Created attachment 191856 [details] sample file Steps to reproduce: 1. Open attached document 2. Go to sheet 'Charts' 3. Select column A 4. Insert Column before 5. Undo 6. Insert column after 7. Undo -> Crash Reproduced in Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 84a3401c28135735c7bbe324eb3642b31c7f26f5 CPU threads: 8; OS: Linux 6.1; UI render: default; VCL: gtk3 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded
Doesn't crash, with/without macros. Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 25276df12abd9d002f7f899900434617b256f745 CPU threads: 16; OS: Windows 10.0 Build 22631; UI render: default; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: CL threaded
Reproduced in: Version: 24.2.0.0.beta1 (X86_64) / LibreOffice Community Build ID: 5f390384195b7264c6e52add9e90a39790285249 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Also in: - 7.6.4.1: https://crashreport.libreoffice.org/stats/crash_details/6f3db431-97fa-4988-981c-df13b48023f3 - 7.4.7.2: https://crashreport.libreoffice.org/stats/crash_details/c08de567-4871-4bad-aa5c-edd6d248fb37 - 7.3.7.2: https://crashreport.libreoffice.org/stats/crash_details/00742f45-cfbc-402e-8c71-2c5709cad5d2 Not reproduced in 7.2.0.4 -> regression.
I can't reproduce it on Windows either so I think this is Linux only
Created attachment 191867 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this.
Armin: I noticed this in gdb: (gdb) frame 6 #6 0x00007f87fe70047d in ScPatternAttr::GetItem (nWhich=139, rItemSet=SfxItemSet of pool 0x3ff4a3d70a3d70a4 with parent 0x0 and Which ranges: [], pCondSet=0x0) at /home/julien/lo/libreoffice/sc/source/core/data/patattr.cxx:1669 1669 return rItemSet.Get(nWhich); since it's related to pool, thought you might be interested in this one.
Bibisected with linux-64-7.3 repo to first bad build [effb1e09756098bb333f104fa0960249a403f885] which points to e4f76cd9a4814ce6cc4795e5e1a5c74d54cb7513 which is a cherrypick of: commit 8f5d8669ca74fed8608e438a8436c173e35d43a6 author Justin Luth Wed Feb 23 10:34:29 2022 +0200 committer Justin Luth Wed Feb 23 16:48:56 2022 +0100 tdf#122098 xlsx im/export: let formulas guess their number format Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130406 Justin, can you please have a look?
yep, I just bisected it as well and it points to the same commit as comment 6
My patch is pretty simple, and the crashing is not coming at the time of my import code, so it is pretty clear that my patch is not the cause, but that it just exposed some existing condition in these particular steps. Removing regression stuff. void ScFormulaCell::SetNeedNumberFormat( bool bVal ) { mbNeedsNumberFormat = mbAllowNumberFormatChange = bVal; } Is this status being copied to the new column, and somehow triggering the crash? I did see a call to SetNeedNumberFormat excluded if GetDoc().IsClipOrUndo()... This probably is something for a foundational guy like Armin to look into, since a reference to an Itemset cannot be accessed: #2 0x00007fffbb49754c in ScPatternAttr::GetItem(unsigned short, SfxItemSet const&, SfxItemSet const*) (nWhich=139, rItemSet=<error reading variable: Cannot access memory at address 0xf0000000f>, ...) at sc/source/core/data/patattr.cxx:1670