Description: Version: 5.4.3.2 (x64) Build ID: 92a7159f7e4af62137622921e809f8546db437e5 CPU threads: 4; OS: Windows 6.19; UI render: default; Locale: en-GB (en_GB); Calc: group Crashes with attached file Steps to Reproduce: 1.Start file open Informationsecurity.odt 2. 3. Actual Results: Writer crashes Expected Results: should show file Reproducible: Always User Profile Reset: Yes Additional Info: writer crashes User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36
Created attachment 138506 [details] Document to be edited
On Win7 with LO 5.4.3.2, I could reproduce this. (even with OpenCL, OpenGL and hardware acceleration disabled)
I can reproduce the crash back to Version 4.1.0.0.alpha0+ (Build ID: efca6f15609322f62a35619619a6d5fe5c9bd5a) but not in LibreOffice 3.3.0 OOO330m19 (Build:6) tag libreoffice-3.3.0.4 @Caolán, Michael, is this one of your interest?
Created attachment 138510 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today I could reproduce this. I attached bt with symbols
retitle this, title of "crash on startup" suggest something different that this crash on load of a document
No immediate crash for me with master, possibly need to run under valgrind or there's something that makes it variable across platforms/installs
Created attachment 138513 [details] valgrind trace
Also, I noticed these kind of logs: warn:legacy.osl:7206:7206:sw/source/core/layout/layact.cxx:745: LoopControl_2 in Interrupt formatting in SwLayAction::InternalAction + warn:linguistic:7206:7255:linguistic/source/gciterator.cxx:571: !! Grammarchecker failed to provide end of sentence !!
Thank you Allan for your feedback. Given the Valgrind trace, I can't help here, I uncc myself.
(In reply to Caolán McNamara from comment #6) > No immediate crash for me with master, possibly need to run under valgrind > or there's something that makes it variable across platforms/installs Sometimes it doesn't crash for me immediately, but it does if I scroll down a bit.
Confirmed Crashes on me too after scrolling. Tested with version: - 5.4.3.2 (x64) - 6.0.0.0.beta2 (x64) Windows 10 64 Locale: bg-BG (bg_BG)
I gave another try to this bug and i found it's a more recent regression. Regression introduced by: author Miklos Vajna <vmiklos@collabora.co.uk> 2015-02-03 18:20:43 +0100 committer Miklos Vajna <vmiklos@collabora.co.uk> 2015-02-03 19:36:36 +0100 commit f1f6b6db730ae67a427c7974b59a5e19ab571984 (patch) tree 56f390a07f2a2df0fdd5fcac02a93e0f1a36354e parent f52667ad9badfe5faec182354a988c084dba4dc7 (diff) xmloff: write character borders in the extension namespace for now Bisected with: bibisect-50max Adding Cc: to Miklos Vajna
It sounds quite strange if such a filter change that is just about pleasing the validator would affect the layout in any way. Tamas, do you have an opinion on this one?
Hmm, it seems related to character borders. I guess in the document loext namespace is used for character borders and that's why bisecting found that commit, because earlier versions of the source does not import character borders at all from this document. I see something like the SwLinePortion's pPortion member point to no object, but not set to nullptr. That's causes an issue to MergeCharacterBorder() method.
Ah, indeed that's why bisect found the above commit. :-)
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ecd855794b22c0f7e6fb2f362b566c4d9c5f624a tdf#114536 sw: fix use-after-free in SwTextFormatter::MergeCharacterBorder() It will be available in 6.1.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Miklos Vajna committed a patch related to this issue. It has been pushed to "libreoffice-6-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=968348dfe3f151ee41163006e7748777a0379e65&h=libreoffice-6-0 tdf#114536 sw: fix use-after-free in SwTextFormatter::MergeCharacterBorder() It will be available in 6.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in Version: 6.1.0.0.alpha0+ Build ID: c915fdbfc77ac78d543bc097cd809edd7e6da8cb CPU threads: 4; OS: Linux 4.10; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); Calc: group threaded
Miklos Vajna committed a patch related to this issue. It has been pushed to "libreoffice-6-0-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=044df60773eb74e90f63dc256e1ba09aa0a1af49&h=libreoffice-6-0-0 tdf#114536 sw: fix use-after-free in SwTextFormatter::MergeCharacterBorder() It will be available in 6.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.