Description: A crash occurs while dragging a button over a "frozen" spreadsheet row under certain circumstances. This happens every time with the attached spreadsheet ("crash.ods"), if a (unrelated) group of buttons is first un-grouped. Somehow the act of un-grouping the group makes a later button-drag crash. FWIW, the group is a compound group created by grouping a row of buttons, then selecting that group and another button and grouping the combination. The demo was derived from a production spreadsheet developed using earlier LO versions, so the crash might be due to backwards-compatibility issues (just guessing). Steps to Reproduce: 1. Open attached spreadsheet "crash.ods" (Disable macros if prompted) 2. View->Toolbars->Form Design: Checked 3. In the floating Form Design toolbar, click the icon to enter Design Mode 4. Click in the YELLOW button, to select the large group 5. Rightclick->Group->Ungroup 6. Click somewhere else (de-selects the buttons) 7. Drag the GREEN button down towards the large group (crash occurs when it passes the frozen row) Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Version: 6.2.0.0.alpha1 Build ID: ff46ad24d1d3cbcea45895520483ed1fd4ff488b CPU threads: 12; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: en-US (en_US.UTF-8); Calc: threaded
Created attachment 146515 [details] crash.ods See "STEPS TO REPRODUCE"
I can reproduce it in Version: 6.2.0.0.alpha1+ Build ID: 0f68e45e2ec6b9fa8c562044e88355d95af0347d CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded STR: 1. Open attached document 2. Click on the yellow button -> Form Design toolbar appears 3- Right click on the yellow button - ungroup 4. Scroll the spreadsheet horizontally. -> Crash!
Regression introduced by: https://cgit.freedesktop.org/libreoffice/core/commit/?id=57082b1243e86694b72c5e4fad013bf207bfe81a author Luke Deller <luke@deller.id.au> 2013-04-27 21:06:11 (GMT) committer David Tardon <dtardon@redhat.com> 2013-04-28 11:52:12 (GMT) commit 57082b1243e86694b72c5e4fad013bf207bfe81a (patch) tree 2e461c166beecb5b569c966a2aeceb90995a4b85 parent 2094610175140023cf8f904f8506c189e36dec06 (diff) fdo#60910: discard UNO shape object in SdrObject::SetPage The creation of the UNO shape in SdrObject::getUnoShape is influenced by pPage, so when the page changes we need to discard the cached UNO shape so that a new one will be created with the new page. This replaces my first shot at a fix for fdo#60910 which reinstated a line to discard the custom shape engine (and consequently the UNO shape) in SdrObjCustomShape::InvalidateRenderGeometry. That worked but did more discarding than was necessary. Bisected with: bibisect-41max and reverted locally as well. Adding Cc: to Luke Deller
Created attachment 146523 [details] console logs + bt On pc Debian x86-64 with master sources updated today, I could reproduce this.
no repro with Version: 6.1.3.2 (x64) Build ID: 86daf60bf00efa86ad547e59e09d6bb77c699acb CPU threads: 4; OS: Windows 10.0; UI render: default; Locale: de-DE (de_DE); Calc: Linux only?
Crash still happens on Linux with master just downloaded. Version: 6.2.0.0.alpha1+ Build ID: 72e6269b88a32a672e00d2c25f0d0400038d1360 CPU threads: 12; OS: Linux 4.15; UI render: default; VCL: gtk3; TinderBox: Linux-rpm_deb-x86_64@86-TDF, Branch:master, Time: 2018-11-14_19:34:46 Locale: en-US (en_US.UTF-8); UI-Language: en-US Calc: threaded
Still reproduced in Version: 6.3.0.0.alpha0+ Build ID: 00df4a5ae395607eab1f83aacfc1fb05eb93ecc9 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Caolán, since you fixed bug 112696, I thought you might be interested in this issue...
Dear Jim Avera, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Still crashes in master. Actually, it seems like a new crash which happens sooner -- the moment the group is "ungrouped". Thread 1 gets "SIGABRT" in __GI_raise (uncaught exception??). I will attach a gdb trace (sorry, no symbols). Revised STEPS TO REPRODUCE: 1. Open the attached "crash.ods" file (Disable macros if prompted) 2. View->Toolbars->Form Design (checked) 3. Click the 'Designe Mode' icon (green drafting square and pencil in icon) 4. Click on the yellow button Rightclick->ungroup (crashes) Version: 7.1.0.0.alpha0+ Build ID: 656fd1ec9123de5dbeecb8db4de5254b05c21e76 CPU threads: 12; OS: Linux 5.4; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US TinderBox: Linux-rpm_deb-x86_64@86-TDF, Branch:master, Time: 2020-07-07_00:08:54 Calc: threaded
Created attachment 163145 [details] gdbtrace.log -- see Comment #9
What I see is an uncaught exception from the accessibility stack. Which would fit with the reported platforms being gtk3 where a11y is basically always on.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/c5ff4cbd0192773c6503d54325de01abda7e9fa5 tdf#121323 avoid fatal exception with a11y enabled It will be available in 7.1.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/4e4de8935f38b781374ca34408bd3c57c3cdb69f tdf#121323 avoid assert about duplicate listeners It will be available in 7.1.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-0": https://git.libreoffice.org/core/commit/6a842d1c079ff88e5616d05ec151b647acc25b6e tdf#121323 avoid fatal exception with a11y enabled It will be available in 7.0.3. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Confirming fixed in Master. Thanks for tracking this down! Version: 7.1.0.0.alpha0+ Build ID: 8ea4feee03542c767e0b26beb888b63bc653878d CPU threads: 12; OS: Linux 5.4; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US TinderBox: Linux-rpm_deb-x86_64@86-TDF, Branch:master, Time: 2020-09-22_18:13:30 Calc: threaded
Assuming this should be marked as fixed since all backports are done, and OP confirmed the fix. (I have also confirmed both the crash in 6.4.7 and the fix in 7.2+.)