1. Open an empty calc document 2. go to Tools > Language > Hangul/Hanja Conversion tested in Version: 6.3.0.0.beta1+ Build ID: 4904391e125eb66304a5c029def8d4c1a150952d CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: en-US (en_US.UTF-8); UI-Language: en-US Calc: threaded Version: 6.4.0.0.alpha0+ Build ID: 6b888ac476fe6ac2ee96c7086cb8c24249f08473 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk2; Locale: en-US (en_US.UTF-8); UI-Language: en-US Calc: threaded
It crashes under the following circumstances: 1. Open LibreOffice ( not calc ) 2. From the start center, open Calc 3. Go to Tools > Language > Hangul/Hanja Conversion Regression introduced by: author Kohei Yoshida <kohei.yoshida@collabora.com> 2017-02-28 17:52:10 -0500 committer Kohei Yoshida <libreoffice@kohei.us> 2017-03-01 00:07:25 +0000 commit 10077a06d8f6d08f276f99024528ee31a57390a9 (patch) tree ce5a669a90878ee685c071bc2502822ca74faaba parent 4f762202f647976ffd80c23bacada8401d633001 (diff) Revert my fix for tdf#71409, to hopefully fix tdf#104381. Bisected with: bibisect-linux-64-5.4 @Caolán, I thought you might be interested in this issue...
it doesn't crash with gen env
I think It's Korean features, So I add CJK-Korean Meta issue tdf#113196 .
I was able to reproduce it, its an accessibility related crash, gtk2 and gtk3 have working accessibility while gen doesn't
sc/source/ui/view/viewfun4.cxx:575 of DoSheetConversion the pEngine.reset() seems to be where the editengine is destroyed that is later used-after-delete causing the crash in a11y
https://gerrit.libreoffice.org/#/c/74378/ is my effort here
Created attachment 152296 [details] bt with debug symbols (gtk3) On pc Debian x86-64 with master sources updated today, I could reproduce this. I had to use gdb --pid=$(pidof soffice.bin) method since I couldn't reproduce this by using "make debugrun"
Also, I noticed a lot of these: warn:svx:15746:15746:svx/source/accessibility/AccessibleTextHelper.cxx:1356: DBG_UNHANDLED_EXCEPTION in virtual void accessibility::AccessibleTextHelper_Impl::Notify(SfxBroadcaster&, const SfxHint&) exception: com.sun.star.uno.RuntimeException message: Text forwarder is invalid, model might be dead context: ScAccessibleEditObject
Created attachment 152297 [details] bt from throw
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/cf13e1ddef974fb929916a9a4a54f37188b10389%5E%21 tdf#125982 a11y use-after-free of editengine It will be available in 6.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
That seems to work, hopefully without horrific sideeffects. Will risk 6-4 backport, but no further.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/+/b4e1b145ff9cccd4d91798c5da2e32ffa9b267ec%5E%21 tdf#125982 a11y use-after-free of editengine It will be available in 6.3.0.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 125985 has been marked as a duplicate of this bug. ***
Verified in Version: 6.4.0.0.alpha0+ Build ID: 9712f5d2316fa469b92f2f8092925e2cd4e8dd5b CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Caolán, thanks for fixing this issue!