Created attachment 203584 [details] XLSX Fileopen XLSX crashes debug Calc This is conditional formatting triggering some kind of use-after-free bug in ScDocument::FillInfo. Less prominent before: commit d15c4caabaa21e0efe3a08ffbe145390e802bab9 [log] author Justin Luth <jluth@mail.com> Tue Sep 20 08:14:41 2022 -0400 committer Justin Luth <jluth@mail.com> Tue Jul 11 19:38:07 2023 +0200 tdf#123026 xlsx import: recalc optimal row height on import Bayram provided https://gerrit.libreoffice.org/c/core/+/193095
Bayram Çiçek committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/1bf9bbea96a0fb508bb3dc917e31362fe2c14e18 tdf#169115: sc: fix use-after-free bug in ScDocument::FillInfo It will be available in 26.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Bayram Çiçek committed a patch related to this issue. It has been pushed to "libreoffice-25-8": https://git.libreoffice.org/core/commit/d80f7687753d1a784780f79b00f9c08ec4dc65f7 tdf#169115: sc: fix use-after-free bug in ScDocument::FillInfo It will be available in 25.8.4. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Hi Timur, Bayram, Does the attached file crash for you with a debug build? At least for me it doesn't crash... and the same for CI, see https://gerrit.libreoffice.org/c/core/+/193195
Right, it was not crashing in some older debug build I have Version: 26.2.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 2034abc1bb10a69d9bc4d098f4cb82d63e6f73bf CPU threads: 16; OS: Linux 6.8; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US Calc: threaded Previously I bisected that crash stopped in 26.2 with: commit 4834c568532ef76e156d56365d704ac68413a0b0 [log] author Noel Grandin <noel.grandin@collabora.co.uk> Tue Sep 02 11:52:38 2025 tdf#168159 CRASH: deleting columns and undoing revert commit c8742f36fa2bdc9d23042378f5b587ccda8b54dd Author: Noel Grandin <noel.grandin@collabora.co.uk> Date: Thu May 22 10:18:48 2025 +0200 tdf#166684 reduce cost of CellAttributeHelper::registerAndCheck But that did not seem like the main cause. It was crashing in Collabora 25.04 so fix was ported. I see it now crashing in bibisct 25.2.
At least for me, the crash got fixed by commit 371ae67b37c6aebd5a7c2214a6285cd5abe9e6c8 [log] author Noel Grandin <noelgrandin@gmail.com> Wed Apr 09 22:03:30 2025 +0200 committer Noel Grandin <noelgrandin@gmail.com> Thu Apr 10 10:00:25 2025 +0200 tree 6875c952baeaf34c32d03e9ba6cb516023b5541b parent 8ace7409d57f9ba724ea569524da9899a08b739e [diff] tdf#162126 reduce allocation in hot path
Before the fix here, it was crashing both in LO and Collabora 25.04 for me.