Bug 153315 - EDITING - Crash in SwFrame::FindPageFrame() (and others) after changing font size in style causing reformatting the document + (assertion="!IsDeleteForbidden() sw/source/core/layout/ssfrm.cxx, line=381
Summary: EDITING - Crash in SwFrame::FindPageFrame() (and others) after changing font ...
Status: RESOLVED DUPLICATE of bug 153319
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
6.3.0.4 release
Hardware: x86-64 (AMD64) All
: medium critical
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisected, bisected, haveBacktrace, regression
Depends on:
Blocks: Footnote-Endnote Crash-Assert Writer-Styles-Paragraph Crash
  Show dependency treegraph
 
Reported: 2023-02-02 02:59 UTC by Yves Poissant
Modified: 2023-07-20 12:00 UTC (History)
8 users (show)

See Also:
Crash report or crash signature: ["SwFrame::FindPageFrame()","SwFrame::GetPhyPageNum() const","SwSaveFootnoteHeight::SwSaveFootnoteHeight(SwFootnoteBossFrame *,long)","SwSaveFootnoteHeight::SwSaveFootnoteHeight(SwFootnoteBossFrame *,__int64)"]

Attachments
The Writer document that crashes (1.08 MB, application/vnd.oasis.opendocument.text)
2023-02-02 03:06 UTC, Yves Poissant 		Details
bt with debug symbols (8.71 KB, text/plain)
2023-02-02 11:06 UTC, Julien Nabet 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yves Poissant 2023-02-02 02:59:48 UTC 
Description:
After I change the "Default Paragraph Style" Font size from 9.5pt to 9.8pt Writer crashes.

Steps to Reproduce:
1. Make sure the "Linux LIbertine G" font is installed.
2. Open the attached "JAS - HEA - Linux Libertine.odt" document.
3. In the Paragraph Style explorer, right click "Default Paragraph Style" -> "Modify" -> Font" -> Change "Size" from 9.5 to 9.8, select "OK.
After the text is being reformatted for a while, Writer crashes.

Actual Results:
Expected the whole text being cleanly reformatted.

Expected Results:
Writer doesn't complete the reformating process and crashes instead.


Reproducible: Always


User Profile Reset: Yes

Additional Info:
Version: 7.4.5.1 (x64) / LibreOffice Community
Build ID: 9c0871452b3918c1019dde9bfac75448afc4b57f
CPU threads: 12; OS: Windows 10.0 Build 22621; UI render: Skia/Raster; VCL: win
Locale: fr-CA (en_US); UI: en-US
Calc: CL

I've been having these crash issues for a while. I just found the easy reproduction steps described above. From my observations, I expect the crash is related to reformatting the footnotes.

The crash also happen after resetting the user profile and while running in safe mode.
Comment 1 Yves Poissant 2023-02-02 03:06:40 UTC 
Created attachment 185055 [details]
The Writer document that crashes

This is a reproduction of a book of 1200 pages approx. The document is not completed due to the crashing bug. In addition to the crash, there are several issues with formatting the text where there are footnotes. I shall report those issues once the crash is fixed.
Comment 2 Yves Poissant 2023-02-02 03:09:52 UTC 
Oups! I see that I interverted "Actual Result" with "Expected result". Sorry
Comment 3 Stéphane Guillou (stragu) 2023-02-02 08:12:24 UTC 
Thanks, Yves.

On Windows 10, I could reproduce following your steps. With crash report:

https://crashreport.libreoffice.org/stats/crash_details/3c8406fa-1845-422f-bafc-0cd4150c8a7d

Same signature as you, which also corresponds to closed bug 151433.

Version: 7.4.5.1 (x64) / LibreOffice Community
Build ID: 9c0871452b3918c1019dde9bfac75448afc4b57f
CPU threads: 4; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: en-GB (en_GB); UI: en-GB
Calc: threaded

I tested on Ubuntu 20.04 as well and didn't even need to change the font size to make it crash, it crashed shortly after opening the Styles deck in the sidebar.

Version: 7.4.5.1 / LibreOffice Community
Build ID: 9c0871452b3918c1019dde9bfac75448afc4b57f
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

I got the following crash report:

https://crashreport.libreoffice.org/stats/crash_details/0a84cb90-bb30-418c-8a9e-07514d47cc5b

...which has a different crash signature ( SwFrame::GetPhyPageNum() const ) to yours ( SwFrame::FindPageFrame() )

Will report this one separately.
Comment 4 Stéphane Guillou (stragu) 2023-02-02 09:24:05 UTC 
Also crashed in following versions:

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 4b67515418ee4f10071b3f0f2275ba37f32b0ae5
CPU threads: 4; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: en-GB (en_GB); UI: en-GB
Calc: threaded

Version: 7.1.0.3 (x64) / LibreOffice Community
Build ID: f6099ecf3d29644b5008cc8f48f42f4a40986e4c
CPU threads: 4; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: en-GB (en_GB); UI: en-GB
Calc: threaded

Version: 7.0.0.3 (x64)
Build ID: 8061b3e9204bef6b321a21033174034a5e2ea88e
CPU threads: 4; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: en-GB (en_GB); UI: en-GB
Calc: threaded

In 7.0, I get the signature:

"SwSaveFootnoteHeight::SwSaveFootnoteHeight(SwFootnoteBossFrame *,long)" - https://crashreport.libreoffice.org/stats/signature/SwSaveFootnoteHeight::SwSaveFootnoteHeight(SwFootnoteBossFrame%20*,long) 

In 7.1, I get the signature:

"SwSaveFootnoteHeight::SwSaveFootnoteHeight(SwFootnoteBossFrame *,__int64)" - https://crashreport.libreoffice.org/stats/signature/SwSaveFootnoteHeight::SwSaveFootnoteHeight(SwFootnoteBossFrame%20*,__int64)

So seems you are correct regarding it being footnote-related.

Could *not* crash it in 6.0:

Version: 6.0.0.3 (x64)
Build ID: 64a0f66915f38c6217de274f0aa8e15618924765
CPU threads: 4; OS: Windows 10.0; UI render: default; 
Locale: en-GB (en_GB); Calc: group
Comment 5 Julien Nabet 2023-02-02 11:06:21 UTC 
Created attachment 185061 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today, I got an assertion.
Comment 6 Yves Poissant 2023-02-02 15:07:20 UTC 
More of my observations:
I took a look at the Linux stack trace. This is consistent with my observations.

The book contains a lot of footnotes. Several lenghty ones. At least one spanning more that one full page. Changing the font size, in this case, forces the paragraphs to lengthen and forces the recompute of paragraphs and footnotes distributions and pages formatting. Clearly, there are some critical paragraph-to-footnote relationships that causes troubles to the page reformating algorithm.

One issue I had, which I can't give exact reproduction steps before the crash is resolved, was that after I made sure all the pages were properly formatted and saving the document. Once I reopened the document, some pages had large gaps of blank space at the bottom of the page. Those pages were invariably followed by a page with a footnote anchor in the first line. So, clearly, the footnote reformatting algorithm couldn't figure how to resolve this situation. I could resolve it manually by deleting the space between the last word and its previous word of the page with the large blank gap. This brought the rest of the text and the associated footnote to fill the gap. Then I reinserted the space between the words and all looked fine. ... Until I saved the document and reopened it again.

In case you are curious, the book was typeset in 1954 and can be found at https://archive.org/details/dli.ernet.505700/page/n5/mode/2up
Comment 7 csyu.279 2023-02-10 18:12:15 UTC 
Regression does appear:

Version: 6.3.7.0.0+ (x86)
Build ID: 726535ec30f12697ceccd2f0640d9371a64dc5bd
CPU threads: 8; OS: Windows 10.0; UI render: GL; VCL: win; 
Locale: en-US (en_US); UI-Language: en-US
Calc: CL

I'm currently looking repository 6.2
Comment 8 csyu.279 2023-02-13 02:41:49 UTC 
Regression introduced by:

https://git.libreoffice.org/core/+/1caea03fcc6c24e38b2d1d9f6097ad84183ffefd%5E%21

commit 1caea03fcc6c24e38b2d1d9f6097ad84183ffefd	[log]
author	Michael Stahl <Michael.Stahl@cib.de>	Mon May 06 15:40:41 2019 
committer	Michael Stahl <Michael.Stahl@cib.de>	Mon May 06 17:48:54 2019 
tree 7d0a8a46d4825b6695322aab4dda756b5326fbef
parent 2ff22c0bf4c23c4bed9ccfcfa79dff848086650d 

Bisected with: win32-6.3

Adding Cc: to Michael Stahl
Comment 9 Telesto 2023-02-13 21:11:16 UTC 
FWIW: this bug is closely connected with bug 153319. The bug might be fixed if and when https://gerrit.libreoffice.org/c/core/+/146534 gets committed
Comment 10 BogdanB 2023-04-29 04:07:15 UTC 
I opened the document, and no other change and crash

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: a1acc2f46cc499631d66b1d7a923ed15ab4f28de
CPU threads: 16; OS: Linux 5.19; UI render: default; VCL: gtk3
Locale: ro-RO (ro_RO.UTF-8); UI: en-US
Calc: threaded
Comment 11 Gabor Kelemen (allotropia) 2023-05-13 09:51:22 UTC 
(In reply to BogdanB from comment #10)
> I opened the document, and no other change and crash
> 
> Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
> Build ID: a1acc2f46cc499631d66b1d7a923ed15ab4f28de
> CPU threads: 16; OS: Linux 5.19; UI render: default; VCL: gtk3
> Locale: ro-RO (ro_RO.UTF-8); UI: en-US
> Calc: threaded

You need to change the font size of the Default paragraph style to exactly 9.8 pt. I tried with 10 pt (maybe more common case than 9.8) and no crash, but entering 9.8 makes it crash.

Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 440c23ee678442fc64aa9fcca13b137738e10a04
CPU threads: 14; OS: Windows 10.0 Build 19045; UI render: default; VCL: win
Locale: en-US (hu_HU); UI: en-US
Calc: threaded
Comment 12 BogdanB 2023-05-13 10:41:34 UTC 
"I opened the document, and no other change and crash".
I didn't say that I can not reproduce the crash, maybe I miss punctuaction.

I meant: "I opened the document, I just kept the document opened for 5–10 seconds and LO crashed.". So, I repro.

I did the same thing now, just opening the document, and in some seconds crash with latest master.

Version: 7.6.0.0.alpha1+ (X86_64) / LibreOffice Community
Build ID: b5a22fceed57f05eb43a5fb0817afbc141610c5e
CPU threads: 16; OS: Linux 5.19; UI render: default; VCL: gtk3
Locale: ro-RO (ro_RO.UTF-8); UI: en-US
Calc: threaded
Comment 13 Michael Stahl (allotropia) 2023-07-18 16:09:29 UTC 
unable to reproduce this now; tentatively assuming it was fixed by 7e9b2b71db72b8c4c9c6ca83d08d3b6b05775ac8

*** This bug has been marked as a duplicate of bug 153319 ***
Comment 14 Stéphane Guillou (stragu) 2023-07-20 12:00:18 UTC 
Moving crash signature to the dedicated field from https://crashreport.libreoffice.org/stats/crash_details/d8608389-1417-4856-87e0-a5d3cb87ba39 and others in comments.