This bug was filed from the crash reporting server and is br-47d0755c-cbdc-43e7-abca-df1df36af388. ========================================= STR (also works in Safe Mode) 1. Tools - Chapter Numbering 2. Load/Save Button 3. Select one of the options. 4. Load/Save - Save As 5. Double click in list of names in dialog box (should close "save as" dialog) 6. Click on Position tab CRASH Additional information: 1. There may be other combinations/sequences that produce a crash. For example, here is another https://crashreport.libreoffice.org/stats/crash_details/f9411b4a-e94f-4b1e-9421-b8849eff784c with swlo.dll 2. The crashes always occur with a switch from "numbering" tab to "position" tab, after some operations with the Load/Save and Save As dialog. 3. But it is possible to make a number of operations with the Load/Save, Save As, without getting a crash when switching from Numbering to Position. Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 62dff2844b0bf1d1bcb8eb4d6db529ef4a31bee4 CPU threads: 8; OS: Windows 10.0 Build 19041; UI render: Skia/Raster; VCL: win Locale: en-US (en_DK); UI: en-US Calc: threaded
(In reply to sdc.blanco from comment #0) > 1. There may be other combinations/sequences that produce a crash. For example, here are others with mergedlo.dll as signature: https://crashreport.libreoffice.org/stats/crash_details/8be4aeb4-e598-4ae5-8c47-1c75a0d3f73a https://crashreport.libreoffice.org/stats/crash_details/3e100717-3dc5-4bbc-9399-b25fb83fe871 As noted in comment 0, hard to work out exact patterns, and do not know how to produce swlo.dll versus mergelo.dll reliably. But always happens when clicking the "position" tab (though not every time), after some having done some load/save operations and used the "save as" dialog.
I can't reproduce it in Version: 7.2.0.0.alpha0+ / LibreOffice Community Build ID: cbcec4425e04e3614a2025b49fdc221216ac51d3 CPU threads: 4; OS: Linux 5.7; UI render: default; VCL: x11 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded
https://crashreport.libreoffice.org/stats/crash_details/f1a8c639-2f74-49fd-a314-ed2d79a77a45 Version: 7.1.0.3 (x64) / LibreOffice Community Build ID: f6099ecf3d29644b5008cc8f48f42f4a40986e4c CPU threads: 8; OS: Windows 10.0 Build 19041; UI render: Skia/Raster; VCL: win Locale: da-DK (en_DK); UI: en-US Calc: threaded @Xisco - in this example, I entered a new name, loaded different entries, and double-click on the Save As dialog. It did not crash immediately, but at some point, from trying to use the different possibilities switching to the Position tab gives a crash. Sorry that I cannot localize it better.
(In reply to sdc.blanco from comment #3) > https://crashreport.libreoffice.org/stats/crash_details/f1a8c639-2f74-49fd- > a314-ed2d79a77a45 Note that this crash report identifies particular source code files.
On pc Debian x86-64 with master sources updated today with gtk3 or gen rendering I don't reproduce this. However after step 3 (Select one of the options), I expected the entry appears instead of "Load/Save". Would it be possible you provide a screencast? Or perhaps it's Windows only bug?
Try this recipe (which has now proven to reliably crash for me) 1. Tools - Chapter Numbering. 2. Load/Save - Save As 3. Enter some text in the Save As Dialog (i.e., replace Untitled 1) 4. Load/Save - choose the item that you just saved. 5. Click on Position tab and then back to Numbering 5. Load/Save - Save As - and double click in the List (e.g., Untitled 5) 6. Click on Position tab. Here is the latest crash with that recipe: https://crashreport.libreoffice.org/stats/crash_details/8508692c-961e-4775-bdba-40ec643e84e4 (swlo.dll) No claims that all steps in STR are necessary! or that it exhausts the problems -- because I have gotten different crash signatures, when trying to find a recipe: https://crashreport.libreoffice.org/stats/crash_details/dec118d3-9dc6-4810-a1c9-41a05a84c1a1 ( mergedlo.dll ) https://crashreport.libreoffice.org/stats/crash_details/2c06402d-e547-4c72-94a5-38adc9c1bd0b ( sal3.dll ) Tested with: Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 7752bbe121fa0cd892ffc6ddaf465f519573dc09 CPU threads: 8; OS: Windows 10.0 Build 19041; UI render: Skia/Raster; VCL: win Locale: en-US (en_DK); UI: en-US Calc: threaded
Created attachment 169912 [details] bt with debug symbols Thank you for your detailed feedback. On pc Debian x86-64 with master sources updated today with gen rendering, I could reproduce this at step 5, just clicking "Position" tab.
Created attachment 169932 [details] Valgrind trace
I can reproduce the crash with LO Debian testing package 7.0.4.2
*** Bug 140590 has been marked as a duplicate of this bug. ***
Hi Caolán and Noel. Bibisected in Linux 5.4 to range with your commits. Please see if this is some of yours. I came here testing bug 140641, with it's steps. Could be the same.Note that crash in bibisect happens even on Load of Chapter numbering (previously under Format button). commit 4bbc162ea9613c24161235312d15fe8802a8e5cd Date: Wed Feb 8 05:46:40 2017 +0100 source e84e15b79cc0541323c01a1040e0cce96bd9032f source e84e15b79cc0541323c01a1040e0cce96bd9032f source 25cc8979c5e6238bb76c9d751f3fa3433f48542c source 42d68eada6a745bdccb210efffcde8668061e3ef source dae92e11061a718a0c74384b086bca14aa2213ac source e5ecb998fd78137aec32ad2cc996eaa4bb3e499d source 7dde56f2cfb970464f5ebbacac6ebb8b6d9cceef source aa54f8aa093bcb62c1428d252150ed2591ce2c19 source 50151db9f740afee7f11a10cc5c61b437bf87caf source bfde4866e07746eafa2f0d6173c29d805cc35ad0 Previous source 803215142efa6437515348f63bd70ffdcf5d45f1 Multiple commits: https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=803215142efa6437515348f63bd70ffdcf5d45f1..e84e15b79cc0541323c01a1040e0cce96bd9032f Commit message Author fix build Caolán McNamara tdf#97361 remove = None assignments in sfx2 python unit tests kerem unroll IMG_NAVI_ENTRYBMP ImageList Caolán McNamara convert these Image resources to Bitmap Caolán McNamara avoid coverity#1371269 Missing move assignment operator Caolán McNamara use a std::unique_ptr Caolán McNamara convert EscapeType to scoped enum Noel Grandin convert FSysStyle to o3tl::typed_flags Noel Grandin convert DecodeMechanism to scoped enum Noel Grandin
(In reply to Timur from comment #11) > source e5ecb998fd78137aec32ad2cc996eaa4bb3e499d avoid coverity#1371269 Missing move assignment operator Caolán McNamara > source 7dde56f2cfb970464f5ebbacac6ebb8b6d9cceef use a std::unique_ptr Caolán McNamara These two look relevant. Any tips about what gets saved in this Save as dialog will be appreciated (to be added to help documentation). From experiments (between crashes), it seems like Numbering (for all levels), but not Positioning (except maybe for the selected level) is saved.
caolan, this is because of commit e5ecb998fd78137aec32ad2cc996eaa4bb3e499d Author: Caolán McNamara <caolanm@redhat.com> Date: Mon Dec 5 09:52:43 2016 +0000 avoid coverity#1371269 Missing move assignment operator where previously we overwrite (in memory) an existing SwNumRule, we now allocate a fresh one - which is a problem because we hand a pointer to this object to other tabs, which results in them having a stale pointer.
fix here https://gerrit.libreoffice.org/c/core/+/111677
Noel Grandin committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/9ab2284660857f52efc9b68b9d2dd8ea768d6916 tdf#140528 Crash in writer when switching from Numbering to Position It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Noel Grandin committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/662649d953c1f0f461d8df019731bb8854b5922b tdf#140528 Crash in writer when switching from Numbering to Position It will be available in 7.1.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Noel Grandin committed a patch related to this issue. It has been pushed to "libreoffice-7-0": https://git.libreoffice.org/core/commit/1e00c377559d387a5b1111bf63e9684ff441b90b tdf#140528 Crash in writer when switching from Numbering to Position It will be available in 7.0.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Noel Grandin committed a patch related to this issue. It has been pushed to "libreoffice-7-0-5": https://git.libreoffice.org/core/commit/4247d9e4d29cc8f6863f904d2f69a2de4fcd4e66 tdf#140528 Crash in writer when switching from Numbering to Position It will be available in 7.0.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/7def8c3cd8a1d9b4df2478210055b06382e6d493 tdf#140528: sw: Add UItest It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Created attachment 170167 [details] chapter.cfg that gives a crash I am continuing to get crashes, also when working in Safe Mode, but it is hard to find a simple, reliable STR. Roughly, my impression is that I have to have saved some configurations, and loaded some, and after a while a "Save As" will trigger the crash. Meanwhile, this is a simple and reliable STR 1. Install attached chapter.cfg in your {user profile}/config directory before starting Writer 2. Tools > Chapter Numbering 3. Load/Save > choose an entry to Load 4. Load/Save > Save As Crash https://crashreport.libreoffice.org/stats/crash_details/a84de2c2-ce97-4934-a382-c28853711ab2 Maybe there is a problem with that chapter.cfg, but I have been able to get crashes starting from Safe Mode (where everything is Untitled). After I have made some changes and saved them, and loaded a few, and after a while "Load/Save > Save As" crashes. Tested with: Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 6fb9f368c6824a8ff7bc5bc5cf66fc2df7d055b7 CPU threads: 8; OS: Windows 10.0 Build 19041; UI render: Skia/Vulkan; VCL: win Locale: en-US (en_DK); UI: en-US Calc: CL
Comment 20 may be another issue. That chapter.cfg copied in 6.0 (affected by this bug) saves fine. .cfg doesn't load entries in 6.1-6.4. 7.0 crashes as 7.2+. So, I'd say another regression.
With that cfg, in Win we have immediate crash on Save as, while in Lin I write a name (sometimes with spaces to provoke a crash). I tried to bibisect in 7.0 and got.. bug 130908 from Noel, who in 7.0 and 6.4.2 fixed the issue I also noticed from 6.1. Somewhere here is a regression. I guess it should be reported separately, I'll do it and See Also.
Let me use bug 140590 for that.