1. Insert -> Fontwork -> Double click any fontwork -> crash Bibisected with linux-64-7.3 to https://git.libreoffice.org/core/commit/ca7dab5d96e73b7b4b045e2460e0b2ee150757db tdf#143114 Avoid StartDrag on TreeListBox when CaptureOnButton First reported by Telesto in bug 143728 comment 6 Adding Cc: to Armin Le Grand
Created attachment 174108 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this (from Writer) with gen or kf5 renderings (not with gtk3). I also noticed this on console: warn:legacy.osl:35470:35470:sfx2/source/doc/sfxbasemodel.cxx:2943: SfxBaseModel::IsInitialized: this should have been caught earlier! warn:xmloff.core:35470:35470:xmloff/source/core/xmlimp.cxx:928: DBG_UNHANDLED_EXCEPTION in setTargetDocument exception: com.sun.star.lang.NotInitializedException message: /home/julien/lo/libreoffice/sfx2/source/doc/sfxbasemodel.cxx:2955
I confirm I don't reproduce the crash by reverting locally https://git.libreoffice.org/core/commit/ca7dab5d96e73b7b4b045e2460e0b2ee150757db. (just for the record, still these: warn:legacy.osl:36257:36257:sfx2/source/doc/sfxbasemodel.cxx:2943: SfxBaseModel::IsInitialized: this should have been caught earlier! warn:xmloff.core:36257:36257:xmloff/source/core/xmlimp.cxx:928: DBG_UNHANDLED_EXCEPTION in setTargetDocument exception: com.sun.star.lang.NotInitializedException message: /home/julien/lo/libreoffice/sfx2/source/doc/sfxbasemodel.cxx:2955 even without reverting and with gtk3 rendering)
I wonder if there's not a mutex or something lacking. Here's some gdb session: Thread 1 "soffice.bin" hit Breakpoint 1, SvTreeListBox::MouseButtonDown (this=0x7d35230, rMEvt=...) at vcl/source/treelist/treelistbox.cxx:2289 2289 pImpl->MouseButtonDown( rMEvt ); (gdb) p pImpl $4 = std::unique_ptr<SvImpLBox> = {get() = 0x7d38450} (gdb) n [New Thread 0x7fb8804a5700 (LWP 36956)] [Thread 0x7fb8804a5700 (LWP 36956) exited] [New Thread 0x7fb8804a5700 (LWP 36957)] [Thread 0x7fb8804a5700 (LWP 36957) exited] 2292 pImpl->m_pCursorOld = (rMEvt.IsLeft() && (nTreeFlags & SvTreeFlags::CHKBTN) && mnClicksToToggle > 0) (gdb) p pImpl $5 = std::unique_ptr<SvImpLBox> = {get() = 0x0} It seems something in // emptied pImpl
Just for the record because I wouldn't pretend it's the right fix, if I put "pImpl->MouseButtonDown( rMEvt );" after "pImpl->m_pCursorOld =...", it doesn't crash. diff --git a/vcl/source/treelist/treelistbox.cxx b/vcl/source/treelist/treelistbox.cxx index ee4b01981007..19bff1f8ee7d 100644 --- a/vcl/source/treelist/treelistbox.cxx +++ b/vcl/source/treelist/treelistbox.cxx @@ -2286,12 +2286,12 @@ void SvTreeListBox::Paint(vcl::RenderContext& rRenderContext, const tools::Recta void SvTreeListBox::MouseButtonDown( const MouseEvent& rMEvt ) { - pImpl->MouseButtonDown( rMEvt ); - // tdf#143114 remember the *correct* starting entry pImpl->m_pCursorOld = (rMEvt.IsLeft() && (nTreeFlags & SvTreeFlags::CHKBTN) && mnClicksToToggle > 0) ? GetEntry(rMEvt.GetPosPixel()) : nullptr; + + pImpl->MouseButtonDown( rMEvt ); } void SvTreeListBox::MouseButtonUp( const MouseEvent& rMEvt )
*** Bug 143865 has been marked as a duplicate of this bug. ***
Crash not reproducible for me in Version: 7.3.0.0.alpha0+ / LibreOffice Community Build ID: 5f080fc69c7c9748591db29e5e7be317bf48b427 CPU threads: 8; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: fr-FR (fr_FR.UTF-8); UI: en-US Ubuntu_20.04_x86-64 Calc: threaded Best regards. JBF
I submitted the revert here: https://gerrit.libreoffice.org/c/core/+/120531