Created attachment 141612 [details] sample document Steps to reproduce: 1. Open attached document 2. Ctrl + A 3. Ctrl + C 4. Ctrl + Z Reproduced in Version: 6.1.0.0.alpha0+ Build ID: e31a5365091d8658ecce374bbc339a9d832e1a15 CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); Calc: group The crash ( as described in the steps ) is reproducible from LibreOffice 3.3 up to https://cgit.freedesktop.org/libreoffice/core/commit/?id=2903d85d6197829633d7f96c95cd55821c2c20ff which was reverted in https://cgit.freedesktop.org/libreoffice/core/commit/?id=14d2255cbd254dea6e87a04f747e7d6d3d54ceb9
Created attachment 141613 [details] gdb backtrace
@Michael Stahl, this is the same signature as bug 107975, I thought you might be interested...
*** Bug 117149 has been marked as a duplicate of this bug. ***
No repro with the given steps.. But repro with: 1. Open attached document 2. Ctrl + A 3. Ctrl + C 4. Ctrl + V 5. Ctrl + Z Version: 6.1.0.0.alpha0+ Build ID: 2ed7c02478968852d7d39c2c4677f2ecf3441bc7 CPU threads: 4; OS: Windows 6.3; UI render: default; TinderBox: Win-x86@42, Branch:master, Time: 2018-04-22_01:00:56 Locale: nl-NL (nl_NL); Calc: CL
ouch, yep, I forgot the Ctrl + V ;-)
A variation. However, different crash signature. I expect it to be related 1. Open attached document 2. Ctrl + A 3. Open a new document 4. CTRL+V & CTRL+V 5. Undo+Z & CTRL+Z -> Crash http://crashreport.libreoffice.org/stats/crash_details/a9f4f314-073e-446c-82bd-fd153b028b3d
*** Bug 117154 has been marked as a duplicate of this bug. ***
Created attachment 143307 [details] Example file Another example 1. Extract the html file and open it in Internet Explorer (won't work in Firefox) 2. Copy the content 3. Paste it into Writer 4. Undo (CTRL+Z) -> Crash http://crashreport.libreoffice.org/stats/crash_details/450dc9ab-4470-4207-a38b-3d38d4343358
The importance should be upped in my opinion..
Created attachment 146825 [details] Another Example file 1. Open the attached file 2. CTRL+A 3. CTRL+X 4. CTRL+V 5. CTRL+Z 6. CTRL+Z
Inherit from OOo, thus it's not critical enough...
Created attachment 147089 [details] Example file Another (very basic) example with a table instead of image (with a specific anchoring) 1. Cursor inside the embedded table 2. CTRL+A 3. CTRL+A (full table selected) 3. CTRL+V (below the existing table) 4. CTRL+Z 5. CTRL+Y 6. CTRL+Z
following steps from comment12 and using the attachment LO is crashing without sending a report Version: 6.3.0.0.alpha0+ Build ID: 75dd5d2e734ad9e8265b1954c7496d1ba241079e CPU threads: 8; OS: Linux 4.19; UI render: default; VCL: kde4; Locale: nl-BE (en_US.UTF-8); UI-Language: en-US Calc: threaded
I see that the status of this bug is not considered critical, but I think I encountered it in "real life" (i.e, when just using LO, as opposed to just trying to reproduce the bug). That is, I got a crash (with Version: 6.1.5.2 (x64)) when trying to Undo a paste operation, which has the same signature as mentioned here. http://crashreport.libreoffice.org/stats/crash_details/a0b8af69-6e5b-466b-af3e-fb5e83aadab4
attachment 135992 [details] from bug 112201 is also affected by the same crash. Steps: 1. Select all 2. Copy 3. Paste 4. Undo
Can be also reproduced with attachment 139217 [details] from bug 115111
and attachment 120627 [details] from bug 95900
http://crashreport.libreoffice.org/stats/signature/SwUndoFlyBase::InsFly(sw::UndoRedoContext%20&,bool) is another crash signature related to this Steps to reproduce: 1. Open 134719 from bug 109078 2. Select all 3. Copy 4. Paste 5. Undo
http://crashreport.libreoffice.org/stats/signature/SwUndoFlyBase::InsFly(sw:: UndoRedoContext%20&,bool) is another crash signature related to this Steps to reproduce: 1. Open attachment 134719 [details] from bug 109078 2. Select all 3. Copy 4. Paste 5. Undo
*** Bug 125467 has been marked as a duplicate of this bug. ***
Is there a list of all the crash signature associated with this.. the BT are different nowadays
*** Bug 126081 has been marked as a duplicate of this bug. ***
Michael Stahl committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/dea72ef111ee8a0b1b178f8cd48757514d5ca831%5E%21 sw: fix use after free on tdf117215-1.odt It will be available in 6.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/+/1b0aa6b85edb621d1ccfaed5e3b256d640b92ce6%5E%21 sw: fix use after free on tdf117215-1.odt It will be available in 6.3.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-6-2": https://git.libreoffice.org/core/+/4b9324b93dcbd72c8c8949309d45790dd8f7d5fd%5E%21 sw: fix use after free on tdf117215-1.odt It will be available in 6.2.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
so these are all duplicate of bug 117185 except for comment #12 for which i've filed a new bug 126504 ... and except for one use-after-free problem on one of these documents, which i've fixed.
Verified in Version: 6.4.0.0.alpha0+ Build ID: 0d36b32755ac662299e6a8165e9fa57311b74a2f CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Michael Stahl, thanks for fixing this issue!