Description: Crash swlo!SwRedlineData::SetSeqNo+0xf26: Steps to Reproduce: 1. Open the attached file 2. Scroll to last page 3. Hold backspace until somewhere on the first page 4. Press and hold CTRL+Z 5. Press and hold CTRL+Y 6. Press and hold CTRL+Z (crash) Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Version: 7.1.0.0.alpha0+ (x64) Build ID: abcc4eb907661e07ad850ccce7eb06f129da4286 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: default; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL
Created attachment 165697 [details] Example file
Created attachment 165698 [details] Screencast
Bug 136904 is hopefully a duplicate of this one
(In reply to Telesto from comment #0) > Description: > Crash swlo!SwRedlineData::SetSeqNo+0xf26: > > Steps to Reproduce: > 1. Open the attached file > 2. Scroll to last page > 3. Hold backspace until somewhere on the first page > 4. Press and hold CTRL+Z > 5. Press and hold CTRL+Y > 6. Press and hold CTRL+Z (crash) To be clear, 3 page after "C"
Still happens with: Version: 7.2.0.0.alpha0+ (x64) Build ID: 59301a1cadd87a63276650975252d14e8477e632 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win Locale: hu-HU (hu_HU); UI: en-US Calc: CL Seems to have started with: https://cgit.freedesktop.org/libreoffice/core/commit/?id=14e87a4b15d31a34e6053f6194688f3aa23af991 author Michael Stahl <Michael.Stahl@cib.de> 2020-07-24 19:41:29 +0200 committer Michael Stahl <michael.stahl@cib.de> 2020-07-27 11:17:17 +0200 tdf#133967 sw_redlinehide: fix redline deletion of table containing redlines Before this commit the same steps in the bibisect-7.1 repo crashed with: 0x00007FFE6CD75FD8 (0x0000009EE43BA010 0x0000009EDA1A6490 0x0000009EE3589C18 0x00007FFE6CD75B00), ?Index2Block@BigPtrArray@@IEBAG_K@Z() + 0xC8 bytes(s) 0x00007FFE6CD75B0E (0x0000009EE3589BA0 0x0000009ED5F9E9F0 0x0000009ED5F9E979 0x0000000000000000), ??ABigPtrArray@@QEBAPEAVBigPtrEntry@@_K@Z() + 0x1E bytes(s) 0x00007FFE6CEFEA1B (0x0000009EE4127A90 0x0000000000000000 0x0000000000000000 0x0000000000000000), ?SetSeqNo@SwRedlineData@@QEAAXG@Z() + 0xFCB bytes(s) 0x00007FFE6D28F6E2 (0x0000000000000001 0x0000009ED5F9EB60 0x0000009EEE124910 0x0000000000000000), ?IsInWriterfilterImport@SwDoc@@QEBA_NXZ() + 0x2B22 bytes(s) 0x00007FFE961FAD55 (0x0000009EEE124910 0x0000009EE4B16E50 0x0000000000000001 0x0000009EE43BA010), ?UndoWithContext@SfxListUndoAction@@UEAAXAEAVSfxUndoContext@@@Z() + 0x55 bytes(s) 0x00007FFE961F98C5 (0x0000009EE4ED7038 0x0000009EDA2F3460 0x0000009EE4AE86B0 0x0000009EE4B16E50), ?ImplUndo@SfxUndoManager@@AEAA_NPEAVSfxUndoContext@@@Z() + 0x145 bytes(s) 0x00007FFE6D276B5B (0x0000009EE4127A90 0x0000009EE4ED7000 0x0000000000000001 0x0000009EDA2F3460), ??0SwRewriter@@QEAA@$$QEAV0@@Z() + 0x4DEB bytes(s) 0x00007FFE6D02CD6E (0x0000009EDA2F3460 0x0000009EDA2F3400 0x0000000000000000 0x0000000000000001), ?Undo@SwEditShell@@QEAAXG@Z() + 0x13E bytes(s) 0x00007FFE6D83BEFD (0x0000009EDA2F3460 0x0000000000001645 0x0000000000000001 0x0000000000000000), ?Do@SwWrtShell@@QEAAXW4DoType@1@G@Z() + 0x8D bytes(s) 0x00007FFE6D6E1437 (0x0000009ED9021645 0x00007FFE00000001 0x0000000000000000 0x0000000000000000), ?ExecUndo@SwBaseShell@@QEAAXAEAVSfxRequest@@@Z() + 0x1B7 bytes(s)
(In reply to NISZ LibreOffice Team from comment #5) > Seems to have started with: > [...] > > Before this commit the same steps in the bibisect-7.1 repo crashed with: Actually, before the following commit there isn't even a crash, thus I would consider that the real starting point, bibisected using repo bibisect-linux-64-6.3. Adding CC: to László Németh. https://cgit.freedesktop.org/libreoffice/core/commit/?id=2de1fd7d8b8bd42c66190140cc4506df0c3367f1 author László Németh <nemeth@numbertext.org> 2019-05-10 16:36:10 +0200 committer László Németh <nemeth@numbertext.org> 2019-05-11 13:09:32 +0200 tdf#125187 DOCX track changes: fix w:del within w:ins
Still crashing with Version: 7.2.0.0.alpha1+ (x64) / LibreOffice Community Build ID: 239b4bb27fd8db26e8416045b3015688a8b1b0ae CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL
(In reply to Aron Budea from comment #6) > (In reply to NISZ LibreOffice Team from comment #5) > > Seems to have started with: > > [...] > > > > Before this commit the same steps in the bibisect-7.1 repo crashed with: > Actually, before the following commit there isn't even a crash, thus I would > consider that the real starting point, bibisected using repo > bibisect-linux-64-6.3. Adding CC: to László Németh. > > https://cgit.freedesktop.org/libreoffice/core/commit/ > ?id=2de1fd7d8b8bd42c66190140cc4506df0c3367f1 > author László Németh <nemeth@numbertext.org> 2019-05-10 16:36:10 +0200 > committer László Németh <nemeth@numbertext.org> 2019-05-11 13:09:32 +0200 > > tdf#125187 DOCX track changes: fix w:del within w:ins Reverting this, moreover, also its preceding patch, doesn't solve the problem. I'll attach a simplified test file, where backspace, Ctrl-Z, Ctrl-Y crashes LibreOffice immediately. Interestingly, deletion of the problematic comment doesn't update the place of its frame, leaving a gray box.
Created attachment 173161 [details] simplified test file
Created attachment 173162 [details] backtrace
Crash report in 7.1.4: https://crashreport.libreoffice.org/stats/crash_details/0492db96-aaa7-46e9-a86e-074a89ec7aae
For some reason I'm not getting a crash with the given steps in the bibisect builds (linux-64-7.2) since the following commit (seems completely unrelated): https://cgit.freedesktop.org/libreoffice/core/commit/?id=a3a203b7c697a38d4f79877d6b5c1423fa52f2d8 At the same time, a current main debug build still crashes with the steps.
I'm having issues reproducing comment 0 and comment 9 with my debug build I can get an assert if start modifying comment 0 1. Open attachment 165697 [details] 2. Scroll to last page 3. Hold backspace until somewhere on the first page 4. Press and hold CTRL+Z 5. Press and hold CTRL+Y 6. Press and hold CTRL+Z 7. Press and hold CTRL+Y 8. Press and hold CTRL+Z Assertion failed: (!pAttr->GetEnd() || (*pAttr->GetEnd() <= Len())), function InsertHint, file thints.cxx, line 1340. I don't get anything with comment 9. Except changing the step: bug 149359 (different assert) Version: 7.4.0.0.alpha1+ / LibreOffice Community Build ID: 62531ec1091c7b3f6a3577889a18234790ec716d CPU threads: 8; OS: Mac OS X 12.3.1; UI render: Skia/Metal; VCL: osx Locale: nl-NL (nl_NL.UTF-8); UI: en-US Calc: threaded
(In reply to László Németh from comment #9) > Created attachment 173161 [details] > simplified test file This file no longer crashes in bibisect-linux-7.4 after https://git.libreoffice.org/core/+/e54ac357ee669cfc7cb5c68eca4ddce27824ae9a author Caolán McNamara <caolanm@redhat.com> Sat Mar 12 20:24:45 2022 +0000 committer Caolán McNamara <caolanm@redhat.com> Sun Mar 13 11:24:35 2022 +0100 tdf#147929 "undo" may delete the current SwAnnotationShell
No repro for both files Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 86b2bfd34a4f07c54f03c8c8dfe48e0810834628 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL *** This bug has been marked as a duplicate of bug 147929 ***
(In reply to Gabor Kelemen (allotropia) from comment #14) > (In reply to László Németh from comment #9) > > Created attachment 173161 [details] > > simplified test file > > This file no longer crashes in bibisect-linux-7.4 after > > https://git.libreoffice.org/core/+/e54ac357ee669cfc7cb5c68eca4ddce27824ae9a > > author Caolán McNamara <caolanm@redhat.com> Sat Mar 12 20:24:45 2022 +0000 > committer Caolán McNamara <caolanm@redhat.com> Sun Mar 13 11:24:35 2022 +0100 > > tdf#147929 "undo" may delete the current SwAnnotationShell Lovely, the commit is pushed against the wrong bug number :-(
Also the original attachment does not crash anymore after: https://git.libreoffice.org/core/+/bdf1d9b8151476531f2fbe06f66db260efcbc529 author Michael Stahl <michael.stahl@allotropia.de> Tue Feb 01 21:35:46 2022 +0100 committer Michael Stahl <michael.stahl@allotropia.de> Wed Feb 02 09:47:36 2022 +0100 tdf#147006 sw_fieldmarkhide: fix crash when deleting fly with fieldmark A side effect though: Deleting from the back and doing the undo-redo dance twice does not restore the B and C characters with page breaks, so three pages document shrinks to two. I'll open a new one for this. The commit bibisected in comment 14 really fixed bug 147928. I'd prefer to set this as duplicate of the 147006, since this fixed the original issue. *** This bug has been marked as a duplicate of bug 147006 ***