Steps to reproduce: 1. Open attachment 177756 [details] from bug 139974 2. Go to Cell A1 - Press F2 3. Select All - Copy 4. Click on any other cell 5. Paste -> Crash Reproduced in Version: 7.4.0.0.alpha0+ / LibreOffice Community Build ID: 0c3b8792b712e939d2ad524d554f96616b4844be CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: gtk3 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded
Regression introduced by: https://cgit.freedesktop.org/libreoffice/core/commit/?id=81a5ba3cfc8b0d95724b38e7cc7cafdd83fb870d author Eike Rathke <erack@redhat.com> 2022-01-20 13:54:52 +0100 committer Eike Rathke <erack@redhat.com> 2022-01-20 16:36:17 +0100 commit 81a5ba3cfc8b0d95724b38e7cc7cafdd83fb870d (patch) tree 05ebd0aeee5640472f8f1d3c4928c2ea73c26d4e parent f8ef102a82513233fb794109cecd599304e78407 (diff) Related: tdf#139974 Try to find boundary for forced line break Bisected with: bibisect-linux64-7.4 Adding Cc: to Eike Rathke
Oh brilliant.. copied/pasted gets the first paragraph with 16358 characters and the trailing '+' as last character, which when trying to compile the formula results in an error and the correction dialog raised crashes, apparently because it wants to display the entire string and grows out of screen or whatever.. So, before the change some last number was truncated to 123456789 which did not result in a compilation error thus no dialog but a wrong formula. Actually the two paragraphs are distributed over two cells because copying from in-cell results in two separated paragraphs. You can see in an earlier version that by chance/accident (as the second paragraph started with a '+') these result in two formula cells. Backtrace, deep in gdk: #0 0x00007f38afd4f6c1 in wl_buffer_add_listener (data=0x7f38c0be3c80 <_cairo_surface_nil_invalid_size.lto_priv.0>, listener= 0x7f38afdd59a0 <buffer_listener>, wl_buffer=Python Exception <class 'gdb.MemoryError'>: Cannot access memory at address 0x18 #1 gdk_wayland_window_ensure_cairo_surface (window=<optimized out>) at ../gdk/wayland/gdkwindow-wayland.c:984 #2 0x00007f38afd4f73d in gdk_window_impl_wayland_begin_paint (window=<optimized out>) at ../gdk/wayland/gdkwindow-wayland.c:1022 #3 0x00007f38afd2123d in gdk_window_begin_paint_internal (region=0x3a24640, window=0xb2922d0) at ../gdk/gdkwindow.c:2954 #4 gdk_window_begin_paint_internal (window=window@entry=0xb2922d0, region=region@entry=0x3a24640) at ../gdk/gdkwindow.c:2930 #5 0x00007f38afd21a0e in gdk_window_begin_draw_frame (window=window@entry=0xb2922d0, region=region@entry=0x3a24640) at ../gdk/gdkwindow.c:3257 #6 0x00007f38b01589eb in gtk_widget_render (widget=0x5fbdf30, window=0xb2922d0, region=0x3a24640) at ../gtk/gtkwidget.c:17591 #7 0x00007f38affe8d31 in gtk_main_do_event (event=<optimized out>) at ../gtk/gtkmain.c:1844 #8 gtk_main_do_event (event=<optimized out>) at ../gtk/gtkmain.c:1691 #9 0x00007f38afd16543 in _gdk_event_emit (event=0x7ffd22632430) at ../gdk/gdkevents.c:73 #10 _gdk_event_emit (event=0x7ffd22632430) at ../gdk/gdkevents.c:67 #11 0x00007f38afd1eab1 in _gdk_window_process_updates_recurse_helper (window=0xb2922d0, expose_region=<optimized out>) at ../gdk/gdkwindow.c:3874 #12 0x00007f38afd239e1 in gdk_window_process_updates_internal (window=0xb2922d0) at ../gdk/gdkwindow.c:4020 #13 0x00007f38afd23bd8 in gdk_window_process_updates_with_mode (window=<optimized out>, recurse_mode=<optimized out>) at ../gdk/gdkwindow.c:4215 #14 0x00007f38c0ed3a9a in _g_closure_invoke_va (param_types=0x0, n_params=<optimized out>, args=0x7ffd226326e0, instance=0xb2d2000, return_value=0x0, closure=0x65604f0) at ../gobject/gclosure.c:893 #15 g_signal_emit_valist (instance=0xb2d2000, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffd226326e0) at ../gobject/gsignal.c:3406 #16 0x00007f38c0ed3be3 in g_signal_emit (instance=instance@entry=0xb2d2000, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3553 #17 0x00007f38afd1a228 in _gdk_frame_clock_emit_paint (frame_clock=0xb2d2000) at ../gdk/gdkframeclock.c:657 #18 gdk_frame_clock_paint_idle (data=<optimized out>) at ../gdk/gdkframeclockidle.c:597 #19 0x00007f38afd0723d in gdk_threads_dispatch (data=data@entry=0x655f1a0) at ../gdk/gdk.c:769 #20 0x00007f38c0dbc981 in g_timeout_dispatch (source=0x3a01a30, callback=0x7f38afd07210 <gdk_threads_dispatch>, user_data=0x655f1a0) at ../glib/gmain.c:4933 #21 0x00007f38c0dbc130 in g_main_dispatch (context=0x12a17e0) at ../glib/gmain.c:3381 #22 g_main_context_dispatch (context=0x12a17e0) at ../glib/gmain.c:4099 #23 0x00007f38c0e11208 in g_main_context_iterate.constprop.0 (context=0x12a17e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175 #24 0x00007f38c0dbb853 in g_main_loop_run (loop=0x3a3b050) at ../glib/gmain.c:4373 #25 0x00007f38b07a7498 in main_loop_run(_GMainLoop*) (pLoop=0x3a3b050) at /build/libo/dev/vcl/inc/unx/gtk/gtkdata.hxx:60 #26 0x00007f38b07479f2 in (anonymous namespace)::DialogRunner::run() (this=0x4b46950) at /build/libo/dev/vcl/unx/gtk3/gtkinst.cxx:6468 #27 0x00007f38b0754425 in (anonymous namespace)::GtkInstanceDialog::run() (this=0x4b46810) at /build/libo/dev/vcl/unx/gtk3/gtkinst.cxx:9459 #28 0x00007f388280c273 in ScViewFunc::EnterData(short, int, short, rtl::OUString const&, EditTextObject const*) (this=0x60acec8, nCol=0, nRow=1, nTab=0, rString="=1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1234567890+1"..., pData=0x0) at /build/libo/dev/sc/source/ui/view/viewfunc.cxx:456
This isn't a regression, in earlier versions you can provoke a crash by using an overly long formula in one paragraph that ends with a '+' to trigger the dialog. The test document data just happens to be such that it triggers only after the change.
Indeed, I can also reproduce it in Version: 7.0.0.0.alpha1+ Build ID: 574c57090642347980d2395e1e183cc7b5c171ad CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: gtk3 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded
I have a proposed solution at: https://gerrit.libreoffice.org/c/core/+/128933
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/36121e87b7e2a2defbfe75dfdadb2dde4fff6b4f tdf#146970 use a textview to show the proposed replacement formula It will be available in 7.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
applied in trunk, backport to 7-3 in gerrit
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-3": https://git.libreoffice.org/core/commit/d243e9dbfb8497bed03601a04f168bc1832ce263 tdf#146970 use a textview to show the proposed replacement formula It will be available in 7.3.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.