro it with LibO5.3.3.1 http://crashreport.libreoffice.org/stats/crash_details/04687a1f-9719-4d7e-9fc5-69143119f1d1
Miklos Vajna committed a patch related to this issue. It has been pushed to "libreoffice-5-3": http://cgit.freedesktop.org/libreoffice/core/commit/?id=747be68119f2c85f1cdf6151fac67cd8cb840b76&h=libreoffice-5-3 tdf#107976 sw: let a view handle multiple transferables It will be available in 5.3.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 106220 has been marked as a duplicate of this bug. ***
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=637538a9957af5deb69e6677af7c1d62cdaf3eb2 Related: tdf#107976 SwView_Impl::AddTransferable: remove dead weak references It will be available in 6.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.