In Draw and Impress, if I select some text and click the "Text direction from top to bottom" toolbar icon, the application crashes. Steps to Reproduce: 1. Open Impress, hit Cancel if the choose template dialog opens. 2. Type in "abc" in the "Click to add Title" area, select the typed text "abc" with your cursor. 3. Click "View > Toolbars > Text Formatting" to activate the text formatting toolbar, move the toolbar to a new row so that you can see the "Text direction from top to bottom" toolbar icon. 4. Click the "Text direction from top to bottom" icon. --> Crash at step 4. Gdb backtrace attached (generated from a symbols-only debug build). Version: 7.0.0.0.alpha0+ Build ID: f0c8312bc6630ed64f174acc6f65bb5172765951 CPU threads: 4; OS: Linux 5.5; UI render: default; VCL: gtk3; Locale: zh-CN (zh_CN.UTF-8); UI-Language: en-US Calc: threaded Fedora 31 x64. Also on the latest master, and in 6.3.5.2. This bug was originally reported by "grassvalley" in the LibreOffice Chinese discussion forum: https://bbs.libreofficechina.org/forum.php?mod=viewthread&tid=2426 The reporter has reported that this bug is also reproducible in Ubutnu 19.10 X64, including the version provided by Ubuntu and also the appimage version. Also reproducible in windows10 x64.
Created attachment 158983 [details] gdb backtrace
I set this to NEW as it was reported by another use and I can confirm independently, and provided a backtrace.
Created attachment 159006 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this.
pOLV declared and initialized with: 118 OutlinerView* pOLV = mpView->GetTextEditOutlinerView(); (see https://opengrok.libreoffice.org/xref/core/sd/source/ui/view/drtxtob1.cxx?r=b39c0877#118) is invalid after: 418 mpView->SdrEndTextEdit(); bt: #0 SdrObjEditView::SdrEndTextEdit(bool) (this=0x34e8cf0, bDontDeleteReally=false) at svx/source/svdraw/svdedxv.cxx:1602 #1 0x00007fffdc430981 in sd::View::SdrEndTextEdit(bool) (this=0x34e8cf0, bDontDeleteReally=false) at sd/source/ui/view/sdview.cxx:742 #2 0x00007fffdc380232 in sd::TextObjectBar::Execute(SfxRequest&) (this=0x86c16a0, rReq=...) at sd/source/ui/view/drtxtob1.cxx:418
I gave a try with https://gerrit.libreoffice.org/c/core/+/91078 Kevin: I put you in reviewer of this one.
Julien Nabet committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/83ae778d2e7350a15db2f8fbfde7521ab905d0aa tdf#131571: fix crash when clicking the "Text direction from top to bottom" It will be available in 7.0.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
(In reply to Commit Notification from comment #6) Julien: Thank you for the fix. I assume you will backport the fix to libreoffice-6-3 and libreoffice-6-4 branch as well.
Here are the patches waiting for review: - 6.4: https://gerrit.libreoffice.org/c/core/+/91115 - 6.3: https://gerrit.libreoffice.org/c/core/+/91116
Verified fixed on master.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-6-4": https://git.libreoffice.org/core/commit/8daf9336b0991d756c8fe2eeea6543bfeb8ce245 tdf#131571: fix crash when clicking the "Text direction from top to bottom" It will be available in 6.4.4. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/commit/6677c1e6aa3465bc4eb39897447391ac1ac0a0eb tdf#131571: fix crash when clicking the "Text direction from top to bottom" It will be available in 6.3.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.