Description: If we delete the text frame from the attached document in LibreOffice Writer, LibreOffice crashes. The earliest version of LibreOffice we were able to reproduce the bug was LibreOffice 3.6.0.4 (Build ID: 932b512). LibreOffice 3.5.0rc3 (Build ID: 7e68ba2-a744ebf-1f241b7-c506db1-7d53735) rendered the text frame as a narrow and tall rectangle, but deleting it didn't cause crash. Steps to Reproduce: 1. Open the attached DOCX file; 2. Select the red text frame and delete it by pressing Del – alternatively, you can use the Navigator to delete the object. Actual Results: LibreOffice crashes when we attempt to delete the text frame from the document. Expected Results: LibreOffice should just delete the text frame without crashing. Reproducible: Always User Profile Reset: No Additional Info: LibreOffice details: Version: 6.3.0.0.alpha0+ (x64) Build ID: ed6a71eafa61bade50219d2ff6233a42ab6d1c17 CPU threads: 4; OS: Windows 6.3; UI render: GL; VCL: win; TinderBox: Win-x86_64@42, Branch:master, Time: 2019-03-28_01:15:23 Locale: hu-HU (hu_HU); UI-Language: en-US Calc: threaded
Created attachment 150360 [details] The file with the frame that causes the crash
Created attachment 150361 [details] A screenshot showcasing the crash
Reproduced in Version: 6.3.0.0.alpha0+ Build ID: e74de110d16c95414fac7541c8fe6541d4597113 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded
Also reproduced in Version 4.1.0.0.alpha0+ (Build ID: efca6f15609322f62a35619619a6d5fe5c9bd5a)
Created attachment 150366 [details] gdb backtrace
The content of attachment 150366 [details] has been deleted for the following reason: unreadable file
Created attachment 150367 [details] gdb backtrace
Created attachment 150377 [details] console logs + bt On pc Debian x86-64 with master sources updated today, I could reproduce this.
I get two different crash signatures. 1. If the text mark is deleted from the navigator -> SwFlyFrame::InsertColumns() 2. If the text frame is deleted placing the cursor before it + del + undo -> BigPtrArray::Index2Block(unsigned long)
Regression introduced in range https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=1cdb792368ed26d58828eead2848422e7dec4c7d..77987eacff20dec40caf29aae61d262239d441e9
One of these commits look like a good candidate -> https://cgit.freedesktop.org/libreoffice/core/log/sw/source/core?qt=range&q=1cdb792368ed26d58828eead2848422e7dec4c7d..77987eacff20dec40caf29aae61d262239d441e9
(In reply to Xisco Faulí from comment #11) > One of these commits look like a good candidate -> > https://cgit.freedesktop.org/libreoffice/core/log/sw/source/ > core?qt=range&q=1cdb792368ed26d58828eead2848422e7dec4c7d.. > 77987eacff20dec40caf29aae61d262239d441e9 Hi Noel, I'm wondering if this crash might be caused by one of your refactors mentioned in the link above...
Noel - Xisco raised this in the ESC last week; any thoughts ?
It's definitely a lifetime issue, we have a nullptr inside a unique_ptr here, but I have no idea how to fix it - I mean, I could fix by checking for nullptr in this specific place, but possibly the SwNodeIndex is not supposed to have a nullptr, and should be removed somewhere else?
Still reproducible in Version: 6.4.0.0.alpha0+ Build ID: 0d36b32755ac662299e6a8165e9fa57311b74a2f CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Michael Stahl, I thought you might be interested in this issue..
The issue was fixed by https://cgit.freedesktop.org/libreoffice/core/commit/?id=81112d875f1c29f1244e7f283f90d56cfbe5b5b4 @Michael Stahl, thanks for fixing this issue!! Closing as VERIFIED FIXED
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/d49df68ec4807f31df4fb3cdaa0448405ef40a29 tdf#124397: sw: Add unittest It will be available in 7.0.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.