Description: * open any document in LibreOffice Draw, e.g. a clean default one * add a text box * open the "Position and Size" dialog (F4) of that text box * change width and/or height to any value * click "OK" LibreOffice Draw crashes. I am on Linux and use LibreOffice 7.1, Kompilainenn has reproduced this bug in 7.4.0alpha on Windows and says that this regression happened between 6.2 (not affected) and 6.3 (affected). His bibisecting has shown that commit 1aa93766ee3994af9975e96e8ea60e02078de2d8 ("tdf#126180: EndTextEdit on all views before delete/cut slide") [1] is to be blamed. [1] https://github.com/LibreOffice/core/commit/1aa93766ee3994af9975e96e8ea60e02078de2d8 This is Kompilainenn's crash report: [2] http://crashreport.libreoffice.org/stats/crash_details/ceac4e6f-55c0-4785-95ab-83b38ecdbd9d Bellow is my attempt to somehow debug it from Linux, but I did not study that code. $ gdb <...> <...> Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault. SdrEditView::SetGeoAttrToMarked (this=this@entry=0x1783630, rAttr=...) at /usr/src/debug/libreoffice-7.1.7-1.x86_64/svx/source/svdraw/svdedtv1.cxx:1749 1749 pObj = rMarkList.GetMark(i)->GetMarkedSdrObj(); (gdb) (gdb) p pObj $1 = <optimized out> (gdb) p i $2 = 0 (gdb) p nMarkCount $3 = 1 (gdb) p *(SfxPoolItem*)0x4434760 $7 = {_vptr.SfxPoolItem = 0x7ffff5fcf2c8 <vtable for SfxBoolItem+16>, m_nRefCount = 1, m_nWhich = 10236, m_nKind = SfxItemKind::NONE} (gdb) bt #0 SdrEditView::SetGeoAttrToMarked(SfxItemSet const&) (this=this@entry=0x1783630, rAttr=...) at /usr/src/debug/libreoffice-7.1.7-1.x86_64/svx/source/svdraw/svdedtv1.cxx:1749 #1 0x00007fffc68e7a2a in (anonymous namespace)::setUndo(sd::View*, SfxItemSet const*) (pView=0x1783630, pArgs=0x4436b40) at /usr/src/debug/libreoffice-7.1.7-1.x86_64/sd/source/ui/func/futransf.cxx:58 #2 0x00007fffc68e7b33 in operator() (nResult=<optimized out>, __closure=0x45561a0) at /usr/include/c++/11.2.0/bits/unique_ptr.h:421 #3 std::__invoke_impl<void, sd::FuTransform::DoExecute(SfxRequest&)::<lambda(sal_Int32)>&, int> (__f=...) at /usr/include/c++/11.2.0/bits/invoke.h:61 #4 std::__invoke_r<void, sd::FuTransform::DoExecute(SfxRequest&)::<lambda(sal_Int32)>&, int> (__fn=...) at /usr/include/c++/11.2.0/bits/invoke.h:111 #5 std::_Function_handler<void(int), sd::FuTransform::DoExecute(SfxRequest&)::<lambda(sal_Int32)> >::_M_invoke(const std::_Any_data &, int &&) (__functor=..., __args#0=<optimized out>) at /usr/include/c++/11.2.0/bits/std_function.h:291 #6 0x00007fffeef679f7 in (anonymous namespace)::GtkInstanceDialog::asyncresponse(int) () at /usr/lib64/libreoffice/program/libvclplug_gtk3lo.so #7 0x00007ffff16e56df in g_closure_invoke () at /usr/lib64/libgobject-2.0.so.0 <...> (gdb) p pArgs No symbol "pArgs" in current context. (gdb) p *(SfxItemSet*)0x4436b40 $8 = {_vptr.SfxItemSet = 0x7ffff5fd03c0 <vtable for SfxAllItemSet+16>, m_pPool = 0x16eb8f0, m_pParent = 0x0, m_pItems = { _M_t = {<std::__uniq_ptr_impl<SfxPoolItem const*, std::default_delete<SfxPoolItem const* []> >> = { _M_t = {<std::_Tuple_impl<0, SfxPoolItem const**, std::default_delete<SfxPoolItem const* []> >> = {<std::_Tuple_impl<1, std::default_delete<SfxPoolItem const* []> >> = {<std::_Head_base<1, std::default_delete<SfxPoolItem const* []>, true>> = {_M_head_impl = {<No data fields>}}, <No data fields>}, <std::_Head_base<0, SfxPoolItem const**, false>> = { _M_head_impl = 0x4506a50}, <No data fields>}, <No data fields>}}, <No data fields>}}, m_pWhichRanges = 0x45452f0, m_nCount = 6} (gdb) Steps to Reproduce: . Actual Results: . Expected Results: . Reproducible: Always User Profile Reset: No Additional Info: .
Confirm in Version: 6.3.5.2 (x86) Build ID: dd0751754f11728f69b42ee2af66670068624673 CPU threads: 4; OS: Windows 6.1; UI render: GL; VCL: win; Locale: ru-RU (ru_RU); UI-Language: en-US Calc: CL but not in 6.2 => regression I bisected this one and got the SHA 1aa93766ee3994af9975e96e8ea60e02078de2d8 https://gerrit.libreoffice.org/c/core/+/75027 Added Xisco Fauli to CC Xisco, could you please look at it, thanks
it's ok in Version: 7.4.0.0.alpha0+ / LibreOffice Community Build ID: 40487d9c81c69c4e5ee1621e53c8162ae33c80b2 CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: ro-RO (ro_RO.UTF-8); UI: en-US Calc: threaded Ok in Version: 7.3.0.0.beta1+ / LibreOffice Community Build ID: 86f539a23b08d0cc9e5e9566ac31380e373be13f CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: ro-RO (ro_RO.UTF-8); UI: en-US Calc: threaded Ok in Version: 7.2.4.1 / LibreOffice Community Build ID: 27d75539669ac387bb498e35313b970b7fe9c4f9 CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: ro-RO (ro_RO.UTF-8); UI: en-US Calc: threaded
Created attachment 177071 [details] Video how to reproduce the bug
Confirm with Version: 7.2.4.1 / LibreOffice Community Build ID: 27d75539669ac387bb498e35313b970b7fe9c4f9 CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: ro-RO (ro_RO.UTF-8); UI: en-US Calc: threaded
Created attachment 177087 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this.
https://gerrit.libreoffice.org/c/core/+/127308
Julien Nabet committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/aaff8a5cde6b3df9efdf4cf18157c9318c463e1a tdf#146363: fix crash when changing width/height of text box It will be available in 7.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-7-3": https://git.libreoffice.org/core/commit/169bca576f743950da3467829c892961ad1cc3b6 tdf#146363: fix crash when changing width/height of text box It will be available in 7.3.0.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-7-2": https://git.libreoffice.org/core/commit/0dea9b17c6e1207de783ef7fdef8ea67ce4c1516 tdf#146363: fix crash when changing width/height of text box It will be available in 7.2.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Bug solved. Mikhail, thanks for reporting, and Julien, thanks for solving. Version: 7.4.0.0.alpha0+ / LibreOffice Community Build ID: c13db6e792cc347ffff4585f23866f195651f21f CPU threads: 4; OS: Linux 5.11; UI render: default; VCL: gtk3 Locale: ro-RO (ro_RO.UTF-8); UI: en-US Calc: threaded
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-7-2-5": https://git.libreoffice.org/core/commit/3088fbcdc33195cbf7f46df2ae2696315f579c98 tdf#146363: fix crash when changing width/height of text box It will be available in 7.2.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.