Confirmed on Ubuntu 12.10 64 :

Backtrace :

#0  0x00007fffe04272a9 in SwPageFrm::GetCrsrOfst (this=0x44d41c0, pPos=0x401b330, rPoint=..., pCMS=0x7fffffffb440, bTestBackground=false) at /home/arnaud/core/sw/source/core/layout/trvlfrm.cxx:306
#1  0x00007fffe04279c9 in SwRootFrm::GetCrsrOfst (this=0x44d3d50, pPos=0x401b330, rPoint=..., pCMS=0x7fffffffb440, bTestBackground=false) at /home/arnaud/core/sw/source/core/layout/trvlfrm.cxx:426
#2  0x00007fffdff8ce2a in SwCrsrShell::UpdateCrsrPos (this=0x44d3910) at /home/arnaud/core/sw/source/core/crsr/crsrsh.cxx:1225
#3  0x00007fffdff8e858 in SwCrsrShell::UpdateCrsr (this=0x44d3910, eFlags=6, bIdleEnd=0 '\000') at /home/arnaud/core/sw/source/core/crsr/crsrsh.cxx:1522
#4  0x00007fffdff88a8e in SwCrsrShell::EndAction (this=0x44d3910, bIdleEnd=0 '\000') at /home/arnaud/core/sw/source/core/crsr/crsrsh.cxx:305
#5  0x00007fffe0b15172 in SwView::OuterResizePixel (this=0x46947e0, rOfst=..., rSize=...) at /home/arnaud/core/sw/source/ui/uiview/viewport.cxx:1156
#6  0x00007ffff66d3d16 in SfxViewFrame::DoAdjustPosSizePixel (this=0x46cf370, pSh=0x46947e0, rPos=..., rSize=...) at /home/arnaud/core/sfx2/source/view/viewfrm.cxx:1603
#7  0x00007ffff66d911e in SfxViewFrame::Resize (this=0x46cf370, bForce=0 '\000') at /home/arnaud/core/sfx2/source/view/viewfrm.cxx:2543
#8  0x00007ffff66e2bc1 in SfxFrameViewWindow_Impl::Resize (this=0x463fb30) at /home/arnaud/core/sfx2/source/view/viewfrm2.cxx:77
#9  0x00007ffff4a7b293 in Window::ImplCallResize (this=0x463fb30) at /home/arnaud/core/vcl/source/window/window.cxx:1168
#10 0x00007ffff4a8ea36 in Window::Show (this=0x463fb30, bVisible=1 '\001', nFlags=0) at /home/arnaud/core/vcl/source/window/window.cxx:6366
#11 0x00007ffff66c413f in SfxBaseController::ConnectSfxFrame_Impl (this=0x483e0e0, i_eConnect=SfxBaseController::E_CONNECT) at /home/arnaud/core/sfx2/source/view/sfxbasecontroller.cxx:1306
#12 0x00007ffff66c00e2 in SfxBaseController::attachFrame (this=0x483e0e0, xFrame=...) at /home/arnaud/core/sfx2/source/view/sfxbasecontroller.cxx:588
#13 0x00007ffff66aa755 in SfxFrameLoader_Impl::impl_createDocumentView (this=0x44896c0, i_rModel=..., i_rFrame=..., i_rViewFactoryArgs=..., i_rViewName=...) at /home/arnaud/core/sfx2/source/view/frmload.cxx:503
#14 0x00007ffff66ab270 in SfxFrameLoader_Impl::load (this=0x44896c0, rArgs=..., _rTargetFrame=...) at /home/arnaud/core/sfx2/source/view/frmload.cxx:620
#15 0x00007fffe25031e8 in framework::LoadEnv::impl_loadContent (this=0x4485538) at /home/arnaud/core/framework/source/loadenv/loadenv.cxx:1136
#16 0x00007fffe24ff93b in framework::LoadEnv::startLoading (this=0x4485538) at /home/arnaud/core/framework/source/loadenv/loadenv.cxx:399
#17 0x00007fffe2481798 in framework::LoadDispatcher::impl_dispatch (this=0x44854a0, rURL=..., lArguments=..., xListener=...) at /home/arnaud/core/framework/source/dispatch/loaddispatcher.cxx:121
#18 0x00007fffe24813fa in framework::LoadDispatcher::dispatch (this=0x44854a0, aURL=..., lArguments=...) at /home/arnaud/core/framework/source/dispatch/loaddispatcher.cxx:60
#19 0x00007fffdafaf104 in unocontrols::FrameControl::impl_createFrame (this=0x445e920, xPeer=..., rURL=..., rArguments=...) at /home/arnaud/core/UnoControls/source/controls/framecontrol.cxx:493
#20 0x00007fffdafae8c5 in unocontrols::FrameControl::setFastPropertyValue_NoBroadcast (this=0x445e920, nHandle=0, rValue=...) at /home/arnaud/core/UnoControls/source/controls/framecontrol.cxx:353
#21 0x00007ffff6a4f961 in cppu::OPropertySetHelper::setFastPropertyValue (this=0x445ea48, nHandle=0, rValue=...) at /home/arnaud/core/cppuhelper/source/propshlp.cxx:559
#22 0x00007ffff6a4e8aa in cppu::OPropertySetHelper::setPropertyValue (this=0x445ea48, rPropertyName=..., rValue=...) at /home/arnaud/core/cppuhelper/source/propshlp.cxx:283
#23 0x00007fffe0bc1c4b in SwOneExampleFrame::CreateControl (this=0x447aed0) at /home/arnaud/core/sw/source/ui/utlui/unotools.cxx:166
#24 0x00007fffe0bc12c6 in SwOneExampleFrame::SwOneExampleFrame (this=0x447aed0, rWin=..., nFlags=1, pInitializedLink=0x7fffffffc9b0, pURL=0x7fffffffc900) at /home/arnaud/core/sw/source/ui/utlui/unotools.cxx:100
#25 0x00007fffdb749050 in SwMultiTOXTabDialog::ShowPreviewHdl (this=0x445dfa0, pBox=0x0) at /home/arnaud/core/sw/source/ui/index/cnttab.cxx:541
#26 0x00007fffdb747b98 in SwMultiTOXTabDialog::SwMultiTOXTabDialog (this=0x445dfa0, pParent=0x400a560, rSet=..., rShell=..., pCurTOX=0x0, nToxType=65535, bGlobal=0 '\000') at /home/arnaud/core/sw/source/ui/index/cnttab.cxx:337
#27 0x00007fffdb69d185 in SwAbstractDialogFactory_Impl::CreateMultiTOXTabDialog (this=0x4473b80, nResId=20889, pParent=0x400a560, rSet=..., rShell=..., pCurTOX=0x0, nToxType=65535, bGlobal=0 '\000') at /home/arnaud/core/sw/source/ui/dialog/swdlgfact.cxx:1347
#28 0x00007fffe0abafc8 in SwTextShell::ExecIdx (this=0x41fdf20, rReq=...) at /home/arnaud/core/sw/source/ui/shells/textidx.cxx:158
#29 0x00007fffe0abb9c8 in SfxStubSwTextShellExecIdx (pShell=0x41fdf20, rReq=...) at /home/arnaud/core/workdir/unxlngx6/SdiTarget/sw/sdi/swslots.hxx:2723
#30 0x00007ffff64243c8 in SfxShell::CallExec (this=0x41fdf20, pFunc=0x7fffe0abb9a5 <SfxStubSwTextShellExecIdx(SfxShell*, SfxRequest&)>, rReq=...) at /home/arnaud/core/sfx2/inc/sfx2/shell.hxx:188
#31 0x00007ffff66fad8a in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, unsigned char) () from /home/arnaud/core/solver/unxlngx6/installation/opt/program/libsfxlo.so
#32 0x00007ffff66fe0e0 in SfxDispatcher::PostMsgHandler(SfxRequest*) () from /home/arnaud/core/solver/unxlngx6/installation/opt/program/libsfxlo.so
#33 0x00007ffff66fdf9b in SfxDispatcher::LinkStubPostMsgHandler(void*, void*) () from /home/arnaud/core/solver/unxlngx6/installation/opt/program/libsfxlo.so
#34 0x00007ffff63469ca in Link::Call (this=0x400f180, pCaller=0x445ce10) at /home/arnaud/core/solver/unxlngx6/inc/tools/link.hxx:123
#35 0x00007ffff6688d25 in GenLink::Call (this=0x400f180, pCaller=0x445ce10) at /home/arnaud/core/sfx2/inc/sfx2/genlink.hxx:45
#36 0x00007ffff6688c49 in SfxHintPoster::Event (this=0x400f170, pPostedHint=0x445ce10) at /home/arnaud/core/sfx2/source/notify/hintpost.cxx:62
#37 0x00007ffff6688d56 in SfxHintPoster::DoEvent_Impl (this=0x400f170, pPostedHint=0x445ce10) at /home/arnaud/core/sfx2/source/notify/hintpost.cxx:52
#38 0x00007ffff6688c1f in SfxHintPoster::LinkStubDoEvent_Impl (pThis=0x400f170, pCaller=0x445ce10) at /home/arnaud/core/sfx2/source/notify/hintpost.cxx:56
#39 0x00007ffff4564bee in Link::Call (this=0x445f2b0, pCaller=0x445ce10) at /home/arnaud/core/solver/unxlngx6/inc/tools/link.hxx:123
#40 0x00007ffff4aacde0 in ImplHandleUserEvent (pSVEvent=0x445df40) at /home/arnaud/core/vcl/source/window/winproc.cxx:1987
#41 0x00007ffff4aae127 in ImplWindowFrameProc (pWindow=0x3c6f4b0, nEvent=22, pEvent=0x445df40) at /home/arnaud/core/vcl/source/window/winproc.cxx:2559
#42 0x00007ffff4abc1f3 in SalFrame::CallCallback (this=0x3c6f9a0, nEvent=22, pEvent=0x445df40) at /home/arnaud/core/vcl/inc/salframe.hxx:269
#43 0x00007ffff4abbcc7 in SalGenericDisplay::DispatchInternalEvent (this=0x4ba310) at /home/arnaud/core/vcl/generic/app/gendisp.cxx:92
#44 0x00007fffebf351de in GtkData::userEventFn (data=0x4199e0) at /home/arnaud/core/vcl/unx/gtk/app/gtkdata.cxx:945
#45 0x00007fffebf35239 in call_userEventFn (data=0x4199e0) at /home/arnaud/core/vcl/unx/gtk/app/gtkdata.cxx:955
#46 0x00007ffff20e6a95 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#47 0x00007ffff20e6dc8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#48 0x00007ffff20e6e84 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#49 0x00007fffebf34120 in GtkData::Yield (this=0x4199e0, bWait=true, bHandleAllCurrentEvents=false) at /home/arnaud/core/vcl/unx/gtk/app/gtkdata.cxx:582
#50 0x00007fffebf37b2e in GtkInstance::Yield (this=0x419960, bWait=true, bHandleAllCurrentEvents=false) at /home/arnaud/core/vcl/unx/gtk/app/gtkinst.cxx:563
#51 0x00007ffff457c1ac in ImplYield (i_bWait=true, i_bAllEvents=false) at /home/arnaud/core/vcl/source/app/svapp.cxx:425
#52 0x00007ffff4578505 in Application::Yield (i_bAllEvents=false) at /home/arnaud/core/vcl/source/app/svapp.cxx:459
#53 0x00007ffff45784a6 in Application::Execute () at /home/arnaud/core/vcl/source/app/svapp.cxx:404
#54 0x00007ffff7ea0eb2 in desktop::Desktop::Main (this=0x7fffffffdcd0) at /home/arnaud/core/desktop/source/app/app.cxx:1716
#55 0x00007ffff4583f77 in ImplSVMain () at /home/arnaud/core/vcl/source/app/svmain.cxx:162
#56 0x00007ffff45840a4 in SVMain () at /home/arnaud/core/vcl/source/app/svmain.cxx:199
#57 0x00007ffff7ee11ca in soffice_main () at /home/arnaud/core/desktop/source/app/sofficemain.cxx:74
#58 0x0000000000400958 in sal_main () at /home/arnaud/core/desktop/source/app/main.c:48
#59 0x0000000000400939 in main (argc=1, argv=0x7fffffffde78) at /home/arnaud/core/desktop/source/app/main.c:47

Confirmed on Debian Sid 

LO 4.0.0.0.alpha1+
doesn't have build version... 2012 11 24

Cedric: would you mind I add an "if (pBackFrm)" in sw/source/core/layout/trvlfrm.cxx for this part
    297                 pBackFrm->GetCharRect( rBackRect, aBackPos );
    298 
    299                 nBackDistance = lcl_getDistance( rBackRect, rPoint );
    300                 bValidBackDistance = true;
?

Of course, I've seen the FIXME in this part but it would allow to just avoid the crash for the moment.

Seems to be due to commit http://cgit.freedesktop.org/libreoffice/core/commit/?id=e8fbe97900f13305b17015d9044993bde4adab36

Cédric could you have a look please ?

(In reply to comment #3)
> Cedric: would you mind I add an "if (pBackFrm)" in
> sw/source/core/layout/trvlfrm.cxx for this part
>     297                 pBackFrm->GetCharRect( rBackRect, aBackPos );
>     298 
>     299                 nBackDistance = lcl_getDistance( rBackRect, rPoint );
>     300                 bValidBackDistance = true;
> ?
> 
> Of course, I've seen the FIXME in this part but it would allow to just avoid
> the crash for the moment.

No, feel free to add some more checks: it can't hurt.

Julien Nabet committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ece13b024a34ffe46ee8d8fca4eadfec86bf2bf7

Related: fdo#57515 Crash when creating a Table of Contents



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Cedric: I hesitated between "Related" and "Resolves". Even if I don't reproduce the crash (from an empty doc) with the commit indicated here: https://bugs.freedesktop.org/show_bug.cgi?id=57515#c6, it could be interesting you take a look at this part of code to know if it's sufficient or not.

In brief, I let you judge :-)

If I revert the julien's patch locally it crashes, if I the patch it doesn't crash. So I'm happy to call this fixed by ece13b024a34ffe46ee8d8fca4eadfec86bf2bf7