This bug was filed from the crash reporting server and is br-be54d570-76d6-43e1-8a7a-9c721b076c92. ========================================= Insert table in write and start to merge cells. Sometimes LibreOffice crash after the second merge, sometimes after more merges...
Cannot reproduce with Version: 6.1.0.0.alpha0+ Build ID: 783ebd697beec674d64e831615c022a97681a4dc CPU threads: 4; OS: Linux 4.4; UI render: default; VCL: gtk3; Did 6 merges.
Created attachment 142081 [details] Example Table I try to merge the marked row and LibreOffice 6.0 crash reproducible 5-6 times. Now same document (never recovered after crash) do not crash LibreOffice. See this on minimum three Debian 9.4 workstations (Intel, Nvidia GPU). Not sure what's the root cause of this issue, but sometimes it need longer to reproduce.
Same with LibreOffice 6.1 Dev. * open Writer * create table 3x5 * merge the middle row --> crash Version: 6.1.0.0.alpha1 Build ID: cb47f0d320994e001bc38dc2ee9b7d957b15e6ab CPU threads: 4; OS: Linux 4.9; UI render: default; VCL: gtk2; Locale: de-DE (de_DE.UTF-8); Calc: group http://crashreport.libreoffice.org/stats/crash_details/342f3320-2a62-44e8-98c6-5380e44ea5c0
This user has the same issue: https://superuser.com/questions/1315717/libre-office-writer-crashes-when-merging-table-cells
There are a lot of crash reports since version 6: https://crashreport.libreoffice.org/stats/signature/libstdc++.so.6.0.22
Created attachment 142102 [details] gdb debug
Version: 6.0.4.2 Build ID: 9b0d9b32d5dcda91d2f1a96dc04c645c450872bf CPU threads: 4; OS: Linux 4.9; UI render: default; VCL: gtk2; Locale: de-DE (de_DE.UTF-8); Calc: group
Playing around with older versions [1] today, 6.0.0.0.alpha1 works without crash. 6.0.0.0.beta1 doesn't work anymore and crash. Interesting, if I install LibreOffice from Stretch Backports it works without crashing! Version: 6.0.4.1 Build-ID: 1:6.0.4~rc1-4~bpo9+2 CPU-Threads: 4; BS: Linux 4.9; UI-Render: Standard; VCL: gtk3; Gebietsschema: de-DE (de_DE.UTF-8); Calc: group Looks like to me there is an issue with the TDF amd64 .debs? [1] https://downloadarchive.documentfoundation.org/libreoffice/old/
@ raal, on which system do you test this?
(In reply to Samuel from comment #9) > @ raal, > > on which system do you test this? Ubuntu 64-bit and I can not reproduce it with 6.1-Master.
Thanks for feedback. Since the most (if not all) crash reports on a Debian kernel it must a problem between Debian 9, .debs from TDF and LibreOffice 6.x.
I'm not sure if it's related, but the same issue happens on Fedora 28 (both system package, and flatpak package from Flathub: 6.0.x). See downstream bug for sample document and coredump: https://bugzilla.redhat.com/show_bug.cgi?id=1582324
valgrind log is... ==12088== at 0x5F637E1: __dynamic_cast (in /usr/lib64/libstdc++.so.6.0.25) ==12088== by 0x462BA363: SwAccessibleMap::InvalidateTextSelectionOfAllParas() (accmap.cxx:3445) ==12088== by 0x46E3D263: SwViewShellImp::InvalidateAccessibleParaTextSelection_() (viewimp.cxx:418) ==12088== by 0x46E49EBE: SwViewShell::InvalidateAccessibleParaTextSelection() (viewsh.cxx:2435) ==12088== by 0x46399692: SwNotifyAccAboutInvalidTextSelections::~SwNotifyAccAboutInvalidTextSelections() (crsrsh.cxx:1405) ==12088== by 0x4638F32D: SwCursorShell::UpdateCursor(unsigned short, bool) (crsrsh.cxx:1877) ==12088== by 0x463874E0: SwCursorShell::EndAction(bool, bool) (crsrsh.cxx:272) ==12088== by 0x468457B4: SwFEShell::EndAllActionAndCall() (fews.cxx:65) ==12088== by 0x4683A0FE: SwFEShell::MergeTab() (fetab.cxx:463) ==12088== by 0x47237FD8: SwTableShell::Execute(SfxRequest&) (tabsh.cxx:761) ==12088== by 0x4723436A: SfxStubSwTableShellExecute(SfxShell*, SfxRequest&) (swslots.hxx:11394) ==12088== by 0xAA3A227: SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&), SfxRequest&) (shell.hxx:211) ==12088== Address 0x3b95a160 is 0 bytes inside a block of size 280 free'd ==12088== at 0x4C2EDAC: free (vg_replace_malloc.c:530) ==12088== by 0x4E5BA77: rtl_freeMemory_SYSTEM(void*) (alloc_global.cxx:237) ==12088== by 0x4E5BD33: rtl_freeMemory (alloc_global.cxx:303) ==12088== by 0x4E5A7A6: rtl_cache_free (alloc_cache.cxx:1081) ==12088== by 0xF22BECF: FixedMemPool::Free(void*) (mempool.cxx:49) ==12088== by 0x46AB5A0D: SwTextFrame::operator delete(void*, unsigned long) (txtfrm.hxx:385) ==12088== by 0x46AACEB2: SwTextFrame::~SwTextFrame() (txtfrm.cxx:435) ==12088== by 0x4696B1B4: SwFrame::DestroyFrame(SwFrame*) (ssfrm.cxx:384) ==12088== by 0x4696BB46: SwLayoutFrame::DestroyImpl() (ssfrm.cxx:532) ==12088== by 0x4697BEC8: SwCellFrame::DestroyImpl() (tabfrm.cxx:4666) ==12088== by 0x4696B165: SwFrame::DestroyFrame(SwFrame*) (ssfrm.cxx:382) ==12088== by 0x4696BB46: SwLayoutFrame::DestroyImpl() (ssfrm.cxx:532)
what I see is a similar, though slightly different, problem to bug 87199
https://gerrit.libreoffice.org/#/c/54808/ seems to work for me for this
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c12bfe9296b5db66ae7326f1dd99b1aa8fb9d2bb tdf#117601 a11y crash after merging cells It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
what I can reproduce appears to be fixed by the above, backports in gerrit
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=95ed8c0c76c18e773c5484b8b27c36805fcc7b9b&h=libreoffice-6-1 tdf#117601 a11y crash after merging cells It will be available in 6.1.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=bab7384c005921768a9499550c1525d211aeddf9&h=libreoffice-6-0 tdf#117601 a11y crash after merging cells It will be available in 6.0.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Zdeněk Crhonek committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/05cbfa4cca3dc77dcdcdd5d87de7baf37485d852%5E%21 uitest for bug tdf#117601 It will be available in 6.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
The test exist, set status to Verified.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/0da05130dab54fc29ed51a62ad95d13d063e2519 tdf#117601: move UItest to CppunitTest It will be available in 7.0.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.