Created attachment 175088 [details] Screenshot of the documents before reload & crash in Writer When there are two mail merge documents open, reloading the one opened first causes Writer to crash. Steps to reproduce: 1. Download attachment 166250 [details] from bug 119942 and save ODS attachment 166251 [details] to the same folder 2. Download attachment 174941 [details] from bug 144425 and save ODS attachment 174942 [details] to the Documents folder 3. Open the two odt files in Writer 4. Open the Data Sources view from the Mail Merge toolbar (in 7.2.0 Writer crashes at this point: https://crashreport.libreoffice.org/stats/crash_details/04e9b1f5-ce54-4cb2-a59b-1316419e23f6 but master does not anymore) 5. Reload the file you opened first (reloading the second one does not crash) Actual results: Crash. Expected results: No crash. LibreOffice details: Version: 7.3.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 80a47aae1419842f4496f02028e2b49763aea25b CPU threads: 4; OS: Windows 10.0 Build 18363; UI render: default; VCL: win Locale: hu-HU (hu_HU); UI: en-US Calc: CL Additional Information: Bibisected using bibisect-win64-7.1 to: URL: https://cgit.freedesktop.org/libreoffice/core/commit/?id=f54edfb023d9007faa23b6b6ffa1f4d47ccd1fac author Caolán McNamara <caolanm@redhat.com> Thu Sep 03 19:50:08 2020 +0100 committer Caolán McNamara <caolanm@redhat.com> Fri Sep 04 22:21:59 2020 +0200 tree 6a25dce63a65627ae2c96cdc21ca2e6ab72cf45e parent 44e81831dfc194b60b6d0c89ba275669e23c443e [diff] tdf#136442 a null return from GetEntryPosByName is allowed Adding CC to: Caolán McNamara Right before this commit opening the Data Sources view of one file already crashed, so there is improvement.
Created attachment 175089 [details] After the crash debug output 0x00007FFD0398E3A0 (0x000001FF8B854580 0x000001FF8BC05BC0 0x000001FF8B854560 0x000001FF8440C780), ?connect_visible_range_changed@TreeView@weld@@UEAAXAEBV?$Link@AEAVTreeView@weld@@X@@@Z() + 0x110 bytes(s) 0x00007FFCF537A8D7 (0x000001FF8BC05BC0 0x0000005EEC58D580 0x000001FF8B60A040 0x0000005EEC58D4F0), com_sun_star_comp_dbu_SbaXGridControl_get_implementation() + 0x1D937 bytes(s) 0x00007FFCF537A369 (0x000001FF8B54A030 0x000001FF8B4C9BB0 0x0000005EEC58D5C8 0x00007FFD044CA972), com_sun_star_comp_dbu_SbaXGridControl_get_implementation() + 0x1D3C9 bytes(s) 0x00007FFCF537581C (0x000001FF8BC05BC0 0x0000005EEC58D6A0 0x000001FF8B8549E0 0x000001FF8B8549A0), com_sun_star_comp_dbu_SbaXGridControl_get_implementation() + 0x1887C bytes(s) 0x00007FFCF53851BB (0x000001FF8B54BBB0 0x000001FF8B8C9548 0x000001FF8BEAFE08 0x000001FF8B8C9548), com_sun_star_comp_dbu_SbaXGridControl_get_implementation() + 0x2821B bytes(s) 0x00007FFCF6214EF9 (0x000001FF8BEAFDF0 0x000001FF8B54A030 0x000001FF8A8C2AC8 0x0000005EEC58DF20), SwXAutoTextContainer_get_implementation() + 0x3569 bytes(s) 0x00007FFCF5376749 (0x000001FF8B347500 0x000001FF858600E0 0x000001FF8B48D358 0x000001FF8B48D358), com_sun_star_comp_dbu_SbaXGridControl_get_implementation() + 0x197A9 bytes(s) 0x00007FFCF537558D (0x000001FF8B518E10 0x0000005EEC58DBB0 0x000001FF8B347570 0x000001FF858600E0), com_sun_star_comp_dbu_SbaXGridControl_get_implementation() + 0x185ED bytes(s) 0x00007FFCF5320008 (0x000001FF8B512598 0x0000005EEC58E080 0x0000005EEC58DF20 0x0000005EEC58E001), ?resizeDocumentView@ODataView@dbaui@@MEAAXAEAVRectangle@tools@@@Z() + 0x4BF8 bytes(s) 0x00007FFD06AA4FE8 (0x000001FF89B14780 0x000001FF8B44D650 0x000001FF8B347570 0x000001FF8A5416A8), ?setY@Point@@QEAAXJ@Z() + 0xC0D8 bytes(s) 0x00007FFD06AAA3C4 (0x000001FF8A98ADA8 0x000001FF8A98ADA8 0x000001FF8A98AD50 0x000001FF8A98AD88), ?setY@Point@@QEAAXJ@Z() + 0x114B4 bytes(s) 0x00007FFD069C0D83 (0x000001FF8A98AD50 0x0000005EEC58E330 0x0000005EEC58E3A0 0x0000005EEC58E4D8), ??0FrameListAnalyzer@framework@@QEAA@AEBV01@@Z() + 0x16F53 bytes(s) 0x00007FFD069C0814 (0x0000000000000000 0x000001FF8A83D4B0 0x0000005EEC58E460 0x0000005EEC58E460), ??0FrameListAnalyzer@framework@@QEAA@AEBV01@@Z() + 0x169E4 bytes(s) 0x00007FFD05EE7983 (0x000001FF8A8B3C20 0x000001FF8A83D4B0 0x000001FF8B62CC40 0x000001FF8B62C6A0), ?ChildWindowExecute@SfxViewFrame@@QEAAXAEAVSfxRequest@@@Z() + 0x443 bytes(s) 0x00007FFCF61DAD52 (0x000001FF8A2ACF10 0x00007FFD06AE6370 0x0000000000000000 0x0000005EEC58F0A0), ?Execute@SwView@@QEAAXAEAVSfxRequest@@@Z() + 0x1B2 bytes(s) 0x00007FFD05C15CCD (0x000001FF8B7CF010 0x000001FF8B7CF010 0x0000000000000001 0x0000005EEC58F0A0), ?Call_Impl@SfxDispatcher@@AEAAXAEAVSfxShell@@AEBVSfxSlot@@AEAVSfxRequest@@_N@Z() + 0x27D bytes(s) 0x00007FFD05BFF5F1 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x000001FF8A8C30A0), ?Execute_Impl@SfxBindings@@QEAAXAEAVSfxRequest@@PEBVSfxSlot@@PEAVSfxShell@@@Z() + 0x2C1 bytes(s) 0x00007FFD05C6EF8D (0x0000005EEC580000 0x000001FF8B8C6038 0x000001FF8B50FD78 0x0000005EEC58F250), ?setMouseClickHdl@SvxCharView@@QEAAXAEBV?$Link@PEAVSvxCharView@@X@@@Z() + 0xA48D bytes(s) 0x00007FFD05C6F4F0 (0x0000000000000000 0x000001FF8B8C6030 0x000001FF852D8A40 0x0000000000000000), ?setMouseClickHdl@SvxCharView@@QEAAXAEBV?$Link@PEAVSvxCharView@@X@@@Z() + 0xA9F0 bytes(s) 0x00007FFD06B5C36B (0x000001FF8B643A20 0x000001FF8B8C6030 0x0000000000000001 0x000001FF8B8C6038), ?ExecuteHdl_Impl@GenericToolbarController@framework@@SAXPEAV12@PEAX@Z() + 0x3B bytes(s) 0x00007FFD035F9C7C (0x0000000000250C0E 0x000001FF843DDC90 0x0000000000000000 0x0000000000000246), ?ImplSetMouseDown@FloatingWindow@@QEAAXXZ() + 0xC5C bytes(s) 0x00007FFD03AFBF4C (0x0000000000000482 0x0000000000000000 0x0000000000250C0E 0x000001FF8578AA20), ?CallCallback@SalFrame@@QEBA_NW4SalEvent@@PEBX@Z() + 0x1C bytes(s) 0x00007FFCFBAC7075 (0x0000005EEC58F790 0x00007FFD034ABD9E 0x0000000000000000 0x000001FF8578A340), create_SalInstance() + 0x4BBA5 bytes(s) 0x00007FFCFBAC790D (0x0000000000250C0E 0x00007FFD00000482 0x0000000000000000 0x000001FF8A83CEB0), create_SalInstance() + 0x4C43D byte0x00007FFD5F5CD721 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), RtlUserThreadStart() + 0x21 bytes(s) s(s) 0x00007FFD5E7E5C1D (0x000001FF82DD6D60 0x00007FFCFBAC78C0 0x0000000000250C0E 0x0000005EEC58F970), CallWindowProcW() + 0x3BD bytes(s) 0x00007FFD5E7E5612 (0x00007FFCFBAC78C0 0x0000000000000001 0x0000000000000000 0x0000000000000001), DispatchMessageW() + 0x1F2 bytes(s) 0x00007FFCFBA78444 (0x00007FFD03FB7801 0x0000000000000001 0x0000000000000001 0x000001FF80970570), ?toPair@Point@@QEBAAEBVPair@@XZ() + 0xBE44 bytes(s) 0x00007FFCFBA78011 (0x0000005E00000001 0x00007FFD03FB7820 0x000000000000FFFF 0x0000000000000000), ?toPair@Point@@QEBAAEBVPair@@XZ() + 0xBA11 bytes(s) 0x00007FFD039C02E4 (0x000001FF00000000 0x000001FF89C70D80 0x000001FF89C70380 0x000001FF843CE4F0), ?Execute@Application@@SAXXZ() + 0x164 bytes(s) 0x00007FFD221AEAE5 (0x000001FF85210820 0x00007FFD222FB770 0x0000000000000000 0x00007FFD03FB7820) 0x00007FFD039D0037 (0x000001FF00000000 0x000001FF808BDD20 0x00007FFD222FB770 0x0000000000000000), ?ImplSVMain@@YAHXZ() + 0x67 bytes(s) 0x00007FFD221EE23D (0x000001FF827905E0 0x0000000000000015 0x000001FF808BDD20 0x00007FF63C1D104C), soffice_main() + 0x12D bytes(s) 0x00007FF63C1D105B (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), main() + 0x1B bytes(s) 0x00007FF63C1D1308 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), main() + 0x2C8 bytes(s) 0x00007FFD5F3C7C24 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), BaseThreadInitThunk() + 0x14 bytes(s) 0x00007FFD5F5CD721 (0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000), RtlUserThreadStart() + 0x21 bytes(s)
I think the problem here is that during std::sort the comparison function does a very unorthodox comparison by looking at its siblings and parent which is an unstable thing to do during the sort itself
fixed this (hopefully) with the wrong id of bug 136442, backport to 7-2 under the correct id in gerrit Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2a357832b9eedea161f593c1b3bf8dd973949c95 Resolves: tdf#136442 don't query siblings and parent to determine type It will be available in 7.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-2": https://git.libreoffice.org/core/commit/7d5a4c031221d8099c554a84684ce42b0390be1f Resolves: tdf#144564 don't query siblings and parent to determine type It will be available in 7.2.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
In Version: 7.2.0.4 (x86) / LibreOffice Community Build ID: 9a9c6381e3f7a62afc1329bd359cc48accb6435b CPU threads: 2; OS: Windows 6.1 Service Pack 1 Build 7601; UI render: default; VCL: win Locale: ar-DZ (es_ES); UI: es-ES Calc: threaded The crash I get is https://crashreport.libreoffice.org/stats/signature/SvTreeListEntry::SetListPositions() and looking at its backtrace, it's called from SvTreeListEntry::NextSibling()
*** Bug 144761 has been marked as a duplicate of this bug. ***
*** Bug 143118 has been marked as a duplicate of this bug. ***
*** Bug 144461 has been marked as a duplicate of this bug. ***
*** Bug 144491 has been marked as a duplicate of this bug. ***
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/fc05321cb411e08a480d2a697a58a6b69b00b0b6 Resolves: tdf#144564 don't query siblings and parent to determine type It will be available in 7.1.7. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
*** Bug 144825 has been marked as a duplicate of this bug. ***
(In reply to Commit Notification from comment #10) > Caolán McNamara committed a patch related to this issue. > It has been pushed to "libreoffice-7-1": > > https://git.libreoffice.org/core/commit/ > fc05321cb411e08a480d2a697a58a6b69b00b0b6 > > Resolves: tdf#144564 don't query siblings and parent to determine type > > It will be available in 7.1.7. > > The patch should be included in the daily builds available at > https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More > information about daily builds can be found at: > https://wiki.documentfoundation.org/Testing_Daily_Builds > > Affected users are encouraged to test the fix and report feedback. Good news ! The change made to the version: "Version: 7.1.7.0.0+ (x64) / LibreOffice Community Build ID: 7b2021a01303ef9efad652ddedea20758ce1f719" works perfectly! Thanks (CPU threads: 2; OS: Windows 10.0 Build 19043; UI render: Skia/Raster; VCL: win Locale: it-IT (it_IT); UI: it-IT Calc: CL)
*** Bug 144883 has been marked as a duplicate of this bug. ***
*** Bug 144908 has been marked as a duplicate of this bug. ***
*** Bug 144954 has been marked as a duplicate of this bug. ***
*** Bug 145141 has been marked as a duplicate of this bug. ***
*** Bug 145379 has been marked as a duplicate of this bug. ***