Description: Crash when doing copy/undo/copy/exit. Steps to Reproduce: Open attachment 144153 [details] from bug 119254. - Goto slide 2 - Copy this slide - Goto slide 1 - Paste - When ready, Undo - Goto slide 2 - Copy - Exit using the red cross on the top right. - Press "Don't save" Crash. Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Crash on ubuntu 16.04 x64 with Version: 6.2.0.0.alpha0+ Build ID: 4f50129e54c8b4a78e35dc869fd1f5fbc5aa9a87 CPU threads: 2; OS: Linux 4.4; UI render: default; VCL: gtk2; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2018-08-04_22:32:09 Locale: en-US (en_US.UTF-8); Calc: threaded and Version: 6.0.0.0.alpha1+ Build ID: 637d96a25926e299fff5b4cf5a0055b1d171b23b CPU threads: 2; OS: Linux 4.4; UI render: default; VCL: gtk2; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2017-11-17_23:45:59 Locale: en-US (en_US.UTF-8); Calc: single and on windows 7 x64 with Version: 6.0.6.2 (x64) Build ID: 0c292870b25a325b5ed35f6b45599d2ea4458e77 CPU threads: 3; OS: Windows 6.1; UI render: default but -not- with Version: 5.5.0.0.alpha0+ Build ID: 59c9d0653cc42560af48269bb8dee2c2b0b20f68 CPU threads: 2; OS: Linux 4.4; UI render: default; VCL: gtk2; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2017-06-06_23:50:05 Locale: en-US (en_US.UTF-8); Calc: single https://crashreport.libreoffice.org/stats/crash_details/467393d7-f6d9-413b-a255-2c31a77c9a32
Confirmed using LO 6.1.0.3. http://crashreport.libreoffice.org/stats/crash_details/6b8175e3-2d22-48ab-87ea-318a1da2d676
*** Bug 119261 has been marked as a duplicate of this bug. ***
This seems to have begun at the below commit. Adding Cc: to Varun Dhall ; Could you possibly take a look at this one? Thanks f13b433336ff8e47f3ba91d8ab434d32dde3fe96 is the first bad commit commit f13b433336ff8e47f3ba91d8ab434d32dde3fe96 Author: Norbert Thiebaud <nthiebaud@gmail.com> Date: Tue Aug 15 02:50:47 2017 -0700 source 57db6e24b5ad43d447c30e44a112c74c7e75b46b author Varun Dhall <varun.dhall@studentpartner.com> 2017-08-15 02:51:07 +0530 committer Julien Nabet <serval2412@yahoo.fr> 2017-08-15 08:58:39 +0200 commit 57db6e24b5ad43d447c30e44a112c74c7e75b46b (patch) tree 0c62a3fc61e94c2a683e7cdfee87f088009b4b48 parent 8ee4530b90ca7c7967fad00f059236a2b0b57607 (diff) Removing old SfxItemSet::getHash usage
Michael: thought you might be interested in this one, since I had only pushed the patch https://gerrit.libreoffice.org/#/c/41155/ because it had +1 Verified and +2 Code Review.
Created attachment 144170 [details] gdb backtrace
@Noel, I thought you could be interested in this issue...
@Caolán, I thought you could be interested in this issue...
I think... in drawdoc3.cxx ::InsertBookmarkAsPage, when the page is pasted, RenameAndCopyGraphicSheets is called, which calls stlpool.cxx SdStyleSheetPool::CopySheets where an existing stylesheet is found via the "If we have already have a sheet with the new name and it is equal to the one in the source pool, do nothing" and added it to rCreatedSheets. Later in SdMoveStyleSheetsUndoAction::Undo the style is unconditionally removed from the pool, even though the original version of the graphic still relies on it. Possibly removing such "already there" stylesheets from rCreatedSheets is the right approach.
and I think 57db6e24b5ad43d447c30e44a112c74c7e75b46b is innocent and the problem really comes from commit a4cd841541a729d7b8126d27d91fa28e30b01403 Author: Muthu Subramanian <sumuthu@collabora.com> Date: Thu Feb 13 16:10:47 2014 +0530 n#757432: Styles (rename &) copy to different decks. which 57db6e24b5ad43d447c30e44a112c74c7e75b46b just exposing the problem that introduced
Increasing priority based on crash count
Would it be possible to have an odp smaller? Indeed, I haven't given a try yet with gdb but just using LO with it, it takes ages (at least 30s for every step) to have some result.
Anyway, I could reproduce the crash and can provide some console logs: Lots of "warn:legacy.tools:6790:6790:editeng/source/editeng/impedit4.cxx:1283: InsertBinTextObject - Style not found!" Then: warn:legacy.tools:6790:6790:sd/source/ui/slidesorter/controller/SlsPageSelector.cxx:84: PageSelector::DeselectAllPages: the selected pages counter is not 0 warn:vcl:6790:6790:vcl/source/window/winproc.cxx:841: ImplHandleKey: Keyboard-Input is sent to a frame without focus ... warn:legacy.tools:6790:6790:editeng/source/editeng/impedit4.cxx:1283: InsertBinTextObject - Style not found! ... warn:legacy.tools:6790:6790:sd/source/core/stlpool.cxx:715: StyleSheet has invalid parent: Family mismatch warn:legacy.osl:6790:6790:svl/source/items/style.cxx:209: StyleSheet-Parent not found warn:legacy.tools:6790:6790:sd/source/core/stlpool.cxx:715: StyleSheet has invalid parent: Family mismatch warn:legacy.osl:6790:6790:svl/source/items/style.cxx:209: StyleSheet-Parent not found Then: a lot of "warn:svx.uno:6790:6790:svx/source/svdraw/svdobj.cxx:2797: a UNO shape took over an SdrObject previously owned by another UNO shape!" end with this: warn:svx:6790:6790:svtools/source/control/valueacc.cxx:679: Calling disposed object. Throwing exception: warn:svx:6790:6790:svtools/source/control/valueacc.cxx:679: Calling disposed object. Throwing exception: warn:sd:6790:6790:sd/source/ui/unoidl/DrawController.cxx:821: Calling disposed DrawController object. Throwing exception: warn:sd:6790:6790:sd/source/ui/unoidl/DrawController.cxx:821: Calling disposed DrawController object. Throwing exception:
https://gerrit.libreoffice.org/#/c/59432/ makes it not crash for me
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=27fb6f228271637070e0e0a69d7df503250d8bde Resolves: tdf#119259 reused in-use SdStyleSheet removed by undo It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
backport to 6-1 in gerrit
Verified in Version: 6.2.0.0.alpha0+ Build ID: 63f8c506637c910ed1efa572f23ff1af7715e7e3 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); Calc: threaded @Caolán, Thanks for fixing this!!
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=b6b6d5c22e52c83af60eba077f0c5098f2198782&h=libreoffice-6-1 Resolves: tdf#119259 reused in-use SdStyleSheet removed by undo It will be available in 6.1.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.