148703 – Writer crash on undo after paste

Bug 148703 - Writer crash on undo after paste

Summary: Writer crash on undo after paste

Status:	NEW

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	Inherited From OOo
Hardware:	All All

Importance:	high critical
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:	haveBacktrace

Depends on:
Blocks:	Paste Crash-Assert Undo-Redo Crash-BigPtrArray
	Show dependency tree / graph

Reported:	2022-04-21 08:06 UTC by Timur
Modified:	2024-04-16 12:59 UTC (History)
CC List:	5 users (show)

See Also:	99014 https://crashreport.libreoffice.org/stats/signature/BigPtrArray::Index2Block(long)
Crash report or crash signature:	["BigPtrArray::Index2Block(long)","BigPtrArray::Index2Block(int) const"]

Attachments
bt with debug symbols (7.08 KB, text/plain) 2022-04-21 09:16 UTC, Julien Nabet	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Timur 2022-04-21 08:06:41 UTC

Open ODT attachment 179694 [details], select all and copy.
Open ODT attachment 179695 [details], select all and paste.
Undo > Crash 
Repro OO, 4.1, 5.2 and 7.4+ Win and Lin.

Comment 1 Timur 2022-04-21 08:11:59 UTC Comment hidden (obsolete)

Unspecified Application Error

Fatal exception: Signal 6
Stack:
/instdir/program/libuno_sal.so.3(+0x14e08)[0x7fc3c4f16e08]
/instdir/program/libuno_sal.so.3(+0x3fe06)[0x7fc3c4f41e06]
/lib/x86_64-linux-gnu/libc.so.6(+0x3ef10)[0x7fc3c486ef10]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xc7)[0x7fc3c486ee87]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x141)[0x7fc3c48707f1]
/instdir/program/libvcllo.so(+0x793596)[0x7fc3bcf12596]
/instdir/program/libvcllo.so(_ZN11Application5AbortERKN3rtl8OUStringE+0xa2)[0x7fc3bcf52ba2]
/instdir/program/libsofficeapp.so(+0x28b76)[0x7fc3c4c49b76]
/instdir/program/libvcllo.so(+0x7dc0c4)[0x7fc3bcf5b0c4]
/instdir/program/libuno_sal.so.3(+0x17e62)[0x7fc3c4f19e62]
/instdir/program/libuno_sal.so.3(+0x3fccf)[0x7fc3c4f41ccf]
/lib/x86_64-linux-gnu/libc.so.6(+0x3ef10)[0x7fc3c486ef10]
/instdir/program/../program/libswlo.so(_ZNK11BigPtrArray11Index2BlockEi+0x7a)[0x7fc37efe829a]
/instdir/program/../program/libswlo.so(_ZNK11BigPtrArrayixEi+0x10)[0x7fc37efe8310]
/instdir/program/../program/libswlo.so(+0x825f09)[0x7fc37f496f09]
/instdir/program/../program/libswlo.so(+0x826d19)[0x7fc37f497d19]
/instdir/program/../program/libswlo.so(+0x8359de)[0x7fc37f4a69de]
/instdir/program/../program/libswlo.so(+0x838354)[0x7fc37f4a9354]
/instdir/program/libsvllo.so(_ZN17SfxListUndoAction15UndoWithContextER14SfxUndoContext+0x41)[0x7fc3bfd8cee1]
/instdir/program/libsvllo.so(_ZN14SfxUndoManager8ImplUndoEP14SfxUndoContext+0x11d)[0x7fc3bfd90acd]
/instdir/program/../program/libswlo.so(_ZN2sw11UndoManager15impl_DoUndoRedoENS0_14UndoOrRedoTypeEm+0x19b)[0x7fc37f494d1b]
/instdir/program/../program/libswlo.so(_ZN11SwEditShell4UndoEtt+0x113)[0x7fc37f233c13]
/instdir/program/../program/libswlo.so(_ZN10SwWrtShell2DoENS_6DoTypeEtt+0x21a)[0x7fc37faab31a]
/instdir/program/../program/libswlo.so(_ZN11SwBaseShell8ExecUndoER10SfxRequest+0x35c)[0x7fc37f91819c]
/instdir/program/libsfxlo.so(+0x1ca03f)[0x7fc3c01a403f]
/instdir/program/libsfxlo.so(_ZN13SfxDispatcher8Execute_ER8SfxShellRK7SfxSlotR10SfxRequest11SfxCallMode+0xe6)[0x7fc3c01a8036]
/instdir/program/libsfxlo.so(+0x1c5f33)[0x7fc3c019ff33]
/instdir/program/libsfxlo.so(+0x2178af)[0x7fc3c01f18af]
/instdir/program/libsfxlo.so(+0x217d50)[0x7fc3c01f1d50]
/instdir/program/libsvtlo.so(_ZN3svt17ToolboxController7executeEs+0x33c)[0x7fc3be90ce2c]
/instdir/program/libfwklo.so(+0x2b910b)[0x7fc3c145d10b]
/instdir/program/libvcllo.so(_ZN7ToolBox6SelectEv+0x3a)[0x7fc3bcc3550a]
/instdir/program/libvcllo.so(+0x4c8fe5)[0x7fc3bcc47fe5]
/instdir/program/libvcllo.so(_ZN7ToolBox8TrackingERK13TrackingEvent+0x29)[0x7fc3bcc48149]
/instdir/program/libvcllo.so(_ZN3vcl6Window11EndTrackingE18TrackingEventFlags+0x2c2)[0x7fc3bcc50242]
/instdir/program/libvcllo.so(+0x4e815e)[0x7fc3bcc6715e]
/instdir/program/libvcllo.so(+0x4e8ae7)[0x7fc3bcc67ae7]
/instdir/program/libvcllo.so(+0x4ea3bf)[0x7fc3bcc693bf]
/instdir/program/libvclplug_gtk3lo.so(+0x15692e)[0x7fc3aad8392e]
/instdir/program/libvclplug_gtk3lo.so(+0x156a9e)[0x7fc3aad83a9e]
/instdir/program/libvclplug_gtk3lo.so(+0x15a1ed)[0x7fc3aad871ed]
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x2317fb)[0x7fc3aa5567fb]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_closure_invoke+0x19d)[0x7fc3b55c50bd]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x2300e)[0x7fc3b55d800e]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_signal_emit_valist+0x40f)[0x7fc3b55e008f]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_signal_emit+0x8f)[0x7fc3b55e110f]
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x379534)[0x7fc3aa69e534]
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0(+0x22e86e)[0x7fc3aa55386e]
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0(gtk_main_do_event+0x7f8)[0x7fc3aa555948]
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0(+0x37765)[0x7fc3aa066765]
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0(+0x67f92)[0x7fc3aa096f92]
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x2e7)[0x7fc3b52ea537]
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x4c770)[0x7fc3b52ea770]
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7fc3b52ea7fc]
/instdir/program/libvclplug_gtk3lo.so(+0xe056c)[0x7fc3aad0d56c]
/instdir/program/libvcllo.so(+0x7d34e2)[0x7fc3bcf524e2]
/instdir/program/libvcllo.so(_ZN11Application7ExecuteEv+0x75)[0x7fc3bcf54c85]
/instdir/program/libsofficeapp.so(+0x2fd19)[0x7fc3c4c50d19]
/instdir/program/libvcllo.so(_Z10ImplSVMainv+0x46)[0x7fc3bcf5ca96]
/instdir/program/libsofficeapp.so(soffice_main+0x11d)[0x7fc3c4c7cced]
/instdir/program/soffice.bin[0x40066b]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7fc3c4851c87]
/instdir/program/soffice.bin[0x40069f]

Comment 2 Telesto 2022-04-21 09:05:23 UTC

Repro
Version: 7.4.0.0.alpha0+ (x64) / LibreOffice Community
Build ID: 4659fc2f0a7223a89446edff0b77e58758b5edf5
CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win
Locale: en-US (nl_NL); UI: en-US
Calc: CL Jumbo

Comment 3 Julien Nabet 2022-04-21 09:16:16 UTC

Created attachment 179705 [details]
bt with debug symbols

I got an assertion on pc Debian x86-64 with master sources updated today.

Considering the number of crashes due to undo, I'm not sure it worths it to keep on testing undoing for the moment.

Comment 4 Telesto 2022-04-21 09:37:49 UTC

Looks like bug 147726 (for the assert part)

Comment 5 Timur 2022-04-21 09:46:55 UTC

Other undo bugs are mostly regressions, this one is InNherited. 
Also, unlike some bugs with "copy 5x, paste 3x.." this one is simple copy+paste.

Comment 6 Timur 2022-04-21 14:37:00 UTC

A mystery for me is why there are 266 crash reports for LO 7.3 Win when I see this crash all the way to OO including Lin.

Comment 7 Stéphane Guillou (stragu) 2023-04-06 13:58:13 UTC

Repro with recent debug build:

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 1b463f697405e64a03378fb38a32172c4d3c25e6
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Getting the same assert:

warn:legacy.osl:389415:389415:sw/source/core/access/accmap.cxx:1074: invalid event combination
soffice.bin: /home/tdf/lode/jenkins/workspace/lo_gerrit/tb/src_master/sw/source/core/undo/undel.cxx:915: virtual void SwUndoDelete::UndoImpl(sw::UndoRedoContext&): Assertion `pTextNd' failed.

In 7.5.2.2 (not debug), I get this crash report: https://crashreport.libreoffice.org/stats/crash_details/8ffc1cee-0081-4dc4-a92d-b55fcf3ebc12

With the extra signature "BigPtrArray::Index2Block(int) const".

Comment 8 Tex2002ans 2024-02-16 22:14:06 UTC

Yep, followed comment 0 exactly.

CRASH:

- https://crashreport.libreoffice.org/stats/crash_details/67812785-33aa-434c-b7c5-12dd5941ca3b

in:

Version: 24.2.0.3 (X86_64) / LibreOffice Community
Build ID: da48488a73ddd66ea24cf16bbc4f7b9c08e9bea1
CPU threads: 8; OS: Windows 10.0 Build 22631; UI render: Skia/Raster; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: CL threaded

Comment 9 Stéphane Guillou (stragu) 2024-04-16 12:59:29 UTC

Still crashing in:

Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: bdf3b5ce49b0e4ee1b4525d344cfb037ef473059
CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: CL threaded