Created attachment 192175 [details] Screen recording of crashing In Options -> LibreOffice Writer -> Formatting Aids, change Image -> Anchor to "To Character". Select two image files whose size is medium or larger in a file manager, and drag-and-drop them onto Writer. Writer crashes. I first experienced this under Arch Linux, and the same thing under KDE Neon. And I could reproduce it under a Ubuntu virtual machine downloaded from https://www.osboxes.org/ubuntu/#ubuntu-23-10-vmware with the default "latest/stable 7.6.3.2" and "latest/candidate 24.2.0.2" versions of LibreOffice. When I used small images from Google Search (266x190 and 225x224), crash did not happen. But I used larger images (640x427) downloaded from https://www.dwsamplefiles.com/download-jpg-sample-files/ , Writer crashed.
Thank you for the report! Reproduced with two copies of the JPG https://www.dwsamplefiles.com/?dl_id=49 in: Version: 7.6.4.1 (X86_64) / LibreOffice Community Build ID: e19e193f88cd6c0525a17fb7a176ed8e6a3e2aa1 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Crash report: https://crashreport.libreoffice.org/stats/crash_details/6a21d8fe-6142-4d21-aff5-c1b09ca1f0b3 Also in recent trunk build: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 2cedb1a19ad605df4e148589e9027512e4dd9265 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Also 7.3.7.2 with different signature: https://crashreport.libreoffice.org/stats/crash_details/6d2a98df-19d2-46ed-b019-e4ae7a77ef78 No crash in 7.2.0.4 -> regression. Not reproduced with two of my own PNG files. Bibisected with linux-64-7.3 repo to first bad build [6fc3ca7e3024af46ec2533d6d2417b8d2d55eff8] which points to a24dd76ca6c1d0f2876e1eca698c73fcccc815fe which is a cherrypick of: commit 651527b4efe9700c8c8dff58ce5aa86ad5681f16 author Miklos Vajna Tue Apr 26 15:40:44 2022 +0200 committer Miklos Vajna Tue Apr 26 17:02:15 2022 +0200 sw: fix double-click opening frame dialog, not graphic dialog on images Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133443 Miklos, can you please have a look?
No repro using: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ab95ed2c4b1eddc2188bd455653a77140aa3816c CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: x11 Locale: en-US (C.UTF-8); UI: en-US Calc: threaded Also not able to repro on Windows using latest master.
Also no repro on: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: ab95ed2c4b1eddc2188bd455653a77140aa3816c CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-US (C.UTF-8); UI: en-US Calc: threaded using 2 copies of a 640x427 image. Setting to NEEDINFO.
Unfortunately, the link the sample JPG currently times out: https://www.dwsamplefiles.com/?dl_id=49 Does anyone still have those pictures? I haven't been able to replicate with other files.
Created attachment 193103 [details] Just meaningless sample image I don't know how to install "24.8.0.0.alpha0+", but as of now it still happens on Arch with "24.2.1.2 (X86_64)". The image I linked in the original post was not something special; it was just a sample image in the top result of a Google search for "sample image". The link seems to be not responding now. On my system, it happens with any sufficiently large image. The image dimensions threshold might be different depending on the screen resolution or the window size of Writer. So, maybe you could reproduce it if you keep drag-and-dropping random images in your computer's "Pictures" directory. For example, I could reproduce it on my computer with two copies of the images I attach.
Thanks. Still reproduce with two copies of the attached picture and: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: f42363c51672a5b3685b0b9b11e932680530dce3 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: CL threaded It does not crash every single time, but I'm not sure what is the factor that makes it consistently crash. In any case, even if they get inserted successfully, an extra Ctrl + Z crashes it for me with signature "SwTextNode::GetTextAttrForCharAt(int, unsigned short) const" (maybe something for a different report). (for example, https://crashreport.libreoffice.org/stats/crash_details/fb3bf4b6-c7b4-4590-bdfd-e43fe3ebab77 for 7.6)
(In reply to Stéphane Guillou (stragu) from comment #6) > Thanks. > Still reproduce with two copies of the attached picture and: Confirmed crash using the attached images with following debug build: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 53c5d570cab036b23f4969b858a648c8f0c24f93 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-US (C.UTF-8); UI: en-US Calc: threaded The problem is that the repro instructions in comment 0 are wrong. It says "Anchor to "To Character".", but it should be "Anchor to "As Character"." like the title of the bug says. Output on command line is: soffice.bin: /home/kali/libreoffice/core/sw/source/core/layout/atrfrm.cxx:1615: void SwFormatAnchor::SetAnchor(const SwPosition *): Assertion `(RndStdIds::FLY_AT_FLY == m_eAnchorId && pPos->GetNode().GetStartNode()) || (RndStdIds::FLY_AT_PARA == m_eAnchorId && pPos->GetNode().GetTableNode()) || pPos->GetNode().GetTextNode()' failed.
Good spotting, Matt. Updated steps: 0. Open Writer 1. In Options > LibreOffice Writer > Formatting Aids, change Image > Anchor to "As Character" > OK 2. Select two copies of attachment 193103 [details] in a file manager, and drag-and-drop them onto the document I checked the bibisection, it still applies. Also crashed on Windows 11 (froze then a click crashed it) with signature "GetFrameOfModify(SwRootFrame const *,sw::BroadcastingModify const &,SwFrameType,SwPosition const *,std::pair<Point,bool> const *)": https://crashreport.libreoffice.org/stats/crash_details/d7eeb699-208b-44fb-b482-47eaa509f0ee (not enough space in crash signature field to include it).
I'll take a look, the assertion failure is correct: we want to paste the 2nd as-char image after the anchor of the first as-char image, not inside it, which isn't really possible.
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/f9f2b7590bb7b3334d499b6884cc7f3e80843b8c tdf#159379 sw: fix crash on dropping multiple as-char images It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Miklos Vajna committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/008b1c3a8652b33b9b42ca0794a21ce9754e96f2 tdf#159379 sw: fix crash on dropping multiple as-char images It will be available in 24.2.4. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thanks Miklos! Fix verified in: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 2f5ab5b8e7bd7dd06e00153abb77a69e5d192dd2 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: CL threaded
*** Bug 151086 has been marked as a duplicate of this bug. ***