Bug 147507 - Crash swlo!SwRedlineExtraData_FormatColl::Reject+0x1b6 (STR: comment 7)
Summary: Crash swlo!SwRedlineExtraData_FormatColl::Reject+0x1b6 (STR: comment 7)
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
7.3.0.0 alpha1+
Hardware: All All
: high major
Assignee: Not Assigned
URL:
Whiteboard: target:7.5.0 target:7.4.2 target:7.3.7
Keywords: bibisected, bisected, haveBacktrace, regression
: 149209 (view as bug list)
Depends on:
Blocks: Track-Changes Crash
  Show dependency treegraph
 
Reported: 2022-02-18 09:25 UTC by Telesto
Modified: 2022-09-27 08:32 UTC (History)
7 users (show)

See Also:
Crash report or crash signature:

Attachments
BT without symbols (13.49 KB, text/plain)
2022-02-18 09:25 UTC, Telesto 		Details
Screencast (11.72 MB, video/mp4)
2022-02-18 09:29 UTC, Telesto 		Details
BT with symbols (11.79 KB, text/plain)
2022-09-04 17:24 UTC, Telesto 		Details
bt with debug symbols (9.22 KB, text/plain)
2022-09-04 19:54 UTC, Julien Nabet 		Details
simplified test case (6.74 KB, application/vnd.oasis.opendocument.text-flat-xml)
2022-09-19 12:46 UTC, László Németh 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Telesto 2022-02-18 09:25:09 UTC Comment hidden (obsolete)
Comment 1 Telesto 2022-02-18 09:25:29 UTC 
Created attachment 178370 [details]
BT without symbols
Comment 2 Telesto 2022-02-18 09:29:22 UTC 
Created attachment 178371 [details]
Screencast

Crashing part appears to be on page 32 (see screencast)
Comment 3 Kevin Suo 2022-03-01 15:12:40 UTC 
I do not reproduce with
Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: 6961f6732954742415413fa53bdeebd1b03d9ec5
CPU threads: 8; OS: Linux 5.16; UI render: default; VCL: gtk3
Locale: zh-CN (zh_CN.UTF-8); UI: zh-CN
Build Platform: Fedora34@X64, Branch:master, bibisect-linux-64-7.4-CN
Calc: threaded

Fedora 34.
Comment 4 Telesto 2022-05-20 20:22:05 UTC 
*** Bug 149209 has been marked as a duplicate of this bug. ***
Comment 5 Telesto 2022-07-24 09:40:37 UTC Comment hidden (obsolete)
Comment 6 Telesto 2022-09-04 15:08:52 UTC Comment hidden (obsolete)
Comment 7 Telesto 2022-09-04 15:17:50 UTC 
(In reply to Telesto from comment #5)
Even easier: 
1. Open https://bz.apache.org/ooo/attachment.cgi?id=12592
2. CTRL+A
3. Backspace
4. Edit -> track changes -> reject all
Comment 8 Julien Nabet 2022-09-04 15:38:57 UTC 
On pc Debian x86-64 with master sources updated today, I don't reproduce this but considering you deleted parts at random perhaps I haven't deleted the right one.

Michael: perhaps the bt provided by Telesto is enough to help to pinpoint the pb?
Comment 9 Telesto 2022-09-04 16:21:10 UTC 
(In reply to Julien Nabet from comment #8)
> On pc Debian x86-64 with master sources updated today, I don't reproduce
> this but considering you deleted parts at random perhaps I haven't deleted
> the right one.

With STR from comment 7 or comment 0 or both. The STR of comment 0 is bit flaky.
Comment 10 Telesto 2022-09-04 17:24:57 UTC 
Created attachment 182205 [details]
BT with symbols

Slightly older build
Version: 7.5.0.0.alpha0+ / LibreOffice Community
Build ID: 7a89eae97a970939174d59aa58147eaa194acaee
CPU threads: 8; OS: Mac OS X 12.3.1; UI render: Skia/Metal; VCL: osx
Locale: nl-NL (nl_NL.UTF-8); UI: en-US
Calc: threaded
Comment 11 Julien Nabet 2022-09-04 19:54:14 UTC 
Created attachment 182211 [details]
bt with debug symbols

I had just looked at the description, not the comment 7.

Here's a backtrace with gdb trace.
I also noticed a lot of these on console:
warn:legacy.osl:83471:83471:sw/source/core/doc/DocumentRedlineManager.cxx:94: redline table corrupted: empty redline
Comment 12 Xisco Faulí 2022-09-15 14:23:29 UTC 
Regression introduced by:

author	László Németh <nemeth@numbertext.org>	2021-09-02 14:21:22 +0200
committer	László Németh <nemeth@numbertext.org>	2021-09-03 09:27:14 +0200
commit f3bec764ddbf3fd3ae986f034c89626bf22940e0 (patch)
tree 17a72b8990428f7c0b3a60fa1e301180c261b8b9
parent fafe4a9523566654f89c3e8ea0080452ce2b0ed3 (diff)
tdf144058 sw track changes: fix table deletion at paragraph join

Bisected with: bibisect-linux64-7.3

Adding Cc: to László Németh
Comment 13 Commit Notification 2022-09-19 12:39:49 UTC 
László Németh committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/7462f728df54c28cea659dbf9aa92070019b489f

tdf#147507 sw: fix crash with Reject All around not content nodes

It will be available in 7.5.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 14 László Németh 2022-09-19 12:46:45 UTC 
Created attachment 182550 [details]
simplified test case

Note: enable Record changes after opening it.
Comment 15 László Németh 2022-09-19 14:26:27 UTC 
Started back-porting to 7.4 and 7.3.

@Telesto: thanks for the bug report!

@Kevin: thanks for the feedback!

@Julien: thanks for the backtrace!

@Xisco: thanks for bibisecting and back-porting!
Comment 16 Telesto 2022-09-19 14:46:00 UTC 
Hijacking this bug report for another problem.. requiring a crash like this one as pre-requirement. soffice.bin isn't always terminated after a crash but keeps a lingering soffice.bin process after the crash (prior to the bugfix of comment 13)..

1. Attachment 182550 [details] (on Windows Machine) with a build prior commit 7462f728df54c28cea659dbf9aa92070019b489f or with the commit reverted
2. Edit -> track changes -> record
3. CTRL+A
4. Backspace
5. Edit -> Track Changes -> Reject all -> Crash
6. LibreOffice Document Recovery opens -> Press OK
7. LibreOffice Restarts (all still OK)
8. Discard the recovery 
9. Repeat step 1-6 ->LibreOffice disappears from taskbar, but doesn't restart and a the soffice.bin process is still lingering in the task manager (utilizing one core at maximum). 

The problem already around for 18 months at minimum. The tendency is to solve the crashes (nice!), however it hides the problem with soffice.bin again and again :-(.

Stack from VerySleepy (without symbols) of the lingering process with Skia raster enabled. It also happens with GDI rendering

SalFrame::CalcDeleteSurroundingSelection
SkiaSalBitmap::~SkiaSalBitmap
Bitmap::~Bitmap
Image::Draw
com_sun_star_form_OTimeControl_get_implementation
com_sun_star_form_OTimeControl_get_implementation
ImplGetSVHelpData
execute_onexit_table
register_onexit_function
execute_onexit_table
package_OStorageFactory_get_implementation
package_OStorageFactory_get_implementation
RtlActivateActivationContextUnsafeFast
LdrShutdownProcess
RtlExitUserProcess
FatalExit
exit
exit
cppu::WeakImplHelper<com::sun::star::container::XChild,com::sun::star::document::XDocumentPropertiesSupplier,com::sun::star::document::XCmisDocument,com::sun::star::rdf::XDocumentMetadataAccess,com::sun::star::document::XDocumentRecovery,com::sun::star::document::XUndoManagerSupplier,com::sun::star::document::XShapeEventBroadcaster,com::sun::star::document::XDocumentEventBroadcaster,com::sun::star::lang::XEventListener,com::sun::star::document::XEventsSupplier,c
OpenGLZone::operator=
osl_unloadUserProfile
UnhandledExceptionFilter
dtrans_CWinClipboard_get_implementation
_C_specific_handler
_chkstk
RtlRaiseException
KiUserExceptionDispatcher
SwRedlineExtraData_FormatColl::Reject
Comment 17 Commit Notification 2022-09-19 15:21:44 UTC 
László Németh committed a patch related to this issue.
It has been pushed to "libreoffice-7-4":

https://git.libreoffice.org/core/commit/8c8ecb1ff2bfe5d40964736ef86ee3054791c493

tdf#147507 sw: fix crash with Reject All around not content nodes

It will be available in 7.4.2.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 18 Julien Nabet 2022-09-19 15:21:56 UTC 
(In reply to László Németh from comment #15)
> Started back-porting to 7.4 and 7.3.
> 
> @Telesto: thanks for the bug report!
> 
> @Kevin: thanks for the feedback!
> 
> @Julien: thanks for the backtrace!
> 
> @Xisco: thanks for bibisecting and back-porting!

And last but not least, thank you László for the fix! :-)

I confirm I don't reproduce the bug with master sources updated today.
Comment 19 Commit Notification 2022-09-20 06:41:13 UTC 
László Németh committed a patch related to this issue.
It has been pushed to "libreoffice-7-3":

https://git.libreoffice.org/core/commit/139e95a317441867e8ca564aea36a47061ec8765

tdf#147507 sw: fix crash with Reject All around not content nodes

It will be available in 7.3.7.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 20 NISZ LibreOffice Team 2022-09-27 08:32:59 UTC 
Verified in:
Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: d3050ff4a1355f7ebd3d4e7ddc8fb64f2b8894dd
CPU threads: 4; OS: Windows 10.0 Build 19042; UI render: Skia/Vulkan; VCL: win
Locale: hu-HU (hu_HU); UI: en-US
Calc: CL threaded