Created attachment 194301 [details] A document crashing on opening Open the attached document. It crashes on opening, starting from version 7.1. The commit since it started crashing is d336e6c26012255015d3fc0caf8e7fafe14bd8f2 (tdf#69647 sw layout: fix line spacing with inline pictures, 2020-08-28); but the mentioned commit is not the real problem, it simply changed layout in such a way, that the real unknown problem in layout started to appear in this document. Similarly, commit ae9e8f3f6d10b0be2fe5b9b238a531b17e0d67da (tdf#160526, tdf#160549: fix split conditions at page start, 2024-04-07) caused attachment 128826 [details] from bug 103059 to crash on Linux when converting to PDF in command line. I guess, that these two are the same problem (the FODT that I attach here is actually carefully cleared attachment 128826 [details], and in the cleanup process, it became apparent, that it also failed in earlier versions, and not only on Linux, when layout is tweaked a bit). Likely, it maybe possible to tweak the layout further to cause the same crash in earlier versions, too. The problem seems to be use-after-free in SwTextFormatter::InsertPortion and/or SwTextFormatter::NewPortion.
Reproducible Version: 24.2.3.2 (X86_64) / LibreOffice Community Build ID: 433d9c2ded56988e8a90e6b2e771ee4e6a5ab2ba CPU threads: 16; OS: Windows 10.0 Build 22631; UI render: Skia/Raster; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: CL threaded Version: 24.8.0.0.alpha1+ (X86_64) / LibreOffice Community Build ID: eb3ae3234e098e1ee605624b0cac4c90436628d0 CPU threads: 16; OS: Windows 11 X86_64 (10.0 build 22631); UI render: Skia/Raster; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: threaded
Created attachment 194328 [details] valgrind log