Bug 149500 - CRASH in BigPtrArray::Index2Block(long)
Summary: CRASH in BigPtrArray::Index2Block(long)
Status: RESOLVED DUPLICATE of bug 147726
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
5.0.0.5 release
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisected, bisected, haveBacktrace, regression
Depends on:
Blocks: Paste Undo-Redo Crash
  Show dependency treegraph
 
Reported: 2022-06-09 08:18 UTC by Xisco Faulí
Modified: 2022-06-14 02:40 UTC (History)
3 users (show)

See Also:
Crash report or crash signature: ["BigPtrArray::Index2Block(long)"]

Attachments
sample file (22.19 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document)
2022-06-09 08:18 UTC, Xisco Faulí 		Details
Backtrace (21.15 KB, text/plain)
2022-06-14 02:31 UTC, Aron Budea 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xisco Faulí 2022-06-09 08:18:45 UTC 
Created attachment 180648 [details]
sample file

Steps to reproduce:
1. Open attached document
2. Select all 3 times
3. Copy
4. Paste
5. Undo

-> Crash

Reproduced in

Version: 7.4.0.0.alpha1+ / LibreOffice Community
Build ID: d4123356c61db269651e950a0a2cc93e6d801c90
CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: x11
Locale: es-ES (es_ES.UTF-8); UI: en-US
Calc: threaded

and

Version: 6.0.0.0.alpha1+
Build ID: 6eeac3539ea4cac32d126c5e24141f262eb5a4d9
CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: x11; 
Locale: es-ES (es_ES.UTF-8); Calc: group threaded
Comment 1 Xisco Faulí 2022-06-09 13:46:34 UTC 
Not reproduced in

Version: 4.4.0.3
Build ID: de093506bcdc5fafd9023ee680b8c60e3e0645d7
Locale: es_ES
Comment 2 Rafael Lima 2022-06-09 14:44:17 UTC 
Repro with

Version: 7.3.3.2 / LibreOffice Community
Build ID: 30(Build:2)
CPU threads: 16; OS: Linux 5.13; UI render: default; VCL: kf5 (cairo+xcb)
Locale: pt-BR (pt_BR.UTF-8); UI: en-US
Ubuntu package version: 1:7.3.3~rc2-0ubuntu0.21.10.1~lo1
Calc: threaded

and also with

Version: 7.4.0.0.alpha1+ / LibreOffice Community
Build ID: 118bafcfd1ce4a26ec9df912197ebd466d1bd497
CPU threads: 16; OS: Linux 5.13; UI render: default; VCL: kf5 (cairo+xcb)
Locale: pt-BR (pt_BR.UTF-8); UI: en-US
Calc: CL

Writer crashes as soon as I try to Undo (step 5 from OP).
Comment 3 raal 2022-06-13 19:16:00 UTC 
This seems to have begun at the below commit.
Adding Cc: to Michael Stahl; Could you possibly take a look at this one?
Thanks
bibisect-50max 3551e5dfdb75ecca07f759422bda10d3a7117489 is the first bad commit
commit 3551e5dfdb75ecca07f759422bda10d3a7117489
Author: Matthew Francis <mjay.francis@gmail.com>
Date:   Wed May 27 21:08:00 2015 +0800

    source-hash-b24a15a0aaea310806259eaa20a7d509ce30e5c8
    
    commit b24a15a0aaea310806259eaa20a7d509ce30e5c8
    Author:     Michael Stahl <mstahl@redhat.com>
    AuthorDate: Thu Apr 2 23:33:41 2015 +0200
    Commit:     Michael Stahl <mstahl@redhat.com>
    CommitDate: Thu Apr 2 23:53:30 2015 +0200
    
        sw: fix crash on SwUndoDelete after select-all with table at start
    
        Somehow the Redo leaves the shell cursor at an invalid offset into the
        paragraph, which then leads to out-of-bounds string access.
    
        Noticed that SwUndRng::SetPaM() leaves an invalid nContent.m_nIndex on
        the start position, due to a surprising omission in SwIndex::ChgValue().
    
        (regression from 555ff26501d1bbd8a7872c20671c6303db1e1701)
Comment 4 Aron Budea 2022-06-14 02:31:58 UTC 
Created attachment 180743 [details]
Backtrace

Attaching backtrace taken with LO 7.5.0.0.alpha0+ (3ad12672e924f7aef394119f9fe5f0b06a900b9e) debug build.

It's an assert:
sw/source/core/undo/undel.cxx:923: virtual void SwUndoDelete::UndoImpl(sw::UndoRedoContext&): Assertion `pTextNd' failed.

Seems to be the exact same backtrace as bug 147726's, let's mark as duplicate.
Comment 5 Aron Budea 2022-06-14 02:32:25 UTC 

*** This bug has been marked as a duplicate of bug 147726 ***