128736 – CRASH: Moving content to 2 page and undoing

Bug 128736 - CRASH: Moving content to 2 page and undoing

Summary: CRASH: Moving content to 2 page and undoing

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	6.4.0.0.alpha1+
Hardware:	All All

Importance:	medium normal
Assignee:	Miklos Vajna

URL:
Whiteboard:	target:6.5.0 target:6.4.0.1
Keywords:	bibisected, bisected, haveBacktrace, regression

Depends on:
Blocks:

Reported:	2019-11-12 09:46 UTC by Xisco Faulí
Modified:	2019-11-18 09:30 UTC (History)
CC List:	3 users (show)

See Also:
Crash report or crash signature:

Attachments
bt Windows (windbg) (113.05 KB, text/plain) 2019-11-12 13:29 UTC, Julien Nabet	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xisco Faulí 2019-11-12 09:46:33 UTC

Steps to reproduce:
1. Open attachment 150599 [details] from bug 124602
2. Place cursor before 'Fakultät XXX  Der Dekan'
3. Using the into key, move content until the line is on page 2
4. Undo everything holding Ctrl + Z

-> Crash

Reproduced in

Version: 6.4.0.0.alpha1+
Build ID: fea5c10e222b10d83e0081dc1d1b2e678689d250
CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US
Calc: threaded

[Bug found by mass-uitesting]

Comment 1 Xisco Faulí 2019-11-12 09:47:32 UTC

Regression introduced by:

https://cgit.freedesktop.org/libreoffice/core/commit/?id=61cf196631a2a846e0d3b8b83c0805cf4d1d14b2

author	Miklos Vajna <vmiklos@collabora.com>	2019-10-25 17:40:02 +0200
committer	Miklos Vajna <vmiklos@collabora.com>	2019-10-25 20:24:05 +0200
commit 61cf196631a2a846e0d3b8b83c0805cf4d1d14b2 (patch)
tree c56b462e947b89821a1577553769f91861c022ce
parent df9672b1fada6fc847bfa4c8a8f016fb2af6a7b5 (diff)
sw ContinuousEndnotes: fix moving them to the previous page

Bisected with: bibisect-linux64-6.4

Adding Cc: to Miklos Vajna

Comment 2 Julien Nabet 2019-11-12 13:29:36 UTC

Created attachment 155745 [details]
bt Windows (windbg)

On Win10 with master sources updated today, I could reproduce this.

Comment 3 Commit Notification 2019-11-15 15:41:17 UTC

Miklos Vajna committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/0e0bad1a6a3affa2b3fd82cc3834ae03ea7bc1d5

tdf#128736 sw ContinuousEndnotes: fix use-after-free on text frame join

It will be available in 6.5.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 4 Commit Notification 2019-11-15 19:02:18 UTC

Miklos Vajna committed a patch related to this issue.
It has been pushed to "libreoffice-6-4":

https://git.libreoffice.org/core/commit/8dc47cf00f1b50dd50f2eb9557c6ff3501d55daf

tdf#128736 sw ContinuousEndnotes: fix use-after-free on text frame join

It will be available in 6.4.0.1.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 5 Xisco Faulí 2019-11-18 09:30:54 UTC

Verified in

Version: 6.4.0.0.beta1+
Build ID: c2097477e3a43d75c170a6f7a5daf5dcb2169329
CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US
Calc: threaded

@Miklos, thanks for fixing this issue!!