Description: Crash undo comparing documents BigPtrArray::Index2Block+0xc8 Steps to Reproduce: 1. download full getting started guide 4.2 and 5.0 from https://wiki.documentfoundation.org/images/0/0f/GS42-GettingStartedLO.odt and https://wiki.documentfoundation.org/images/f/f3/GS50-GettingStartedLO.odt 2. open GS Guide 5.0 in LO 3. select menu Edit - Track Changes - Compare Document 4. select GS Guide 4.2 and wait 5. Press Undo Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Version: 7.1.0.0.alpha0+ (x64) Build ID: 52820b52b3bca45e2db527d1cc5f4488b2e0b9d0 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL
Confirmed on windows 10 x64 with Version: 6.4.5.2 (x64) Build ID: a726b36747cf2001e06b58ad5db1aa3a9a1872d6 CPU threads: 12; OS: Windows 10.0 Build 19041; UI render: default; VCL: win crashreport.libreoffice.org/stats/crash_details/54a579ce-58f6-4092-b395-447becd3c124
Dear Telesto, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Still happens in: Version: 7.5.0.0.alpha0+ / LibreOffice Community Build ID: 1052ec9cff72e2810fdb934a85ab500d3b4ace35 CPU threads: 8; OS: Linux 5.4; UI render: default; VCL: gtk3 Locale: hu-HU (hu_HU.UTF-8); UI: hu-HU Calc: threaded Debug build console shows: soffice.bin: /home/gabor/src/core/sal/rtl/strtmpl.hxx:1012: void rtl::str::newFromSubString(IMPL_RTL_STRINGDATA**, const IMPL_RTL_STRINGDATA*, sal_Int32, sal_Int32) [with IMPL_RTL_STRINGDATA = _rtl_uString; sal_Int32 = int]: Assertion `false' failed. Same assert as in bug 140605 now. May or may not be the same source, so not duplicating yet.
With 7.5.2.2, crash report after following all steps: https://crashreport.libreoffice.org/stats/crash_details/4d2620b0-e8e4-45e3-b4a2-832d2c618dab Version: 7.5.2.2 (X86_64) / LibreOffice Community Build ID: 53bb9681a964705cf672590721dbc85eb4d0c3a2 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded OOo 3.3 already crashed on same steps. Before getting to step 5 ("Press undo"), with a recent debug build of master, I got an assert: warn:sw:391144:391144:sw/source/core/doc/docbm.cxx:1946: trying to sent content index, but point node is not a content node soffice.bin: /home/tdf/lode/jenkins/workspace/lo_gerrit/tb/src_master/sw/source/core/txtnode/ndhints.cxx:313: bool SwpHints::Check(bool) const: Assertion `pHt->IsFormatIgnoreStart()' failed.
Still reproduced in: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ef9e1116d1100af50d7b74dcee5155c81b7b50fb CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded This is actually reproducible with small documents, I'll attache a new sample.
Created attachment 192702 [details] smaller reproducer files With this two smaller files, following the same steps, I get the same crash signature BigPtrArray::Index2Block(int) const https://crashreport.libreoffice.org/stats/crash_details/88f94bc4-0d0c-4f71-a0bb-6f11b8aeae41 Version: 7.6.4.1 (X86_64) / LibreOffice Community Build ID: e19e193f88cd6c0525a17fb7a176ed8e6a3e2aa1 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Recent trunk build also crashes: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ef9e1116d1100af50d7b74dcee5155c81b7b50fb CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded
With debug build, same assert as in comment 3: warn:xmloff:327703:327703:xmloff/source/text/txtparai.cxx:358: unknown attribute http://www.w3.org/1999/xlink xlink:type value=simple warn:legacy.osl:327703:327703:sw/source/core/unocore/unoobj2.cxx:1354: no parent text? warn:legacy.osl:327703:327703:sw/source/core/unocore/unoobj2.cxx:1354: no parent text? warn:legacy.osl:327703:327703:sw/source/core/unocore/unoobj2.cxx:1354: no parent text? warn:sw:327703:327703:sw/source/core/doc/DocumentRedlineManager.cxx:111: redline table corrupted: overlapping redlines warn:sw.core:327703:327703:sw/source/core/attr/calbck.cxx:196: a 12SwCharFormat client added as listener to a 12SwCharFormat during client iteration. warn:legacy.tools:327703:327703:sfx2/source/control/request.cxx:421: Set Return value multiple times? soffice.bin: /home/tdf/lode/jenkins/workspace/lo_gerrit/tb/src_master/sal/rtl/strtmpl.hxx:890: void rtl::str::newFromSubString(rtl_tString**, const rtl_tString*, sal_Int32, sal_Int32) [with rtl_tString = _rtl_uString; sal_Int32 = int]: Assertion `false' failed. warn:desktop:327703:327703:desktop/source/app/crashreport.cxx:61: minidump generated: /home/stragu/.config/libreofficedev/4/crash//021915f6-fdfa-4ef1-85f03393-4a120c45.dmp soffice.bin: /home/tdf/lode/jenkins/workspace/lo_gerrit/tb/src_master/include/rtl/ustring.hxx:2246: std::u16string_view rtl::OUString::subView(sal_Int32, sal_Int32) const: Assertion `count >= 0' failed.
Created attachment 192703 [details] crash minidump