This bug was filed from the crash reporting server and is br-12e63fe8-da9e-46c3-b5a5-72facbc7d079. ========================================= Discovered while testing bug 158740. Steps: 1. Open attachment 120527 [details] 2. Insert a 2x2 table at cursor position 3. Ctrl + A, Ctrl + C 4. Place cursor at the beginning of footnote paragraph 6. Ctrl + V 7. Ctrl + Z Result: crash with signature "SwTableNode::DelFrames(SwRootFrame const*)", e.g. https://crashreport.libreoffice.org/stats/crash_details/cb42b7f5-5769-49af-9a03-f3bc0de4317d In 6.2 and 7.0, crash signature is just "SwTableNode::DelFrames", e.g.: https://crashreport.libreoffice.org/stats/crash_details/32eaf146-fa27-4695-bb8e-18fb71150300 In 6.0, crash signature is "SwUndoTableAutoFormat::UndoRedo(bool, sw::UndoRedoContext&)": https://crashreport.libreoffice.org/stats/crash_details/7aaf51f2-783f-4fac-9c81-29bd014a0a0b Reproduced in 5.0.0.5 and recent trunk build: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 960e37af28807ed1b376e26c4504ab755a81dfd5 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded In 4.0.0.3, crashes earlier at step 6. No crash in OOo 3.3, but not calling it a regression as the "table in frame" is not rendered in the footnote.
This bug was filed from the crash reporting server and is br-12e63fe8-da9e-46c3-b5a5-72facbc7d079. ========================================= Discovered while testing bug 158740. Steps: 1. Open attachment 120527 [details] 2. Insert a 2x2 table at cursor position 3. Ctrl + A, Ctrl + C 4. Place cursor at the beginning of footnote paragraph 6. Ctrl + V 7. Ctrl + Z twice Result: crash with signature "SwTableNode::DelFrames(SwRootFrame const*)", e.g. https://crashreport.libreoffice.org/stats/crash_details/cb42b7f5-5769-49af-9a03-f3bc0de4317d In 6.2 and 7.0, crash signature is just "SwTableNode::DelFrames", e.g.: https://crashreport.libreoffice.org/stats/crash_details/32eaf146-fa27-4695-bb8e-18fb71150300 In 6.0, crash signature is "SwUndoTableAutoFormat::UndoRedo(bool, sw::UndoRedoContext&)": https://crashreport.libreoffice.org/stats/crash_details/7aaf51f2-783f-4fac-9c81-29bd014a0a0b Reproduced in 5.0.0.5 and recent trunk build: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 960e37af28807ed1b376e26c4504ab755a81dfd5 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded In 4.0.0.3, crashes earlier at step 6. No crash in OOo 3.3, but not calling it a regression as the "table in frame" is not rendered in the footnote.
Confirm Version: 24.2.0.0.alpha1+ (X86_64) / LibreOffice Community Build ID: a9ad36ae46ff76c0d59b0d170314fdd3a9ee5d35 CPU threads: 4; OS: Windows 6.3 Build 9600; UI render: Skia/Raster; VCL: win Locale: nl-NL (nl_NL); UI: en-US Calc: CL threaded FWIW: Step 6 doesn't appear to paste (visually)
Adding couple of old bugs based on the same file to see also
On pc Debian x86-64 with master sources updated today, I don't reproduce the crash.
I'm not able to repro either: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 205dd919179f34815d7e16c8dc73d2a7efd34535 CPU threads: 16; OS: Windows 10.0 Build 22631; UI render: Skia/Raster; VCL: win Locale: en-US (en_US); UI: en-US Calc: threaded
More specific steps 1. Open attachment 120527 [details] 2. Insert a 2x2 table at cursor position 3. Ctrl + A, Ctrl + C (with cursor in table) 4. Toggle formatting marks on 5. Click in the footnote before the text. Notice a empty space being present in front of the first glyph 6. Press arrow left the put the cursor at the real be start 7. Ctrl + V 8. Ctrl + Z twice Repro with Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 40617d867346956588ac023511f31210107217f4 CPU threads: 8; OS: macOS 13.6.3; UI render: Skia/Metal; VCL: osx Locale: nl-NL (nl_NL.UTF-8); UI: en-US Calc: threaded
(In reply to Telesto from comment #6) > 5. Click in the footnote before the text. Notice a empty space being present > in front of the first glyph > 6. Press arrow left the put the cursor at the real be start Exactly: there is no crash is the cursor is right before the "T" in the footnote.
Created attachment 191849 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this. When at pasting step, the table is not pasted. First time I had given a try, I had stopped here thinking there was something wrong.
Created attachment 191851 [details] bt from Nodes amiss, skipping check of Cond Colls
I have uploaded the following patch that stops the crashing in my local build on macOS Sonoma: https://gerrit.libreoffice.org/c/core/+/162031 I don't know anything about the code surrounding this fix so I will wait for the patch to be tested and/or reviewed by someone who is familiar with that part of the Writer code. My worry is that, while LibreOffice will no longer crash, skipping an undo might leave the current Writer document in a corrupted state.
Patrick Luby committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/fab9db6c7e85c76320743e1956c5a7c12f4ece0b tdf#159025 skip undo if SwTableNode is a nullptr It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Patrick Luby committed a patch related to this issue. It has been pushed to "libreoffice-7-6": https://git.libreoffice.org/core/commit/52e959efc36edaf3e5bd1cd8ad75d4541f861390 tdf#159025 skip undo if SwTableNode is a nullptr It will be available in 7.6.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Patrick Luby committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/8163882de6308e46b261af9e75906d1d05c4eb08 tdf#159025 skip undo if SwTableNode is a nullptr It will be available in 24.2.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Patrick Luby committed a patch related to this issue. It has been pushed to "libreoffice-24-2-0": https://git.libreoffice.org/core/commit/0989275534bda8cd559e80b8579bba7271344e7d tdf#159025 skip undo if SwTableNode is a nullptr It will be available in 24.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thanks Patrick, no crash anymore in: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 6d71c21890c908225945f0fc3566255ed150f660 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded However: - the table inserted in the page body at step 2 is not removed at the final CTRL + Z - I still get a crash if I add the following steps to comment 0: 8. Ctrl + Y 9. Close document, don't save Not sure if it is linked to your commit or not.