Description: LibreOffice crashes while inspecting a file containing a custom shape and clicking on "Object" tree Steps to Reproduce: 1. Open the sample attachment 163404 [details] or create a new write file and add an arbitrary custom shape like a rectangle 2. Open "UNO Object Inspector" from "Tools > Development Tools" Menu 3. Find the only shape in "Shapes" part under "Object" section 4. Click on "Properties" 5. Select "@0" 6. Click on anywhere on the tree under "Object" section Actual Results: Crashing Expected Results: Not crashing Reproducible: Always User Profile Reset: No Additional Info: Version: 7.3.0.0.alpha0+ / LibreOffice Community Build ID: 1ec5a1300632a5455416b6cbb090d8c48353d939 CPU threads: 8; OS: Linux 5.8; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded
no repro in Version: 7.3.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 4677345e3695bac158bb04048b4d5c608ed764b4 CPU threads: 4; OS: Windows 6.1 Service Pack 1 Build 7601; UI render: default; VCL: win Locale: ru-RU (ru_RU); UI: en-US Calc: CL
no repro Version: 7.3.0.0.alpha0+ / LibreOffice Community Build ID: 612d5b1a04fe022a34018d901bb9b052791d54e5 CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: cs-CZ (cs_CZ.UTF-8); UI: en-US Calc: threaded but my build is older then yours, recent regression?
No crash Version: 7.3.0.0.alpha0+ / LibreOffice Community Build ID: 36efb384a66b6dd645e0ae80fd7df68370a9dc8b CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: cs-CZ (cs_CZ.UTF-8); UI: en-US Calc: threaded
I can't reproduce it in Version: 7.3.0.0.alpha0+ / LibreOffice Community Build ID: 6daf48b50e1ff3bdd6a9f948c3e267e76b8a89d3 CPU threads: 4; OS: Linux 5.7; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded @Hossein, Could you please try to clean the user profile and retry ?
(In reply to Xisco Faulí from comment #4) > I can't reproduce it in > > Version: 7.3.0.0.alpha0+ / LibreOffice Community > Build ID: 6daf48b50e1ff3bdd6a9f948c3e267e76b8a89d3 > CPU threads: 4; OS: Linux 5.7; UI render: default; VCL: gtk3 > Locale: en-US (en_US.UTF-8); UI: en-US > Calc: threaded > > @Hossein, Could you please try to clean the user profile and retry ? Started LO in safe mode, cleared profile, but LO still crashes.
[Automated Action] NeedInfo-To-Unconfirmed
Created attachment 174224 [details] gdb backtrace The crash happens in: sw/source/core/doc/docbm.cxx:1318 void MarkManager::deleteMark(const IMark* const pMark) #4 0x00007fffdddaf1a0 in sw::mark::MarkManager::deleteMark(sw::mark::IMark const*) (this=0x555559d22820, pMark=0x55555b01d570) at /home/hossein/Projects/libreoffice/core/sw/source/core/doc/docbm.cxx:1318
*** Bug 143638 has been marked as a duplicate of this bug. ***
ok, I do reproduce the issue with a debug build, lowering priority
*** Bug 143636 has been marked as a duplicate of this bug. ***
Hi Hossein, is this issue still reproducible in a master build ?
(In reply to Xisco Faulí from comment #11) > Hi Hossein, > is this issue still reproducible in a master build ? Yes. Still reproducible in the latest master for Linux: Version: 7.3.0.0.alpha1+ / LibreOffice Community Build ID: 4d66721962f60a9c8b4653dc724f163c45e6ddd9 CPU threads: 8; OS: Linux 5.11; UI render: default; VCL: x11 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded It is not reproducible in Windows, so I set the bug to Linux only: Not reproducible: Version: 7.3.0.0.alpha1+ (x64) / LibreOffice Community Build ID: 4d66721962f60a9c8b4653dc724f163c45e6ddd9 CPU threads: 32; OS: Windows 10.0 Build 19043; UI render: Skia/Raster; VCL: win Locale: en-US (en_DE); UI: en-US Calc: threaded
This crashes because of using gcc debug code, which explains why it only occurs with a debug build. Let's treat it similarly to an assert. I haven't debugged into it, but probably the prerequisites for using equal_range aren't met.
Dear Hossein, This bug has been in ASSIGNED status for more than 3 months without any activity. Resetting it to NEW. Please assign it back to yourself if you're still working on this.
Still reproducible with the latest 7.4 master: Version: 7.4.0.0.alpha0+ / LibreOffice Community Build ID: 18715f6a63af55045b108b98abeffeae8e51518b CPU threads: 8; OS: Linux 5.13; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded
Created attachment 182520 [details] bt with debug symbols + console logs On pc Debian x86-64 with master sources updated today, I could reproduce this. I attached console logs in addition to bt which is almost identical to Hossein's one.
Created attachment 184148 [details] gdb bt Here's an updated bt with last console logs.
Created attachment 184223 [details] Valgrind trace If it can help, I retrieved a Valgrind trace on pc debian x86-64 with master sources updated today + brand new LO profile + gen rendering.
With the latest LO 24.2 dev master, I don't get an immediate crash. But after doing the steps described in comment 1 and then closing LibreOffice, I face a crash caused by an assertion failure. Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 25d50f08a27ee28698226a44db9c74a66a260754 CPU threads: 12; OS: Linux 5.19; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: CL threaded warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:ucb.ucp.gio:15874:15874:ucb/source/ucp/gio/gio_content.cxx:1014: Unknown command getAllVersions warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:ucb.ucp.gio:15874:15874:ucb/source/ucp/gio/gio_content.cxx:1014: Unknown command getAllVersions warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:ucb.ucp.gio:15874:15874:ucb/source/ucp/gio/gio_content.cxx:1014: Unknown command getAllVersions warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:legacy.osl:15874:15874:svx/source/unodraw/unoshape.cxx:1879: SvxShape::GetAnyForItem() Returnvalue has wrong Type! soffice.bin: /home/hossein/Projects/libreoffice/core/sw/source/core/access/accmap.cxx:1690: virtual SwAccessibleMap::~SwAccessibleMap(): Assertion `(!mpShapeMap || mpShapeMap->empty()) && "Object map should be empty after disposing the root frame"' failed. Unspecified Application Error Fatal exception: Signal 6 Stack: /home/hossein/Projects/libreoffice/core/instdir/program/libuno_sal.so.3(+0x93d49)[0x7feb6b0fed49] /home/hossein/Projects/libreoffice/core/instdir/program/libuno_sal.so.3(+0x93f81)[0x7feb6b0fef81] /home/hossein/Projects/libreoffice/core/instdir/program/libuno_sal.so.3(+0x942c6)[0x7feb6b0ff2c6] /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7feb6aa42520] /lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x12c)[0x7feb6aa96a7c] /lib/x86_64-linux-gnu/libc.so.6(raise+0x16)[0x7feb6aa42476] /lib/x86_64-linux-gnu/libc.so.6(abort+0xd3)[0x7feb6aa287f3] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xbcb746)[0x7feb635cb746] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_ZN11Application5AbortERKN3rtl8OUStringE+0x26)[0x7feb6366551c] /home/hossein/Projects/libreoffice/core/instdir/program/libsofficeapp.so(+0x2f265)[0x7feb6ae2f265] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xc7a49f)[0x7feb6367a49f] /home/hossein/Projects/libreoffice/core/instdir/program/libuno_sal.so.3(+0x1aacc)[0x7feb6b085acc] /home/hossein/Projects/libreoffice/core/instdir/program/libuno_sal.so.3(+0x9428b)[0x7feb6b0ff28b] /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7feb6aa42520] /lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x12c)[0x7feb6aa96a7c] /lib/x86_64-linux-gnu/libc.so.6(raise+0x16)[0x7feb6aa42476] /lib/x86_64-linux-gnu/libc.so.6(abort+0xd3)[0x7feb6aa287f3] /lib/x86_64-linux-gnu/libc.so.6(+0x2871b)[0x7feb6aa2871b] /lib/x86_64-linux-gnu/libc.so.6(+0x39e96)[0x7feb6aa39e96] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x385ed3)[0x7fe9e9785ed3] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf7162a)[0x7fe9ea37162a] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf715f5)[0x7fe9ea3715f5] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf714b1)[0x7fe9ea3714b1] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x357076)[0x7fe9e9757076] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x3554f5)[0x7fe9e97554f5] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x354abc)[0x7fe9e9754abc] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf6fd72)[0x7fe9ea36fd72] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf6d521)[0x7fe9ea36d521] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf86e62)[0x7fe9ea386e62] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf872e0)[0x7fe9ea3872e0] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0xf86b55)[0x7fe9ea386b55] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN11SwViewShellD2Ev+0x302)[0x7fe9ea3858f0] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN13SwCursorShellD1Ev+0x259)[0x7fe9e9882403] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN11SwEditShellD1Ev+0x60)[0x7fe9e9c6c104] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN9SwFEShellD1Ev+0xba)[0x7fe9e9d0d366] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN10SwWrtShellD1Ev+0xfd)[0x7fe9eaa33c2f] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN10SwWrtShellD0Ev+0x1c)[0x7fe9eaa33ce0] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x14a128f)[0x7fe9ea8a128f] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x14a175a)[0x7fe9ea8a175a] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(+0x14a0773)[0x7fe9ea8a0773] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN6SwViewD1Ev+0x417)[0x7fe9ea899fd9] /home/hossein/Projects/libreoffice/core/instdir/program/../program/libswlo.so(_ZN6SwViewD0Ev+0x1c)[0x7fe9ea89a4b2] /home/hossein/Projects/libreoffice/core/instdir/program/libsfxlo.so(+0x6936df)[0x7feb682936df] /home/hossein/Projects/libreoffice/core/instdir/program/libsfxlo.so(_ZN12SfxViewFrameD1Ev+0x88)[0x7feb682985e4] /home/hossein/Projects/libreoffice/core/instdir/program/libsfxlo.so(_ZN12SfxViewFrameD0Ev+0x1c)[0x7feb68298842] /home/hossein/Projects/libreoffice/core/instdir/program/libsfxlo.so(_ZN12SfxViewFrame5CloseEv+0x13f)[0x7feb68293b9d] /home/hossein/Projects/libreoffice/core/instdir/program/libsfxlo.so(+0x64e412)[0x7feb6824e412] /home/hossein/Projects/libreoffice/core/instdir/program/libsfxlo.so(_ZN17SfxBaseController7disposeEv+0x6b9)[0x7feb6827a903] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(+0x26a7f0)[0x7feb6906a7f0] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(+0x26b050)[0x7feb6906b050] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(_ZN9framework7Desktop16impl_closeFramesEb+0x196)[0x7feb6905dcce] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(_ZN9framework7Desktop9terminateEv+0x1bd)[0x7feb6905856d] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(+0x127765)[0x7feb68f27765] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(+0x126b1b)[0x7feb68f26b1b] /home/hossein/Projects/libreoffice/core/instdir/program/libfwklo.so(+0x126627)[0x7feb68f26627] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0x48f7ed)[0x7feb62e8f7ed] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xbbe175)[0x7feb635be175] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xbbe139)[0x7feb635be139] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0x6882d9)[0x7feb630882d9] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0x6850ba)[0x7feb630850ba] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0x686f68)[0x7feb63086f68] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xf4b5e6)[0x7feb6394b5e6] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_ZN17SalGenericDisplay12ProcessEventEN16SalUserEventList12SalUserEventE+0x25)[0x7feb6396cc11] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xbcc5a4)[0x7feb635cc5a4] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_ZN16SalUserEventList18DispatchUserEventsEb+0x25b)[0x7feb635cc807] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_ZN17SalGenericDisplay21DispatchInternalEventEb+0x27)[0x7feb6396cb7d] /home/hossein/Projects/libreoffice/core/instdir/program/libvclplug_gtk3lo.so(+0x13f299)[0x7feb5973f299] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x174)[0x7feb5ebf6c44] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0xab258)[0x7feb5ec4c258] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x33)[0x7feb5ebf43e3] /home/hossein/Projects/libreoffice/core/instdir/program/libvclplug_gtk3lo.so(+0x13e018)[0x7feb5973e018] /home/hossein/Projects/libreoffice/core/instdir/program/libvclplug_gtk3lo.so(+0x141c5c)[0x7feb59741c5c] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(+0xc65bf4)[0x7feb63665bf4] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_ZN11Application5YieldEv+0x196)[0x7feb636668d6] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_ZN11Application7ExecuteEv+0x1ad)[0x7feb636658f9] /home/hossein/Projects/libreoffice/core/instdir/program/libsofficeapp.so(+0x30ccf)[0x7feb6ae30ccf] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_Z10ImplSVMainv+0x235)[0x7feb6367a730] /home/hossein/Projects/libreoffice/core/instdir/program/libvcllo.so(_Z6SVMainv+0xd)[0x7feb6367a859] /home/hossein/Projects/libreoffice/core/instdir/program/libsofficeapp.so(soffice_main+0x141)[0x7feb6ae9027b] /home/hossein/Projects/libreoffice/core/instdir/program/soffice.bin(+0x930)[0x556d3d969930] /home/hossein/Projects/libreoffice/core/instdir/program/soffice.bin(+0x912)[0x556d3d969912] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7feb6aa29d90] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7feb6aa29e40] /home/hossein/Projects/libreoffice/core/instdir/program/soffice.bin(+0x825)[0x556d3d969825]
The problem seems to be gtk3 only, because it does not happen with gen UI on Linux. Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 25d50f08a27ee28698226a44db9c74a66a260754 CPU threads: 12; OS: Linux 5.19; UI render: default; VCL: x11 Locale: en-US (en_US.UTF-8); UI: en-US Calc: CL threaded
On pc Debian x86-64 with master sources updated today (+gtk3 rendering), I got no crash or assertion anymore, including after closing the document then LO. Hossein: unless I missed something, could you give a new try with a daily build from 83a169d04aca94f6f2a5b6ef9fdfba3c0fc4ede3 ?
(In reply to Julien Nabet from comment #21) > On pc Debian x86-64 with master sources updated today (+gtk3 rendering), I > got no crash or assertion anymore, including after closing the document then > LO. > > Hossein: unless I missed something, could you give a new try with a daily > build from 83a169d04aca94f6f2a5b6ef9fdfba3c0fc4ede3 ? Correct. I no longer reproduce the crash/assertion failure with the latest LO 24.2 dev master. Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: b6f3129569c22d9d139ca712dcf0db6dc2041565 CPU threads: 12; OS: Linux 5.19; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: CL threaded But, bisect is needed to know which commit actually fixed the issue. Might be changes to sw/source/core/doc/docbm.cxx.