Enter some content, ensure being in edit mode, fill down, and undo => crash. Does not happen after escape or when not in edit mode. Likely an issue for many other commands too; we should verify whether commands make sense in edit mode.
Sorry @Heiko, how to fill down while in edit mode?
Couldn't reproduce, I tried these steps: 1. Select range A1:A5 2. Press F2 to enter Edit Mode in cell A1 3. Enter number "1" 4. Ctrl + D to fill down (does not fill down; can't use handle, see bug 93298) 5. Undo No crash. Version: 24.2.4.2 (X86_64) / LibreOffice Community Build ID: 51a6219feb6075d9a4c46691dcfe0cd9c4fff3c2 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Which steps did you use, Heiko?
1. Insert 1 in B2 2. Enter + up (to finish input and refocus the cell; immediately after the input nothing happens on ctrl+D) 3. ctrl+D => cell becomes empty 4. ctrl+Z => crash Version: 24.2.4.2 (X86_64) / LibreOffice Community Build ID: 420(Build:2) CPU threads: 32; OS: Linux 6.9; UI render: default; VCL: kf6 (cairo+xcb) Locale: de-DE (en_US.UTF-8); UI: en-US 24.2.4-2 Calc: threaded
No crash in: Version: 24.2.4.2 (X86_64) / LibreOffice Community Build ID: 51a6219feb6075d9a4c46691dcfe0cd9c4fff3c2 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Nor with kf5 or gen VCL plugins. kf6-specific?
Nope, kf5 crashes too. The situation is very special: while in edit mode, press the ctrl+D and ctrl+Z. Call stack is: libsclo.so!ScDocument::IsUndoEnabled(const ScDocument * const this) (/home/ht/Sources/libreoffice/sc/inc/document.hxx:1628) libsclo.so!(anonymous namespace)::DisableUndoGuard::DisableUndoGuard((anonymous namespace)::DisableUndoGuard * const this, ScDocShell * pDocShell) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undobase.cxx:113) libsclo.so!ScSimpleUndo::EndUndo(ScSimpleUndo * const this) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undobase.cxx:130) libsclo.so!ScBlockUndo::EndUndo(ScBlockUndo * const this) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undobase.cxx:273) libsclo.so!ScUndoAutoFill::Undo(ScUndoAutoFill * const this) (/home/ht/Sources/libreoffice/sc/source/ui/undo/undoblk3.cxx:556) libsvllo.so!SfxUndoAction::UndoWithContext(SfxUndoAction * const this) (/home/ht/Sources/libreoffice/svl/source/undo/undo.cxx:117) libsvllo.so!SfxUndoManager::ImplUndo(SfxUndoManager * const this, SfxUndoContext * i_contextOrNull) (/home/ht/Sources/libreoffice/svl/source/undo/undo.cxx:726) libsvllo.so!SfxUndoManager::UndoWithContext(SfxUndoManager * const this, SfxUndoContext & i_context) (/home/ht/Sources/libreoffice/svl/source/undo/undo.cxx:678) libsclo.so!ScTabViewShell::ExecuteUndo(ScTabViewShell * const this, SfxRequest & rReq) (/home/ht/Sources/libreoffice/sc/source/ui/view/tabvwshb.cxx:850) libsclo.so!SfxStubScTabViewShellExecuteUndo(SfxShell * pShell, SfxRequest & rReq) (/home/ht/Sources/libreoffice/workdir/SdiTarget/sc/sdi/scslots.hxx:1499) libsfxlo.so!SfxDispatcher::Call_Impl(SfxDispatcher * const this, SfxShell & rShell, const SfxSlot & rSlot, SfxRequest & rReq, bool bRecord) (/home/ht/Sources/libreoffice/sfx2/source/control/dispatch.cxx:254) libsfxlo.so!SfxDispatcher::Execute_(SfxDispatcher * const this, SfxShell & rShell, const SfxSlot & rSlot, SfxRequest & rReq, SfxCallMode eCallMode) (/home/ht/Sources/libreoffice/sfx2/source/control/dispatch.cxx:753) libsfxlo.so!SfxBindings::Execute_Impl(SfxBindings * const this, SfxRequest & aReq, const SfxSlot * pSlot, SfxShell * pShell) (/home/ht/Sources/libreoffice/sfx2/source/control/bindings.cxx:1057) ...
[Automated Action] NeedInfo-To-Unconfirmed
OK, reproduced now, with extra step 3: 1. Insert 1 in B2 2. Enter + Up (to finish input and refocus the cell) 3. F2 to enter Edit Mode (or Edit > Cell Edit Mode) 3. Ctrl + D => cell emptied 4. Ctrl + Z => crash Crash reports: - 24.2.4.2: https://crashreport.libreoffice.org/stats/crash_details/8ffcde71-fbfd-4cbf-8346-58512b80754c - 7.6.7.2 with signature "ScSimpleUndo::EndUndo()": https://crashreport.libreoffice.org/stats/crash_details/42e7f6bd-4fbf-46b8-ba9b-3a5663abf3ee - 7.2.0.4 with signature "SfxUndoManager::IsUndoEnabled() const": https://crashreport.libreoffice.org/stats/crash_details/b123c6aa-2550-4d70-aeb2-591d3a510f9e - 7.1.0.4 with signature "libc.so.6": https://crashreport.libreoffice.org/stats/crash_details/8b568a6d-b57a-45dc-9750-bee9d04e7917 Also crashes on macOS. No crash in 7.0.0.3 -> regression. Bibisected with linux-64-7.1 repo to first bad build [5f4b710d4d26bc0ae09f46a0a5be484ed726aae3] which is: commit 9ab64dc48a6a61edce6ff3724093162ca1cf8331 author Noel Grandin Fri May 29 16:14:52 2020 +0200 committer Noel Grandin Sat May 30 10:49:19 2020 +0200 pass ScSheetLimits around Reviewed-on: https://gerrit.libreoffice.org/c/core/+/95153 Noel, can you please have a look?
I have uploaded a patch that stops the crashing in my local master build. Don't know why pDocShell is a nullptr in this code though: https://gerrit.libreoffice.org/c/core/+/170174
(In reply to Patrick Luby (volunteer) from comment #8) > I have uploaded a patch that stops the crashing in my local master build. > Don't know why pDocShell is a nullptr in this code though: > > https://gerrit.libreoffice.org/c/core/+/170174 Ignore the above patch. Unfortunately, it only worked for me apparently by coincidence (i.e. some other code reallocated and zero'd out the delete memory).
So I dont know what is going on here. From running calc under ASAN I can see that we have a ScUndoAutoFill object that is being added to the undo stack. And I can see that we delete that object inside SfxUnoManager::ImplClearRedo. But then the undo stuff inside SfxUndoManager tries to access that object again, later on? So it seems like the undo code has two pointers to the same object for some reason?
(In reply to Noel Grandin from comment #10) > So I dont know what is going on here. > > From running calc under ASAN I can see that we have a ScUndoAutoFill object > that is being added to the undo stack. > > And I can see that we delete that object inside SfxUnoManager::ImplClearRedo. > > But then the undo stuff inside SfxUndoManager tries to access that object > again, later on? So it seems like the undo code has two pointers to the same > object for some reason? From the above, I found the common function that both deletes the ScUndoAutoFill object and then crashes. Don't know if this is a reasonable fix or not but I got the crashing to stop in my local build with the following patch: https://gerrit.libreoffice.org/c/core/+/170254
Patrick Luby committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/99fda8da4e0a1b24c9aaecacfeeba0fe593fe730 tdf#161712 invoke ScSimpleUndo::EndUndo() before ShowBlock() It will be available in 25.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
I have committed my latest patch. The fix should be in tomorrow's (11 July 2024) nightly master builds: https://dev-builds.libreoffice.org/daily/master/current.html Note for macOS testers: the nightly master builds install in /Applications/LibreOfficeDev.app. These builds are not codesigned like regular LibreOffice releases so you will need to execute the following Terminal command after installation but before you launch /Applications/LibreOfficeDev: xattr -d com.apple.quarantine /Applications/LibreOfficeDev.app
Verified with Version: 25.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 99fda8da4e0a1b24c9aaecacfeeba0fe593fe730 CPU threads: 32; OS: Linux 6.9; UI render: default; VCL: kf5 (cairo+xcb) Locale: de-DE (en_US.UTF-8); UI: en-US Calc: threaded Thanks Patrick!
Patrick Luby committed a patch related to this issue. It has been pushed to "libreoffice-24-2-5": https://git.libreoffice.org/core/commit/f6d772aff18d0a28abc49dbacfb2ffc370b369f1 tdf#161712 invoke ScSimpleUndo::EndUndo() before ShowBlock() It will be available in 24.2.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Patrick Luby committed a patch related to this issue. It has been pushed to "libreoffice-24-8": https://git.libreoffice.org/core/commit/58f63e376892b55455ab4b85a250de6b6f81d405 tdf#161712 invoke ScSimpleUndo::EndUndo() before ShowBlock() It will be available in 24.8.0.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thanks Patrick, also verified for gtk3 VCL plugin with own build.
Patrick Luby committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/40ba3e617e351372c5ee1d735745f835fe2a90c4 tdf#161712 invoke ScSimpleUndo::EndUndo() before ShowBlock() It will be available in 24.2.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.