Description: Steps to Reproduce: 1. Open the attached xls 2. Move the orange-border rectangle that is at top-left angle someplace. 3. Press a letter (so a character would appear in the rectangle) 4. Press Ctrl+z to undo the text, and then press Ctrl+z to undo the movement Actual Results: Calc crashes Expected Results: Actions undone. Reproducible: Always User Profile Reset: No OpenGL enabled: Yes Additional Info: This crash reproducible at least on Mac OS X, and Archlinux. Stacktrace from the later, got with gdb: #0 0x00007fc59c0b32bc in () at /usr/lib/libreoffice/program/libsfxlo.so #1 0x00007fc59be7d65e in SfxShell::GetSlotState(unsigned short, SfxInterface const*, SfxItemSet*) () at /usr/lib/libreoffice/program/libsfxlo.so #2 0x00007fc54fb0d72e in ScTabViewShell::GetUndoState(SfxItemSet&) () at /usr/lib/libreoffice/program/../program/libsclo.so #3 0x00007fc59be5b5e0 in SfxDispatcher::FillState_(SfxSlotServer const&, SfxItemSet&, SfxSlot const*) () at /usr/lib/libreoffice/program/libsfxlo.so #4 0x00007fc59be5865a in () at /usr/lib/libreoffice/program/libsfxlo.so #5 0x00007fc59be58af2 in () at /usr/lib/libreoffice/program/libsfxlo.so #6 0x00007fc599c8c4c4 in Scheduler::ProcessTaskScheduling() () at /usr/lib/libreoffice/program/libvcllo.so #7 0x00007fc58cda19b9 in () at /usr/lib/libreoffice/program/libvclplug_gtk3lo.so #8 0x00007fc59499ab49 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0 #9 0x00007fc59499af59 in () at /usr/lib/libglib-2.0.so.0 #10 0x00007fc59499afee in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0 #11 0x00007fc58cda2f14 in () at /usr/lib/libreoffice/program/libvclplug_gtk3lo.so #12 0x00007fc599c9b7cf in Application::Yield() () at /usr/lib/libreoffice/program/libvcllo.so #13 0x00007fc599c9cff6 in Application::Execute() () at /usr/lib/libreoffice/program/libvcllo.so #14 0x00007fc59d4a3de2 in () at /usr/lib/libreoffice/program/libsofficeapp.so #15 0x00007fc599ca2258 in () at /usr/lib/libreoffice/program/libvcllo.so #16 0x00007fc599ca2362 in SVMain() () at /usr/lib/libreoffice/program/libvcllo.so #17 0x00007fc59d4cbca9 in soffice_main () at /usr/lib/libreoffice/program/libsofficeapp.so #18 0x00005571a78ac02d in () #19 0x00007fc59d26e223 in __libc_start_main () at /usr/lib/libc.so.6 #20 0x00005571a78ac06e in ()
Created attachment 144774 [details] testcase
Confirmed with Ubuntu 18.04 and LibreOffice Crash report filed here: crashreport.libreoffice.org/stats/crash_details/51e46801-0475-4f37-8d25-6b5c80306a6c
OOPS the test version of LibreOffice is: Version: 6.1.1.1 Build ID: 2718b4a18dfcc6a54ebe5f7b801ee7a47fa81e0c CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk2; Locale: en-US (en_US.UTF-8); Calc: group threaded
Alright bibsect against the 6.1 repository says that the anomaly arrived with commit: id=be48eb2e82a3d8891ee84145567e2b89884f1fd6 return std::unique_ptr from SdrMakeOutliner and some of its callers Change-Id: I121a7810e3e35e76da4ffe5fc5405a7bf86cb66d 17 files changed author: Noel Grandin <noel.grandin@collabora.co.uk> 2018-05-02 13:00:30 +0200 (adding to CC)
(In reply to Drew Jensen from comment #4) > Alright bibsect against the 6.1 repository says that the anomaly arrived > with commit: id=be48eb2e82a3d8891ee84145567e2b89884f1fd6 I do confirm it was introduced by https://cgit.freedesktop.org/libreoffice/core/commit/?id=be48eb2e82a3d8891ee84145567e2b89884f1fd6 Adding Cc: to Noel Grandin Increasing severity as the crash is reproducible in 6.1 branch
Created attachment 144806 [details] gdb bt On pc Debian x86-64 with master sources updated today, I could reproduce this. Notice: warn:legacy.tools:12112:12112:editeng/source/editeng/editdoc.cxx:1157: Index out of range in Adjust(2)
Created attachment 144807 [details] Valgrind trace
Noel Grandin committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=4926b0f348dd1ddf170fe41df0cde4d426ab3b5f tdf#119793 Crash on redo of rectangle movement and text It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in Version: 6.2.0.0.alpha0+ Build ID: b74db4138342f646fda061eac5d6759ecf2c366f CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); Calc: threaded @Noel Grandin, Thanks for fixing this!!
Noel Grandin committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=895c0e9d7a8b67ef7f99b7ccee7c87e9820f16d4&h=libreoffice-6-1 tdf#119793 Crash on redo of rectangle movement and text It will be available in 6.1.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/1b1a9c6c12ebe4cac19e34ff5e4818998bbb2537 tdf#119793: sc_uicalc: Add unittest It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.