Steps to reproduce: 1. Open Impress 2. Open the navigator 3. Create a new document -> Crash Reproduced in Version: 7.2.0.0.alpha0+ / LibreOffice Community Build ID: c47ad11f8c2e917adebbd5d7b3a3ef6cc4b3e670 CPU threads: 4; OS: Linux 5.7; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded
Regression introduced by: https://cgit.freedesktop.org/libreoffice/core/commit/?id=740fca22fc92065436dee9beae89852fc388db54 author Jim Raykowski <raykowj@gmail.com> 2021-03-04 22:54:28 -0900 committer Jim Raykowski <raykowj@gmail.com> 2021-03-09 02:24:51 +0100 commit 740fca22fc92065436dee9beae89852fc388db54 (patch) tree 7e0bca48ffd47a1da48607e4b4fc75e3ffee6185 parent dc3b64dcbfb0a49c0be65bd8d73ed4e6d3828a21 (diff) tdf#139944 Disable navigator in impress and draw master mode Bisected with: bibisect-linux64-7.2 Adding Cc: to Jim Raykowski
On pc Debian x86-64 with master sources updated today, I could reproduce this. Here's part of bt: #0 sd::DrawViewShell::GetEditMode() const (this=0x0) at sd/source/ui/inc/DrawViewShell.hxx:237 #1 0x00007ff69472f9c3 in SdNavigatorControllerItem::StateChanged(unsigned short, SfxItemState, SfxPoolItem const*) (this=0x8374d20, nSId=27288, eState=SfxItemState::DEFAULT, pItem=0x83da790) at sd/source/ui/dlg/navigatr.cxx:642 #2 0x00007ff6accafea0 in SfxStateCache::SetState_Impl(SfxItemState, SfxPoolItem const*, bool) (this=0x8345a00, eState=SfxItemState::DEFAULT, pState=0x83da790, bMaybeDirty=false) at sfx2/source/control/statcach.cxx:423 #3 0x00007ff6accafbd1 in SfxStateCache::SetState(SfxItemState, SfxPoolItem const*, bool) (this=0x8345a00, eState=SfxItemState::DEFAULT, pState=0x83da790, bMaybeDirty=false) at sfx2/source/control/statcach.cxx:324 #4 0x00007ff6acc1aaaa in SfxBindings::UpdateControllers_Impl(SfxFoundCache_Impl const&, SfxPoolItem const*, SfxItemState) (rFound=..., pItem=0x83da790, eState=SfxItemState::SET) at sfx2/source/control/bindings.cxx:1218 => naive patch: diff --git a/sd/source/ui/dlg/navigatr.cxx b/sd/source/ui/dlg/navigatr.cxx index c0e2ec79992e..b09edffc46b2 100644 --- a/sd/source/ui/dlg/navigatr.cxx +++ b/sd/source/ui/dlg/navigatr.cxx @@ -639,7 +639,7 @@ void SdNavigatorControllerItem::StateChanged( sal_uInt16 nSId, { const auto pDrawViewShell = static_cast<::sd::DrawViewShell *>(pDrawDocShell->GetViewShell()); - bool bEditModePage(pDrawViewShell->GetEditMode() == EditMode::Page); + bool bEditModePage(pDrawViewShell && (pDrawViewShell->GetEditMode() == EditMode::Page)); pNavigatorWin->mxToolbox->set_sensitive(bEditModePage); pNavigatorWin->mxLbDocs->set_sensitive(bEditModePage); pNavigatorWin->mxTlbObjects->set_sensitive(bEditModePage);
Jim Raykowski committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/f458b30b15526e95a6d25820450241fd6234171c tdf#141511 fix null pointer use crash It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
@Xisco, thanks for the bibisect. @Julien, thanks for the location of the null pointer use crash.