Description: Version: 25.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: e6e7b8498aba69af8eee8edd1d3a1fb17c36836a CPU threads: 4; OS: Linux 6.8; UI render: default; VCL: gtk3 Locale: cs-CZ (cs_CZ.UTF-8); UI: en-US Calc: threaded Steps to Reproduce: open file https://bugs.documentfoundation.org/attachment.cgi?id=196600 from bug 163083 allow macros go to sheet NTN-B 2055 cupom1 scroll and wait few seconds Actual Results: crash Expected Results: no crash Reproducible: Always User Profile Reset: No Additional Info: on command line I see info: gtk_widget_get_toplevel: assertion 'GTK_IS_WIDGET (widget)' failed I don't know if it's relevant warning. This is regression. no crash in Version: 7.3.7.2.
Not reproducible with Version: 25.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 5b54f68599d9a9b6f4d21fd8c0cdac746ea71ecb CPU threads: 16; OS: Windows 11 X86_64 (10.0 build 22631); UI render: Skia/Raster; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: CL threaded Maybe it's different with the linked file not accesible.
Created attachment 196614 [details] bt On pc Debian x86-64 with master sources updated today, I got an assertion.
Works fine with Version: 24.2.6.2 (X86_64) Build ID: 420(Build:2) CPU threads: 12; OS: Linux 6.10; UI render: default; VCL: kf6 (cairo+wayland) Locale: pt-BR (en_US.UTF-8); UI: en-US Calc: threaded No crash in Version: 25.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 03467e12660a61c467e4947681e827435c3beaea CPU threads: 12; OS: Linux 6.10; UI render: default; VCL: kf6 (cairo+wayland) Locale: en-US (en_US.UTF-8); UI: en-US Calc: CL threaded Also, the macro ran on both versions.
I can't reproduce it in Version: 25.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: e6e7b8498aba69af8eee8edd1d3a1fb17c36836a CPU threads: 8; OS: Linux 6.1; UI render: default; VCL: gtk3 Locale: es-ES (es_ES.UTF-8); UI: en-US Calc: threaded
Created attachment 196631 [details] video See the video with the crash.
I could reproduce on Windows, with Skia enabled. The macros don't have to be enabled. Only a few (maybe up to five) horizontal scroll back-and-forth movements needed. Regression after commit 089398e51409458c5438c49fb347e4f09d9c09dc.
Created attachment 196644 [details] Minimized crashing document Ah no - my commit only changed text size a bit, which triggered a codepath (aAreaParam.mbLeftClip became true). The actual regression commit is ae7807c889c19145f89cec40afac82eee191837c. Here is the minimal testdoc. It's enough to open it and press left arrow key on the keyboard.
(In reply to Mike Kaganski from comment #7) > Created attachment 196644 [details] > Minimized crashing document > > Ah no - my commit only changed text size a bit, which triggered a codepath > (aAreaParam.mbLeftClip became true). The actual regression commit is > ae7807c889c19145f89cec40afac82eee191837c. > > Here is the minimal testdoc. It's enough to open it and press left arrow key > on the keyboard. no crash for me in Version: 24.8.0.3 (X86_64) / LibreOffice Community Build ID: 0bdf1299c94fe897b119f97f3c613e9dca6be583 CPU threads: 4; OS: Windows 10 X86_64 (10.0 build 19045); UI render: Skia/Raster; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: threaded
But the actual problematic commit is likely 1d2380516ac9871743c5a5455f0734d02be8eade - that introduced that call to RowInfo::cellinfo, passing (without checking) rParam.mnX, which is known that it can be out of the range of the RowInfo.
https://gerrit.libreoffice.org/c/core/+/173857
it seems this is related to https://crashreport.libreoffice.org/stats/signature/ScOutputData::SetClipMarks(ScOutputData::OutputAreaParam%20&,ScCellInfo%20*,SvxCellHorJustify,__int64)
Mike Kaganski committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/8b23abac4929bbb15a52afb083259cd2d24b4995 tdf#163091: check rParam.mnX before passing it to RowInfo::cellInfo It will be available in 25.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Mike Kaganski committed a patch related to this issue. It has been pushed to "libreoffice-24-2": https://git.libreoffice.org/core/commit/8ab524e39df026418ae3f2d8d8b37d4848344a05 tdf#163091: check rParam.mnX before passing it to RowInfo::cellInfo It will be available in 24.2.7. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Mike Kaganski committed a patch related to this issue. It has been pushed to "libreoffice-24-8": https://git.libreoffice.org/core/commit/6fdb23cd0eb6907764666e11a6049e58c58dedbb tdf#163091: check rParam.mnX before passing it to RowInfo::cellInfo It will be available in 24.8.3. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.