Description: BigPtrArray::Index2Block undo crash Steps to Reproduce: 1. Open attachment 94362 [details] from bug 75208, 2. CTRL+A 3. CTRL+N 4. CTRL+V 5. CTRL+Z Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Found in 7.1 and in 4.4.7.2 but not in 3.5.7.2
Bibisected with Linux 44max to https://git.libreoffice.org/core/+/b4ccde72b8e2e45e7276d5b08b182495a1b1a617%5E!/ Copy first-header-footer test from ww8 to ooxml Adding Cc: to Luke Deller Repro step between 2 and 3 should be "CTRL+C"
Created attachment 162150 [details] GDB trace of crash Arch Linux 64-bit Version: 7.1.0.0.alpha0+ Build ID: ad0351b84926075297fb74abbe9b31a0455782af CPU threads: 8; OS: Linux 5.7; UI render: default; VCL: kf5 Locale: fi-FI (fi_FI.UTF-8); UI: en-US Calc: threaded Built on 17 June 2020
Created attachment 162153 [details] minimal reproducer
For the record, I can't reproduce it in Version: 6.3.0.0.alpha1+ Build ID: c98b1f1cd43b3e109bcaf6324ef2d1f449b34099 CPU threads: 4; OS: Linux 4.19; UI render: default; VCL: gtk3; Locale: en-US (en_US.UTF-8); UI-Language: en-US Calc: threaded so I do believe the issue was fixed at some point between the commit in commit 1 and c98b1f1cd43b3e109bcaf6324ef2d1f449b34099. Later, this issue was reintroduced, likely related to bug 134107 or bug 129805 @Telesto, when checking with older versions, please test with other versions in between. LibreOffice 4.4.7 was released more than 5 years ago, which is a huge window of time
(In reply to Xisco Faulí from comment #4) > @Telesto, when checking with older versions, please test with other versions > in between. LibreOffice 4.4.7 was released more than 5 years ago, which is a > huge window of time Indeed, apologies to Luke for the noise. The first hint of badness in Linux 6.4 line is a crash upon quitting. Blamed commit: https://git.libreoffice.org/core/+/5ba30f588d6e41a13d68b1461345fca7a7ca61ac%5E!/ Later in Linux 6.4 repo it morphed to crashing already in the copying step. Appeared in range: https://git.libreoffice.org/core/+log/4dc1615c80e8e66d339dc86fa95bbc76e884d988..d9030ad6298e2f49ee63489d6158ea6ad23c0111 Finally, it became what it is today in Linux 6.5 repo with the commit https://git.libreoffice.org/core/+/cf226535f9903a048b1c105b180ae3a50a776e68%5E!/ tdf#129805 writerfilter: fix import of nested generic field Adding Cc: to Michael Stahl
this crashes because: during pasting, SwUndoInserts is created first, then SwUndoInsLayFormat is created for flys anchored in a footer from a page style referenced by a page break on some text node, then SwUndoInserts::SetInsertRange() is called. on Undo, first SwUndoInsLayFormat deletes the flys, then SwUndoInserts has wrong node indexes. this is not a regression, can repro it in LO 5.2 and OOo 3.3. what changed in LO 6.4 is that apparently the flys anchored in the footer are imported now, when previously they weren't.
Created attachment 162590 [details] minimal reproducer
*** Bug 134434 has been marked as a duplicate of this bug. ***
Changing to Inherit from OOo based on comment 6
No crash.. with Version: 7.2.0.0.alpha0+ (x64) Build ID: f2171af6ce3516598d9f8bac8294025a21a5b1a2 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: default; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL However the: page break is gone with paste (which might have fixed this, but obviously not as it should be)
(In reply to Telesto from comment #10) > However the: page break is gone with paste (which might have fixed this, but > obviously not as it should be) It should have checked first.. the lacking page break was an already an issue before.. so unrelated
issue fixed by author Michael Stahl <Michael.Stahl@cib.de> 2020-12-10 11:22:13 +0100 committer Michael Stahl <michael.stahl@cib.de> 2020-12-10 13:34:32 +0100 commit b4365b985178e1866c74afd757a104aad1d405a9 (patch) tree 7aac322e0e1ef31e80127f46fdd414a872430251 parent 5dbb0403b6f814129983963f5fea02208995270a (diff) tdf#134626 sw: fix UBSan warning about deleted SwTextFormatColl @Michael Stahl, thanks for fixing this issue!!
*** Bug 134107 has been marked as a duplicate of this bug. ***
*** Bug 136626 has been marked as a duplicate of this bug. ***
*** Bug 135167 has been marked as a duplicate of this bug. ***
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/d01fb1a86ead0ce6441906838878835b299a3dfb tdf#134101, tdf#134626 sw: fix UBSan warning about deleted SwTextFormatColl It will be available in 7.1.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 136542 has been marked as a duplicate of this bug. ***