Description: Crash swlo!SwFrame::GetPrevSctLeaf+0x52d: on CTRL+X Steps to Reproduce: 1. Open the attached file (DOCX export of attachment 183367 [details] bug 151858) 2. CTRL+A (2x) 3. CTRL+X -> Crash Actual Results: Crash Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Version: 7.5.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 9cd0f4c2d25462feba0ffcbd906c199273821243 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL threaded
Created attachment 183374 [details] Example file
@Julien A backtrace would be nice, if you can reproduce it..
The ODT file attachment 183367 [details] does crash too, but the protection to manual changes need to be disabled for both indexes (top & bottom)
Created attachment 183382 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce the crash. As expected when I took a look at the kind of document, it crashed in layout part.
No crash with Version: 7.1.8.0.0+ (x64) / LibreOffice Community Build ID: a94b58277c7aeaa83ce14347cd0b8f7137969d03 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: default; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL
No crash Version: 7.5.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: cfc8a8f5d841b3f84d207196153be67da7f60652 CPU threads: 4; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: cs-CZ (cs_CZ.UTF-8); UI: en-US Calc: threaded
Reproduced with the latest LO 7.5 dev master: Version: 7.5.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 022eafa4d69bc8290aa304b69af2c325fe3d2a02 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded It should be noted that the place where you click is important. For me, the crash happened when I started by clicking somewhere inside the document itself (and not the TOC). Otherwise, an extra Ctrl+z was needed to see the crash.
This seems to have started with the following commit, bibisected using repo linux-64-7.1. Same commit as identified for bug 144494 and bug 145743. Adding CC: to Michael Stahl. https://cgit.freedesktop.org/libreoffice/core/commit/?id=b9ef71476fd70bc13f50ebe80390e0730d1b7afb author Michael Stahl <Michael.Stahl@cib.de> 2020-11-13 20:52:28 +0100 committer Michael Stahl <michael.stahl@cib.de> 2020-11-16 16:51:19 +0100 tdf#134298 sw: layout: remove left-over page frame without content
i dont get this crash: https://bugs.documentfoundation.org/attachment.cgi?id=183382 but on Undo i get an assert: soffice.bin: sw/source/core/undo/undobj.cxx:1490: static void SwUndo::SetSaveData(SwDoc &, SwRedlineSaveDatas &): Assertion `rSData.empty() || rSData[0].m_bRedlineMoved || (rSData[0].m_nRedlineCount == rDoc.getIDocumentRedlineAccess().GetRedlineTable().size())' failed.
Created attachment 184071 [details] bt with debug symbols I gave a new try with master sources updated today, here's an updated bt. I also noticed a lot of these: warn:sw.core:115116:115116:sw/source/core/view/vdraw.cxx:246: Trying to move anchor from invalid page - fix layouting! and those: warn:legacy.osl:115116:115116:sw/source/core/doc/DocumentRedlineManager.cxx:94: redline table corrupted: empty redline
Created attachment 184072 [details] Valgrind trace If it can help, here's a Valgrind trace.
Michael Stahl committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2f9e67d1e70bdc45dfc59554547bc3730481a757 tdf#151866 sw: layout: prevent deleting newly created SwSectionFrame It will be available in 24.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
it still doesn't crash for me, but the valgrind trace was useful, thanks Julien. hopefully fixed on master there's another problem here that is a very recent regression and fixed with https://gerrit.libreoffice.org/c/core/+/155305
(In reply to Michael Stahl (allotropia) from comment #13) > it still doesn't crash for me, but the valgrind trace was useful, thanks > Julien. >... No pb, if you need a Valgrind trace on another bug, don't hesitate to tell!
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-7-6": https://git.libreoffice.org/core/commit/91f46dcc99f9191a00bc41a90088ffa9eb124bd8 tdf#151866 sw: layout: prevent deleting newly created SwSectionFrame It will be available in 7.6.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-7-5": https://git.libreoffice.org/core/commit/0bfed8ac8f88f434081aa0694933419c77573b28 tdf#151866 sw: layout: prevent deleting newly created SwSectionFrame It will be available in 7.5.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.