Created attachment 142835 [details] The example file Attached document is from a user, minimized and anonimized. For some reason opening this file in current master makes Writer crash, but not 6.0.4. Word 2013 opens it without any problem/error message. Also opening it in 6.0.4 and saving creates a version that does not crash Writer.
Created attachment 142836 [details] The same file saved by LO 6.0.4
Created attachment 142837 [details] Screenshot of the problem when the original file is opened in LO Version: 6.2.0.0.alpha0+ Build ID: c8d95ccecfcd31b720fdff67bbd6acbdceaf2546 CPU threads: 4; OS: Windows 6.1; UI render: default; TinderBox: Win-x86@42, Branch:master, Time: 2018-06-18_00:55:07 Locale: hu-HU (hu_HU); Calc: group threaded
I can open it with no crash in Version: 6.1.0.0.beta2 (x64) Build ID: 0f4d2060bc90b4008fbc8e6d9a49ec7eeea60b78 CPU threads: 4; OS: Windows 10.0; UI render: GL; Locale: en-US (de_DE); Calc: CL
Repro. We need to wait for a while than we get bad allocation or fatal error "bad array new length".
Repro in 6.2+ Windows both 64-bit and 32-bit. We get bad allocation or we may need to wait for a while for fatal error "bad array new length".
Regression introduced by: author Michael Stahl <Michael.Stahl@cib.de> 2018-05-25 18:41:52 +0200 committer Michael Stahl <Michael.Stahl@cib.de> 2018-06-08 21:51:32 +0200 commit 4966b1d4d0dc7bce0a1741f9347dada7406a7fb4 (patch) tree ada188b2fe2f2e445460d7c75b3655f522249020 parent e26b6a3a2e09bf3680b3b8d042435bddc34e0394 (diff) sw_redlinehide: fix SwCursorShell::GetContentAtPos() redline code This calls SwTextFrame::GetCharRect() on the frame where the mouse cursor is, with SwPositions that may be in a unrelated SwTextNode. Bogus positions now triggers asserts, so let's fix it. Bisected with: bibisect-linux64-6.2 Adding Cc: to Michael Stahl
Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2bdb926bd6afa01cc3cad013317a1e0ecbde0735 tdf#118219 sw: fix SwCursorShell::GetContentAtPos() redline crash It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
hope it's fixed now
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ce2cb181b4feea28c97afba6265c9ec1b0f8290c&h=libreoffice-6-1 tdf#118219 sw: fix SwCursorShell::GetContentAtPos() redline crash It will be available in 6.1.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in Version: 6.2.0.0.alpha0+ Build ID: 2dac65c50481684863433d67999c0ecf81c67e6b CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); Calc: group threaded @Michael Stahl, thanks for fixing this!!