This bug was filed from the crash reporting server and is br-7209037a-74b6-435c-8086-f00e0db5be89. ========================================= 1. Open attachment 149305 [details] from bug 123477 2. Select D14:D16 3. Open Formula Wizard (Ctrl+F2) => Crash. Tested with Version: 6.2.1.1 (x64) Build ID: 757c58e8cb70b2982843211a54750fb3cd79acd5 CPU threads: 12; OS: Windows 10.0; UI render: GL; VCL: win; Locale: ru-RU (ru_RU); UI-Language: en-US Calc: threaded
Repro Version: 6.3.0.0.alpha0+ Build ID: e0745a11597e5d57eb8001a295314e86810a6027 CPU threads: 4; OS: Windows 6.3; UI render: default; VCL: win; TinderBox: Win-x86@42, Branch:master, Time: 2019-02-12_04:16:22 Locale: nl-NL (nl_NL); UI-Language: en-US Calc: CL not with Versie: 4.4.7.2 Build ID: f3153a8b245191196a4b6b9abd1d0da16eead600 Locale: nl_NL
Reproduced in Version: 5.2.0.0.alpha0+ Build ID: 3ca42d8d51174010d5e8a32b96e9b4c0b3730a53 Threads 4; Ver: 4.15; Render: default; but not in Version: 5.0.0.0.alpha1+ Build ID: 0db96caf0fcce09b87621c11b584a6d81cc7df86 Locale: ca-ES (ca_ES.UTF-8) it needs to be bisected on windows with 5.1 repo
Regression from https://git.libreoffice.org/core/+/ec97496525f82ffaf7eea65eb76462100fa66092
Just selecting D14 to D15 reproduces a crash. Maybe there is a lifetime problem of rtl::Reference<ScPoolHelper> mxPoolHelper; the log says soffice.bin: /tinderbox/buildslave/source/libo-master/include/rtl/ref.hxx:177: reference_type* rtl::Reference<reference_type>::operator->() const [with reference_type = ScPoolHelper]: Assertion `m_pBody != __null' failed. warn:desktop:31889:31889:desktop/source/app/sofficemain.cxx:82: minidump generated: Reproduced in master_dbg~2019-02-24_12.48.43_LibreOfficeDev_6.3.0.0.alpha0_Linux_x86-64_archive.tar.gz
I'll have a look during the weekend.
https://gerrit.libreoffice.org/#/c/69161/
Luboš Luňák committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/ade1df0948563b532a5d293c31d46a4f042559ee%5E%21 avoid a crash with an editor-forced matrix formula (tdf#123479) It will be available in 6.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified in Version: 6.3.0.0.alpha0+ Build ID: 705558aa455403cd006993f95b5b13981fdb3483 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Luboš Luňák, thanks for fixing this issue!
I've tried to backport it to libreoffice-6-1 but there's a merge conflict I can't resolved myself. @Luboš Luňák, should we backport it or just leave it in master/6.2 ?
Luboš Luňák committed a patch related to this issue. It has been pushed to "libreoffice-6-2": https://git.libreoffice.org/core/+/e68e9b2d61376b989bd4f61d38b7e06d0ee591cb%5E%21 avoid a crash with an editor-forced matrix formula (tdf#123479) It will be available in 6.2.3. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Zdeněk Crhonek committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/e0656101ac92a37855b1302a6db19b91a5b8c149%5E%21 uitest for bug tdf#123479 It will be available in 6.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.