Created attachment 169543 [details] Spreadsheet with 20,000 rows This bug was filed from the crash reporting server and is br-b34f092a-85b9-4e2d-8185-4de773ea83bc. ========================================= Steps to reproduce. 1. Install libreoffice 7.1 2. Open calc 3. Open a large password protected spreadsheet 4. Enter password 5. *While* file is loading, press Alt+F to open File menu 6. Crash
The attached spreadsheet is sufficient to reproduce the error on libreoffice 7.1.03 and 7.0.4.2. Password is 'password'.
(In reply to pross from comment #1) > The attached spreadsheet is sufficient to reproduce the error on libreoffice > 7.1.03 and 7.0.4.2. Password is 'password'. password isn't correct password for attached file. Please double check it yourself and give us the valid password
I created my own example with 500000 rows and save it with password protect. Then I tried your steps, but No repro the crash in Version: 7.1.0.3 (x64) / LibreOffice Community Build ID: f6099ecf3d29644b5008cc8f48f42f4a40986e4c CPU threads: 4; OS: Windows 6.1 Service Pack 1 Build 7601; UI render: Skia/Raster; VCL: win Locale: ru-RU (ru_RU); UI: ru-RU Calc: CL
---- Version: 7.1.0.3 / LibreOffice Community Build ID: f6099ecf3d29644b5008cc8f48f42f4a40986e4c CPU threads: 4; OS: Linux 5.10; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded --- 'password' unlocks the file for me. Strange. Further testing show a password protected file is not required the crash here (debian linux bullseye). Opening a large spreadsheet, and while it is loading/calculating, opening the File menu (or any menu) causes a crash. Using `soffice --backtrace` suggests the fault is associated with libvlcplug_gtk3lo Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault. 0x00007fffe7f7665b in ?? () from /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #0 0x00007fffe7f7665b in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #1 0x00007fffe7f79e95 in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #2 0x00007fffe78b91d1 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #3 0x00007fffefe16092 in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #4 0x00007fffefe28403 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #5 0x00007fffefe2e69f in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #6 0x00007fffefe2ec0f in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #7 0x00007fffe775722e in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #8 0x00007fffefe16092 in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #9 0x00007fffefe28403 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #10 0x00007fffefe2e69f in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #11 0x00007fffefe2ec0f in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #12 0x00007fffe7f7a282 in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #13 0x00007fffe7f7a4db in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #14 0x00007fffe7f7812e in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #15 0x00007ffff622fb15 in () at /opt/libreoffice7.1/program/libmergedlo.so #16 0x00007ffff62692be in SystemWindow::SetMenuBar(MenuBar*) () at /opt/libreoffice7.1/program/libmergedlo.so #17 0x00007ffff4c031b3 in () at /opt/libreoffice7.1/program/libmergedlo.so #18 0x00007ffff4c0370e in () at /opt/libreoffice7.1/program/libmergedlo.so #19 0x00007ffff510c0c8 in () at /opt/libreoffice7.1/program/libmergedlo.so #20 0x00007ffff510ef64 in () at /opt/libreoffice7.1/program/libmergedlo.so #21 0x00007ffff5370bc1 in () at /opt/libreoffice7.1/program/libmergedlo.so #22 0x00007ffff5371f21 in SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) () at /opt/libreoffice7.1/program/libmergedlo.so #23 0x00007ffff535abbe in () at /opt/libreoffice7.1/program/libmergedlo.so #24 0x00007ffff4c2a19e in () at /opt/libreoffice7.1/program/libmergedlo.so #25 0x00007ffff4c2b3c6 in () at /opt/libreoffice7.1/program/libmergedlo.so #26 0x00007ffff4c2b8d1 in () at /opt/libreoffice7.1/program/libmergedlo.so #27 0x00007ffff4b5081a in () at /opt/libreoffice7.1/program/libmergedlo.so #28 0x00007ffff4b51449 in () at /opt/libreoffice7.1/program/libmergedlo.so #29 0x00007ffff5116fea in () at /opt/libreoffice7.1/program/libmergedlo.so #30 0x00007ffff629f7bf in () at /opt/libreoffice7.1/program/libmergedlo.so #31 0x00007ffff6537c3a in SalUserEventList::DispatchUserEvents(bool) () at /opt/libreoffice7.1/program/libmergedlo.so #32 0x00007fffe7ef59a9 in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #33 0x00007fffefd24c3f in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #34 0x00007fffefd24fe8 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #35 0x00007fffefd2509f in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #36 0x00007fffe7ef6f2c in () at /opt/libreoffice7.1/program/libvclplug_gtk3lo.so #37 0x00007ffff65748d2 in () at /opt/libreoffice7.1/program/libmergedlo.so #38 0x00007ffff6576d75 in Application::Execute() () at /opt/libreoffice7.1/program/libmergedlo.so #39 0x00007ffff53ac485 in () at /opt/libreoffice7.1/program/libmergedlo.so #40 0x00007ffff657e826 in ImplSVMain() () at /opt/libreoffice7.1/program/libmergedlo.so #41 0x00007ffff53cd41d in soffice_main () at /opt/libreoffice7.1/program/libmergedlo.so #42 0x000000000040069b in () #43 0x00007ffff2e46d0a in __libc_start_main (main=0x400690, argc=2, argv=0x7fffffffe1a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe198) at ../csu/libc-start.c:308 #44 0x00000000004006cf in ()
Xisco, can you test it in Linux with GTK3? Thanks
I think I can confirm this. From the start center load the big document, while its is loading open menu tools, macros, organize macros, and wait. When the document loads it will replacement the menubar and we get a crash #3 0x00007fffd97c12ed in std::__debug::vector<GtkSalMenuItem*, std::allocator<GtkSalMenuItem*> >::operator[] (this=0x306fe18, __n=65535) at /usr/lib/gcc/x86_64-redhat-linux/10/../../../../include/c++/10/debug/vector:427 #4 0x00007fffd97bf616 in GtkSalMenu::GetItemAtPos (this=0x306fe10, nPos=65535) at vcl/inc/unx/gtk/gtksalmenu.hxx:93 #5 0x00007fffd97bdbf1 in GtkSalMenu::Activate (pCommand=0x77560a4 "window-50789904-19") at vcl/unx/gtk3/gtk3gtksalmenu.cxx:1357 #6 0x00007fffd97cf231 in g_lo_action_group_perform_submenu_action (group=0x2212b00, action_name=0x77560a4 "window-50789904-19", state=0x36dd150) at vcl/unx/gtk3/gtk3gloactiongroup.cxx:197 #7 0x00007fffd97cede8 in g_lo_action_group_change_state (group=0x2212b00, action_name=0x77560a4 "window-50789904-19", value=0x36dd150) at vcl/unx/gtk3/gtk3gloactiongroup.cxx:220 #8 0x00007fffd8f93aed in gtk_menu_tracker_opener_update () from /lib64/libgtk-3.so.0 #9 0x00007fffe9210e2a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #10 0x00007fffe923a273 in signal_emit_unlocked_R.isra.0 () from /lib64/libgobject-2.0.so.0 #11 0x00007fffe922df82 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #12 0x00007fffe922e1a3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 #13 0x00007fffd8e350f2 in gtk_action_muxer_action_removed_from_group () from /lib64/libgtk-3.so.0 #14 0x00007fffe9210e2a in g_closure_invoke () from /lib64/libgobject-2.0.so.0 #15 0x00007fffe923a273 in signal_emit_unlocked_R.isra.0 () from /lib64/libgobject-2.0.so.0 #16 0x00007fffe922df82 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0 #17 0x00007fffe922e1a3 in g_signal_emit () from /lib64/libgobject-2.0.so.0 #18 0x00007fffd97cdaf2 in g_lo_action_group_remove (group=0x2212b00, action_name=0x36df870 "window-50789904-19") at vcl/unx/gtk3/gtk3gloactiongroup.cxx:384 #19 0x00007fffd97ce23d in g_lo_action_group_clear (group=0x2212b00) at vcl/unx/gtk3/gtk3gloactiongroup.cxx:399 #20 0x00007fffd97ba7fc in GtkSalMenu::~GtkSalMenu (this=0x48fb830) at vcl/unx/gtk3/gtk3gtksalmenu.cxx:609 #21 0x00007fffd97ba9bc in GtkSalMenu::~GtkSalMenu (this=0x48fb830) at vcl/unx/gtk3/gtk3gtksalmenu.cxx:596 #22 0x00007fffef049f8f in std::default_delete<SalMenu>::operator() (this=0x42941b8, __ptr=0x48fb830) at /usr/lib/gcc/x86_64-redhat-linux/10/../../../../include/c++/10/bits/unique_ptr.h:85 #23 0x00007fffef049e83 in std::__uniq_ptr_impl<SalMenu, std::default_delete<SalMenu> >::reset (this=0x42941b8, __p=0x0) at /usr/lib/gcc/x86_64-redhat-linux/10/../../../../include/c++/10/bits/unique_ptr.h:182 #24 0x00007fffef0446ad in std::unique_ptr<SalMenu, std::default_delete<SalMenu> >::reset (this=0x42941b8, __p=0x0) at /usr/lib/gcc/x86_64-redhat-linux/10/../../../../include/c++/10/bits/unique_ptr.h:456 #25 0x00007fffef033545 in Menu::dispose (this=0x4294080) at vcl/source/window/menu.cxx:220 #26 0x00007fffef03fd7d in MenuBar::dispose (this=0x4294080) at vcl/source/window/menu.cxx:2412 #27 0x00007fffef3f40b1 in VclReferenceBase::disposeOnce (this=0x4294080) at vcl/source/outdev/vclreferencebase.cxx:38 #28 0x00007ffff120ad4a in VclPtr<Menu>::disposeAndClear (this=0x30efb60) at include/vcl/vclptr.hxx:206 #29 0x00007ffff1204399 in VCLXMenu::~VCLXMenu (this=0x30efb10) at toolkit/source/awt/vclxmenu.cxx:60 #30 0x00007ffff120c8b8 in VCLXMenuBar::~VCLXMenuBar (this=0x30efb10) at include/toolkit/awt/vclxmenu.hxx:146 #31 0x00007ffff120c8dc in VCLXMenuBar::~VCLXMenuBar (this=0x30efb10) at include/toolkit/awt/vclxmenu.hxx:146 #32 0x00007ffff64e9533 in cppu::OWeakObject::release (this=0x30efb38) at cppuhelper/source/weak.cxx:233 #33 0x00007ffff120c74e in VCLXMenu::release (this=0x30efb10) at include/toolkit/awt/vclxmenu.hxx:88 #34 0x00007ffff58d34fd in com::sun::star::uno::Reference<com::sun::star::awt::XMenuBar>::clear (this=0x42354f0) at include/com/sun/star/uno/Reference.hxx:231 #35 0x00007ffff58d157b in framework::MenuBarWrapper::dispose (this=0x4235400) at framework/source/uielement/menubarwrapper.cxx:136 #36 0x00007ffff56fec0f in framework::LayoutManager::impl_clearUpMenuBar (this=0x13e24b0) at framework/source/layoutmanager/layoutmanager.cxx:255
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2b042a343d25294360972492e36cb84e448eb211 tdf#140225 call cancel before destroying menubar It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
that seems to work, done in master, backport to 7-1 in gerrit
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/97a2416f90a0eec6eab0e939502450499bd3f383 Related: tdf#140225 ignore activate/deactivate of a disposed VclMenu It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/0349ef0fd8d85730e4b2b9f419868b2cef50868c Related: tdf#140225 when clearing pItemList, keep SalMenu in sync It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/951d9fe0b5470085ae817c3af04014e6dd95b498 Resolves: tdf#140225 remove action when item is removed from GtkSalMenu It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Tested. The problem is fixed in master. Thanks!
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/4abe4e9c92641896b4a0949e8a64a231d2f41c86 tdf#140225 call cancel before destroying menubar It will be available in 7.1.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-1-1": https://git.libreoffice.org/core/commit/a6a48971abe61747dc84840890c4bbcbd4c717bf tdf#140225 call cancel before destroying menubar It will be available in 7.1.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.