Created attachment 180647 [details] sample file Steps to reproduce: 1. Open attached document 2. Insert a page break 3. Undo -> Crash Reproduced in Version: 7.4.0.0.alpha1+ / LibreOffice Community Build ID: d4123356c61db269651e950a0a2cc93e6d801c90 CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: x11 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded and Version: 6.0.0.0.alpha1+ Build ID: 6eeac3539ea4cac32d126c5e24141f262eb5a4d9 CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: x11; Locale: es-ES (es_ES.UTF-8); Calc: group threaded
Also reproduced in Version: 4.4.0.3 Build ID: de093506bcdc5fafd9023ee680b8c60e3e0645d7 Locale: es_ES LibreOffice crashes at closing time
Repro with Version: 7.4.0.0.alpha1+ / LibreOffice Community Build ID: 118bafcfd1ce4a26ec9df912197ebd466d1bd497 CPU threads: 16; OS: Linux 5.13; UI render: default; VCL: kf5 (cairo+xcb) Locale: pt-BR (pt_BR.UTF-8); UI: en-US Calc: CL As soon as I press Ctrl+Z after inserting the page break at the beginning of the document, Writer crashes.
Marked regression but repro also in 4.1, not consistently, but other time it doesn't crash it will on 2nd Insert. Also repro in 43all oldest. So I remove regression.
Still reproducible in Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ef6083200a4f28e43198c7a0878da6f4b880725f CPU threads: 8; OS: Linux 6.1; UI render: default; VCL: x11 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded
Fix posted at: https://gerrit.libreoffice.org/c/core/+/162317
(In reply to Timur from comment #3) > Marked regression but repro also in 4.1, not consistently, but other time it > doesn't crash it will on 2nd Insert. Also repro in 43all oldest. So I remove > regression. Also crashed on second insert, after undo, in OOo 3.3, let's mark as inherited.
Matt K committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/05889c7fd814187aec3d88c056ece0cc33736868 tdf#149499 Prevent crash upon inserting page break and undoing It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Filed follow up bug at https://bugs.documentfoundation.org/show_bug.cgi?id=159546
Tested in: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ef9e1116d1100af50d7b74dcee5155c81b7b50fb CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded I can still crash it by successively undoing a re-doing after inserting a page break once. It is quite inconsistent, once it crashed after 3 undo-redo cycles, once after 30+. Do you see the same thing?
(In reply to Stéphane Guillou (stragu) from comment #9) > Do you see the same thing? I don't repro a crash while the program is open on Windows. However, I did repro a crash after closing the program. I inserted a comment in the code before in sw\source\core\layout\ftnfrm.cxx (line 952) that a crash could happen there. I think it's a heap-use-after-free error because the debugger didn't show what was wrong. I will try investigating on Linux to see if I get any ASAN heap-use-after-frees.
(In reply to Matt K from comment #10) Confirmed heap-use-after-free ASAN error on Linux when doing undo. It's not clear yet how to solve it...
(In reply to Matt K from comment #11) An attempt to fix this is at: https://gerrit.libreoffice.org/c/core/+/165197. However, it still asserts in debug build.
I have confirmed that this bug is still present in version 24.2. When inserting a page break followed by undo in the sample document there is a crash.