Description: Getting Hang issue on file having wpc(WordProcessingCanvas) Steps to Reproduce: 1.Bulid LO using https://wiki.documentfoundation.org/Development/BuildingOnWindows 2../soffice.bin --convert-to pdf ft.docx Actual Results: Getting Hang Expected Results: File should be processed successfully Reproducible: Always User Profile Reset: No Additional Info: Issue is caused by 0430adb42bc38f037b907984e71c144d863796cb(0430adb42bc38f037b907984e71c144d863796cb) commid id.
Created attachment 191130 [details] Getting Hang issue on file having wpc(WordProcessingCanvas)
I get a crash. Seems to be related to the fact, that the WordprocessingCanvas is anchored as character (=inline).
Using the Wordprocessing Canvas instead of the VML fallback was introduced with commit https://gerrit.libreoffice.org/c/core/+/156629. But I have yet no idea, why the case of inline anchor does not work.
The error happens too for anchored inline group, not only for a Wordprocessing canvas. https://crashreport.libreoffice.org/stats/crash_details/296d284f-c0d2-4d9d-b214-f318c43b9536 Tested with Version: 7.6.2.1 (X86_64) / LibreOffice Community Build ID: 56f7684011345957bbf33a7ee678afaf4d2ba333 CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win Locale: de-DE (de_DE); UI: en-US Calc: CL threaded Testfile will be attached.
Created attachment 191173 [details] inline anchored Group containing rectangle and triangle with text The group was built in PowerPoint and from there pasted to Word.
It is OK in Version: 7.4.1.2 (x64) / LibreOffice Community Build ID: 3c58a8f3a960df8bc8fd77b461821e42c061c5f0 CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: default; VCL: win Locale: de-DE (de_DE); UI: en-US Calc: CL It is broken in Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community Build ID: d05c176cc022f1b771f7c064f6ce74e9f8c27a1b CPU threads: 8; OS: Windows 10.0 Build 19045; UI render: default; VCL: win Locale: de-DE (de_DE); UI: en-US Calc: CL
Hi QA team, when you bibisect it, use my file. The problem is not produced by the Wordprocessing Canvas. It becomes only visible now with the Wordprocessing Canvas because now a Wordprocessing Canvas is imported as that and in older versions the VML fallback is imported. @Attila: You have heavily worked in that area. Do you have an idea where it goes wrong?
This seems to have begun at the below commit in bibisect repository/OS linux-64-7.4. Adding Cc: to Attila Bakos ; Could you possibly take a look at this one? Thanks 0d1ffc14abf43c7830cee6369710d8e63e2fd0ef is the first bad commit commit 0d1ffc14abf43c7830cee6369710d8e63e2fd0ef Author: Jenkins Build User <tdf@pollux.tdf> Date: Wed Jul 13 09:36:47 2022 +0200 source 44eef5f494825a26594ba3d50ef1f3211ae73b9b 136929: tdf#148687 tdf#149173 tdf#149546 sw: fix crash with textboxes | https://gerrit.libreoffice.org/c/core/+/136929
It crashes because of an invalid pointer. The problem is in https://opengrok.libreoffice.org/xref/core/sw/source/core/text/itrform2.cxx?r=a58c0d4c#3061 pRet = sw::DrawFlyCntPortion::Create(*rInf.GetTextFrame(), *pFrameFormat, aTmpBase, nTmpAscent, nTmpDescent, nFlyAsc, nFlyDesc, nMode); Look at: rInf > member m_aTextFly (from SwTextPaintInfo) > mpAnchoredObjList. That list has one item. That item is a pointer to an object of SwAnchoredObject. The target has a member mpDrawObj. mpDrawObj points to an object of SwFlyLayFrame before the statement in #3061. mpDrawObj is an invalid pointer after the statement in #3061. It is an invalid pointer, not a nullptr. The item itself, that is the pointer, do not change, but the target is no longer valid. Later on, the program tries to access mpDrawObj and deference it, what causes the crash. For a group with shape without text, the mpAnchoredObjList is empty. If the group (with text) is not anchored as-char, but to-char, the statement in #3061 is not reached and it does not crash. Albeit, in that case, the text of the shape is outside the shape. Example will follow. I have no idea for a fix. I appreciate any help.
Created attachment 191446 [details] For comparison, a group not anchored inline.
Michael Stahl committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/dc323680b9c82527eeef3bc69ac4ebf978cac69f tdf#158451 sw: fix crash in text formatting of as-char group shape It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/fc36057d77db18fc57b814d06d4593e0d7f116a6 tdf#158451 sw: fix crash in text formatting of as-char group shape It will be available in 24.2.0.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-7-6": https://git.libreoffice.org/core/commit/ce9a5a9abbfa998312c62c61b27992d01df214d2 tdf#158451 sw: fix crash in text formatting of as-char group shape It will be available in 7.6.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
should be fixed hopefully
Kira Tubo committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/e75899a25921aa8fc7857c154326a9aca4648c27 tdf#158451 - sw unit test - FILEOPEN DOCX crash It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.