Created attachment 185583 [details] Document to reproduce bug Steps: 1. load attached document 2. select column from table (one with 'Random' in first table for example) 3. press Ctrl-c to copy it 4. move cursor below "And here goes next one:" line 5. press Ctrl-V to paste copied column 6. watch crash requester Shell output: $ GTK_THEME=Adwaita oowriter /tmp/del/bug-153818.odt Fatal exception: Signal 11 Stack: /usr/lib64/libreoffice/program/libuno_sal.so.3(+0x39422)[0x7f4f5a3c0422] /usr/lib64/libreoffice/program/libuno_sal.so.3(+0x395fb)[0x7f4f5a3c05fb] /lib64/libc.so.6(+0x3cb20)[0x7f4f5a0dab20] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN7SwFrame12InsertBeforeEP13SwLayoutFramePS_+0x40)[0x7f4f3d793cf0] /usr/lib64/libreoffice/program/../program/libswlo.so(+0x79669c)[0x7f4f3d79669c] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN11SwTableNode32MakeFramesForAdjacentContentNodeERK11SwNodeIndex+0x95)[0x7f4f3d5ed2b5] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN7SwNodes12MakeTextNodeERK11SwNodeIndexP16SwTextFormatCollb+0x49b)[0x7f4f3d891c3b] /usr/lib64/libreoffice/program/../program/libswlo.so(+0x579399)[0x7f4f3d579399] /usr/lib64/libreoffice/program/../program/libswlo.so(+0x57b8eb)[0x7f4f3d57b8eb] /usr/lib64/libreoffice/program/../program/libswlo.so(+0x562de7)[0x7f4f3d562de7] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN9SwFEShell5PasteER5SwDocb+0x752)[0x7f4f3d6bca02] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN14SwTransferable12PrivatePasteER10SwWrtShellP14SwPasteContext14PasteTableType+0x206)[0x7f4f3dc14df6] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN14SwTransferable9PasteDataER22TransferableDataHelperR10SwWrtShellh22SotExchangeActionFlags20SotClipboardFormatId15SotExchangeDestbbPK5Pointab9RndStdIdsbP14SwPasteContext14PasteTableType+0x313)[0x7f4f3dc1d573] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN14SwTransferable5PasteER10SwWrtShellR22TransferableDataHelper9RndStdIdsb14PasteTableType+0x6c8)[0x7f4f3dc1ead8] /usr/lib64/libreoffice/program/../program/libswlo.so(_ZN11SwBaseShell10ExecClpbrdER10SfxRequest+0x49f)[0x7f4f3dcb4cef] /usr/lib64/libreoffice/program/libsfxlo.so(+0x1f910d)[0x7f4f589f910d] /usr/lib64/libreoffice/program/libsfxlo.so(+0x239013)[0x7f4f58a39013] /usr/lib64/libreoffice/program/libsfxlo.so(+0x239535)[0x7f4f58a39535] /usr/lib64/libreoffice/program/libsvtlo.so(+0x16028d)[0x7f4f5776028d] /usr/lib64/libreoffice/program/libvcllo.so(+0x435688)[0x7f4f56835688] /usr/lib64/libreoffice/program/libvcllo.so(_ZN16SalUserEventList18DispatchUserEventsEb+0x179)[0x7f4f56a9bdd9] /usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0xede7d)[0x7f4f510ede7d] /lib64/libglib-2.0.so.0(+0x55cb2)[0x7f4f53148cb2] /lib64/libglib-2.0.so.0(g_main_context_dispatch+0x19f)[0x7f4f53149cbf] /lib64/libglib-2.0.so.0(+0xac598)[0x7f4f5319f598] /lib64/libglib-2.0.so.0(g_main_context_iteration+0x30)[0x7f4f53146f40] /usr/lib64/libreoffice/program/libvclplug_gtk3lo.so(+0xf617b)[0x7f4f510f617b] /usr/lib64/libreoffice/program/libvcllo.so(+0x6e1442)[0x7f4f56ae1442] /usr/lib64/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x8d)[0x7f4f56ae705d] /usr/lib64/libreoffice/program/libsofficeapp.so(+0x3f88c)[0x7f4f5a2e788c] /usr/lib64/libreoffice/program/libvcllo.so(_Z10ImplSVMainv+0x36a)[0x7f4f56af284a] /usr/lib64/libreoffice/program/libsofficeapp.so(soffice_main+0x12a)[0x7f4f5a2fe04a] /usr/lib64/libreoffice/program/soffice.bin(+0x10bf)[0x55e6c0e270bf] /lib64/libc.so.6(+0x27510)[0x7f4f5a0c5510] /lib64/libc.so.6(__libc_start_main+0x89)[0x7f4f5a0c55c9] /usr/lib64/libreoffice/program/soffice.bin(+0x10f5)[0x55e6c0e270f5] Fedora 37
Created attachment 185586 [details] GDB trace of crash Repro Arch Linux 64-bit, X11 Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: f12e547c42103a3b934b393b6b63c2b096bbd06e CPU threads: 8; OS: Linux 6.1; UI render: default; VCL: kf5 (cairo+xcb) Locale: fi-FI (fi_FI.UTF-8); UI: en-US Calc: threaded Built on 24 February 2023
I can't say this is a regression as such, but I see that the number of newlines seen changed with f481c2c8e74bded11fac754e493560391229dbcd and it coincides with the crashing. Let's ask László for advice. Bibisected with linux-64-7.3 repo.
Just confirming it crashes on Windows 10 too: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ab20dba30769a5a52830220daa347772485db6a2 CPU threads: 4; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win Locale: en-GB (en_GB); UI: en-GB Calc: threaded
(In reply to Buovjaga from comment #2) > I can't say this is a regression as such, but I see that the number of > newlines seen changed with f481c2c8e74bded11fac754e493560391229dbcd and it > coincides with the crashing. Let's ask László for advice. > > Bibisected with linux-64-7.3 repo. Adding bisected keywords
Likely regression from regression from commit 794fd10af7361d5a64a0f8bfbe5c8b5f308617a5 "tdf#147347 sw: hide deleted table at deletion in Hide Changes". Proposed fix in https://gerrit.libreoffice.org/c/core/+/148344
László Németh committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/317ed3e81a5aa7826176a5122c2d8ea76aa0fb37 tdf#153819 sw: fix crashing MakeFramesForAdjacentContentNode() It will be available in 7.6.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
László Németh committed a patch related to this issue. It has been pushed to "libreoffice-7-5": https://git.libreoffice.org/core/commit/415b6b7e692122af679ab74979cbe475e3b19679 tdf#153819 sw: fix crashing MakeFramesForAdjacentContentNode() It will be available in 7.5.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Fixed in master and upcoming 7.5 release. @Marcin & all: thanks for your help!
Can it also be backported to 7.4 branch? Next version of Debian stable will have 7.4.5 version.
László, any chance we can cherrypick it for 7.4.7? Fix verified with: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 082d009b6a156faa74c9966b0dffc5fa6ce22287 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Thank you!
(In reply to Stéphane Guillou (stragu) from comment #10) > László, any chance we can cherrypick it for 7.4.7? https://gerrit.libreoffice.org/c/core/+/148640
@Stéphane: thanks for verifying! @Xisco: thanks for back-porting!
László Németh committed a patch related to this issue. It has been pushed to "libreoffice-7-4": https://git.libreoffice.org/core/commit/fde4c9c8dfdcde2f2c60e746ebc881851e270967 tdf#153819 sw: fix crashing MakeFramesForAdjacentContentNode() It will be available in 7.4.7. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
VERIFIED IN: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 67bb7f71b785d3d831ffaa47262b6cbd84e71c42 CPU threads: 8; OS: Windows 10.0 Build 19044; UI render: Skia/Vulkan; VCL: win Locale: hu-HU (hu_HU); UI: hu-HU Calc: CL threaded