Bug 156958 - Crash in: (anonymous namespace)::TabBarEdit::LinkStubImplEndEditHdl(void*, void*) when renaming layer
Summary: Crash in: (anonymous namespace)::TabBarEdit::LinkStubImplEndEditHdl(void*, vo...
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Draw (show other bugs)
Version:
(earliest affected)
5.2.0.4 release
Hardware: x86-64 (AMD64) Linux (All)
: medium critical
Assignee: Julien Nabet
URL:
Whiteboard: target:24.2.0 target:7.6.2
Keywords: bibisectNotNeeded, haveBacktrace, regression
Depends on:
Blocks: Layers Crash
  Show dependency treegraph
 
Reported: 2023-08-28 10:21 UTC by Stéphane Guillou (stragu)
Modified: 2023-09-04 14:05 UTC (History)
2 users (show)

See Also:
Crash report or crash signature: ["(anonymous namespace)::TabBarEdit::LinkStubImplEndEditHdl(void*, void*)","TabBarEdit::LinkStubImplEndEditHdl","libmergedlo.so","TabBar::EndEditMode(bool)"]

Attachments
gdb backtrace with LO Impress 24.2 alpha0+ on Ubuntu 20.04 (130.19 KB, text/x-log)
2023-08-28 10:34 UTC, Stéphane Guillou (stragu) 		Details
bt with debug symbols (3.53 KB, text/plain)
2023-09-03 12:56 UTC, Julien Nabet 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stéphane Guillou (stragu) 2023-08-28 10:21:08 UTC 
This bug was filed from the crash reporting server and is br-a57d7270-b3d7-4bd6-a3ca-20ef772c570b.
=========================================

Steps:

1. Open Draw
2. Insert a second page
3. Insert a new layer
4. Right-click on layer tab > Rename > click out onto canvas

Result: crash

Same with fresh profile. Same in gen and gtk3 vcl plugins.

Repro:

Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: e7496f41562b75ea9732ca48f9aa0c07b69e424f
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Version: 7.6.0.2 (X86_64) / LibreOffice Community
Build ID: 41d6f628ba3f046f16b5fa9fa8db8d4c2ab3b582
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Version: 7.5.5.2 (X86_64) / LibreOffice Community
Build ID: ca8fe7424262805f223b9a2334bc7181abbcbf5e
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Crash report for 7.5: https://crashreport.libreoffice.org/stats/crash_details/5ec368a2-3d0f-4add-8959-e0c22d4f8394

Version: 7.4.7.2 / LibreOffice Community
Build ID: 723314e595e8007d3cf785c16538505a1c878ca5
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Crash report for 7.4: https://crashreport.libreoffice.org/stats/crash_details/85692346-f119-4443-8781-5b48271e9eb0

And since libreoffice-5.2.0.0.alpha1 according to testing with linux-64-release bibisect repo.
Comment 1 Stéphane Guillou (stragu) 2023-08-28 10:34:04 UTC 
Created attachment 189190 [details]
gdb backtrace with LO Impress 24.2 alpha0+ on Ubuntu 20.04

gdb backtrace with:

Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 42364fbfafaa95773c073cc080142b64ec1786fb
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: x11
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded
Comment 2 Regina Henschel 2023-08-28 15:59:14 UTC 
There is no crash with Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: c9916d9be9c060d43fc063b76d70629162650fea
CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: de-DE (en_US); UI: en-US
Calc: CL threaded
Comment 3 Stéphane Guillou (stragu) 2023-08-28 21:11:29 UTC 
The crash signature for 7.2 is TabBarEdit::LinkStubImplEndEditHdl (see e.g. https://crashreport.libreoffice.org/stats/signature/TabBarEdit::LinkStubImplEndEditHdl)

For 7.0, it's libmergedlo.so (see e.g. https://crashreport.libreoffice.org/stats/crash_details/7cfb10c0-58ee-4a7d-97cf-b876bdca45c6)

For 6.0, it's TabBar::EndEditMode(bool) (see e.g. https://crashreport.libreoffice.org/stats/crash_details/956ae51f-2c76-4b5a-b32c-168f9e32a474)
Comment 4 Julien Nabet 2023-09-03 12:56:19 UTC 
Created attachment 189316 [details]
bt with debug symbols

On pc Debian x86-64 with master source updated today, I could reproduce this.
Comment 5 Julien Nabet 2023-09-03 13:00:30 UTC 
Let's try with https://gerrit.libreoffice.org/c/core/+/156482
Comment 6 Commit Notification 2023-09-03 14:11:51 UTC 
Julien Nabet committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/a853af876ff59733c60f205c0cdbc240c10f01a0

tdf#156958: fix crash when clicking out after having selected rename layer

It will be available in 24.2.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 7 Commit Notification 2023-09-03 15:57:04 UTC 
Julien Nabet committed a patch related to this issue.
It has been pushed to "libreoffice-7-6":

https://git.libreoffice.org/core/commit/e79bd728e66272d14881d40167dcf57ef48571eb

tdf#156958: fix crash when clicking out after having selected rename layer

It will be available in 7.6.2.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 8 Stéphane Guillou (stragu) 2023-09-04 12:23:20 UTC 
Fix verified in:

Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: cc7d6211bc01e5ec84dbad542605d2e93dea925c
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: threaded

Much appreciated, Julien!