Bug 160309 - Crash after ungroup - undo - ungroup in SwUndoDelLayFormat::SwUndoDelLayFormat(SwFrameFormat*)
Summary: Crash after ungroup - undo - ungroup in SwUndoDelLayFormat::SwUndoDelLayForma...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
7.4.0.3 release
Hardware: x86-64 (AMD64) All
: high critical
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: bibisected, bisected, regression
Depends on:
Blocks: Crash DOCX-Grouped-Shapes
  Show dependency treegraph
 
Reported: 2024-03-22 01:29 UTC by Stéphane Guillou (stragu)
Modified: 2024-03-22 23:11 UTC (History)
4 users (show)

See Also:
Crash report or crash signature: ["SwUndoDelLayFormat::SwUndoDelLayFormat(SwFrameFormat*)","static SwUndoId lcl_GetSwUndoId(const class SwFrameFormat *)"]

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stéphane Guillou (stragu) 2024-03-22 01:29:29 UTC 
Steps:
1. Open attachment 193233 [details]
2. Select group 9 (double-click it in Navigator)
3. Ungroup it
4. Undo
5. Ungroup it again

Result: crash

Reproduced in 7.4.0.3 and recent trunk build:

Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 53c5d570cab036b23f4969b858a648c8f0c24f93
CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3
Locale: en-AU (en_AU.UTF-8); UI: en-US
Calc: CL threaded

* Crash report for 7.6 with signature "SwUndoDelLayFormat::SwUndoDelLayFormat(SwFrameFormat*)": https://crashreport.libreoffice.org/stats/crash_details/220fff47-66a6-4bda-9016-46c417caefc3
* Crash report for 24.2, with signature "<name omitted>": https://crashreport.libreoffice.org/stats/crash_details/7b4074be-3256-4480-8dc4-5c340f213c76

Also crashes on Windows 11 with signature "static SwUndoId lcl_GetSwUndoId(const class SwFrameFormat *)": https://crashreport.libreoffice.org/stats/crash_details/269a2e29-083f-4cd7-9a72-939797e40167
Bibisected with linux-64-7.4 repository to first bad build [0d1ffc14abf43c7830cee6369710d8e63e2fd0ef] which points to 44eef5f494825a26594ba3d50ef1f3211ae73b9b which is a cherrypick of:

commit 1d3d2a995239c3c71432006cb795324c56a0412a
author	Attila Bakos (NISZ) 	Mon Jun 20 17:27:53 2022 +0200
committer	László Németh 	Mon Jul 11 14:09:09 2022 +0200
tdf#148687 tdf#149173 tdf#149546 sw: fix crash with textboxes
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136192

Attila seems inactive, let's up increase the priority.
Comment 1 Telesto 2024-03-22 20:08:19 UTC 
This report quite similar (or very closely related) to bug 152799, except few additional steps being needed to triggering the crash.