Created attachment 174389 [details] faulty-spreadsheet Here is a spreadsheet that is 897 rows and 9 columns that is really nothing fancy. If you add a line anywhere in the middle of the existing lines (insert above or below) and then try to save the change, the spreadsheet crashes. There is no crash after adding columns or sheets... just lines. And you can add a line at the end of the text and save just fine. The crash only occurs when you add a line in the middle of the sheet and try to save. I've tried creating a new spreadsheet of equal size and cannot reproduce the issue so I'm not sure what is special about this spreadsheet that causes the crash. The issue was reported in launchpad based off of Ubuntu 20.04 and Libreoffice 6.4.7 but it happens easily on 7.1.5 and 7.2.0 rc3. The corresponding launchpad bug: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1938735 I'll attach the faulty spreadsheet as well as the user's system state information (remember this is relative to 6.4.7, but the same thing happens on 7.2.0)
Created attachment 174390 [details] stacktrace signature
Created attachment 174391 [details] top of stacktrace
Created attachment 174392 [details] segv analysis
Created attachment 174393 [details] registers
Created attachment 174394 [details] proc status
Created attachment 174395 [details] proc maps
Created attachment 174396 [details] faulty-spreadsheet
I cannot repro with Version: 7.2.0.4 (x64) / LibreOffice Community Build ID: 9a9c6381e3f7a62afc1329bd359cc48accb6435b CPU threads: 4; OS: Windows 10.0 Build 21390; UI render: Skia/Vulkan; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: CL Please test with a clean profile, Menu/Help/Restart in Safe Mode
I did not test with Windows and unfortunately I don't have a Windows environment for testing, but the issue is present in Ubuntu 20.04 and newer.
[Automated Action] NeedInfo-To-Unconfirmed
No repro 6.1, repro LO 6.2, 7.2.0 and 7.3+ master in Win 7 64-bit and Lin GTK3 Mint 19 64-bit. Regression. I added a row above 828.
I'll try with bibisect.
Created attachment 174403 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I got an assertion.
6.2 Linux commit 5e777f23fd0118f6649f0d9e30eb77a72f1099e4 Date: Fri Aug 17 09:44:34 2018 +0200 source 1b95eb30f6358a9ebdedee2888be8273120669c8 pre 7125c6798f94a8b7345372ba36dbabd89bab8820 author Noel Grandin <noel.grandin@collabora.co.uk> 2018-08-16 committer Noel Grandin <noel.grandin@collabora.co.uk> 2018-08-17 commit 1b95eb30f6358a9ebdedee2888be8273120669c8 (patch) tree 45ddd96753d0fac4311529da5af61994dfd56181 parent 7125c6798f94a8b7345372ba36dbabd89bab8820 (diff) loplugin:useuniqueptr in ScColumnRowStylesBase Hi Noel, please see this Calc crash.
I reverted the patch manually + removed an assert instruction, I don't reproduce the crash indeed. However, I noticed this log: warn:legacy.osl:92035:92035:sc/source/filter/xml/XMLStylesExportHelper.cxx:976: GetStyleNameByIndex: invalid index OUString* ScColumnRowStylesBase::GetStyleNameByIndex(const sal_Int32 nIndex) { if ( nIndex < 0 || nIndex >= sal::static_int_cast<sal_Int32>( aStyleNames.size() ) ) { // should no longer happen, use first style then OSL_FAIL("GetStyleNameByIndex: invalid index"); return aStyleNames[0]; } return aStyleNames[nIndex]; } I may be wrong but IMHO the Noel's patch uncovered an already existing bug here.
If you remove 1 line and save, then you add a line and save it works. Eike: I added some traces in ScXMLExport::ExportFormatRanges (see https://opengrok.libreoffice.org/xref/core/sc/source/filter/xml/xmlexprt.cxx?r=581b2cf7&mo=59108&fi=1525#1525) OK case when adding a new row after I delete one or more rows first: ... TODO ExportFormatRanges nStartCol=9 nEndCol=-1 nStartRow=837 nEndRow=838 TODO ExportFormatRanges nStartCol=9 nEndCol=5 nStartRow=838 nEndRow=841 TODO ExportFormatRanges nStartCol=7 nEndCol=1023 nStartRow=841 nEndRow=1048575 TODO ExportFormatRanges nStartCol=0 nEndCol=0 nStartRow=0 nEndRow=0 TODO ExportFormatRanges nStartCol=0 nEndCol=0 nStartRow=0 nEndRow=0 KO case when adding a new row without deleting any rows before: ... TODO ExportFormatRanges nStartCol=9 nEndCol=-1 nStartRow=836 nEndRow=838 TODO ExportFormatRanges nStartCol=9 nEndCol=-1 nStartRow=838 nEndRow=839 TODO ExportFormatRanges nStartCol=9 nEndCol=5 nStartRow=839 nEndRow=842 TODO ExportFormatRanges nStartCol=7 nEndCol=1023 nStartRow=842 nEndRow=1048576 soffice.bin: /home/julien/lo/libreoffice/sc/source/filter/xml/xmlexprt.cxx:1499: void ScXMLExport::OpenRow(const sal_Int32, const sal_Int32, const sal_Int32, ScXMLCachedRowAttrAccess &): Assertion `nIndex >= 0 && "coverity#1438402"' failed. It seems the pb appears when nEndRow=1048576
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/7246759822aff30e4e4e1bca7949eae3b0d960ef tdf#143940: the style index might be -1 It will be available in 7.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thank you so much for fixing this issue :)
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/476ad4fe6f62e7b5880f70aa67bfba702fbdef4e tdf#143940: the style index might be -1 It will be available in 7.1.7. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-7-2": https://git.libreoffice.org/core/commit/aecdbb01ea6d89d1e3e25707b0dcd2bedaeb64a6 tdf#143940: the style index might be -1 It will be available in 7.2.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-7-1-6": https://git.libreoffice.org/core/commit/105e241b0173bd4e110a73f1f9306616fb64a69b tdf#143940: the style index might be -1 It will be available in 7.1.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-7-2-1": https://git.libreoffice.org/core/commit/25bdfc5404f210ed889e452cb3b7deb016c6c0d3 tdf#143940: the style index might be -1 It will be available in 7.2.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
I wrote a unittest for this issue <https://gerrit.libreoffice.org/c/core/+/121151> but it hits an assert.