Steps how to reproduce with parallel installation of "LOdev 4.0.0.0.beta1 - GERMAN UI / German Locale [Build ID: 87906242e87d3ddb2ba9827818f2d1416d80cc7)]" {tinderbox: @6, pull time 2012-12-06} on German WIN7 Home Premium (64bit) with separate /4 User Profile for Master Branch: 0. Download / Unzip Attachment 71339 [details] for Bug 56808 1. Launch LibO 2. Open new Writer document from Start Center 3. Select all .png pictures in folder where you unzipped the att. 4. <control+c> for copy 5. switch to Writer document <alt+tab> 6. If caret does not flash in Writer document, click into document 7. <control+v> for paste. CRASH Already reproducible with 4.0.0.0.alpha1 Still worked fine with * Server-installation of Master "3.7.0.alpha0+ – ENGLISH UI [Build ID: f2e622]" {tinderbox: Win-x86@16, pull time 2012-10-06 09:31:39} on German WIN7 Home Premium (64bit) UserInstallation=$SYSUSERCONFIG/LOdev/3 * 3.6.4.3
Created attachment 71340 [details] Simple test kit The bug also can be reproduced with some more simple .png, use attached test kit and proceed as per original report.
Created attachment 71367 [details] gdb session with backtraces I have reproduced the problem with master commit id 8450a99, fetched around 2012-12-07 02:00 UTC, configured with parameters --enable-dbgutil --enable-crashdump --disable-build-mozilla --without-system-postgresql --without-myspell-dicts --without-help --with-extra-buildid built and running on Linux ubuntu-natty (11.04) 32-bit ... $ uname -a Linux cougar-natty 2.6.38-16-generic #67-Ubuntu SMP Thu Sep 6 18:00:43 UTC 2012 i686 athlon i386 GNU/Linux $ gcc --version gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2 Copyright (C) 2010 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $ java -version java version "1.6.0_24" OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~11.04.1) OpenJDK Client VM (build 20.0-b12, mixed mode, sharing) and my file explorer is Nautilus 2.32.2.1. I followed Rainer's instructions as closely as i could. However, LibreOffice opened directly to Writer document "Untitled 1". In step 6, the caret was already flashing. In the attached typescript, SIGSEGV is around line 80. Thereafter find ... info threads thread apply all backtrace backtrace full I am setting Platform All.
Created attachment 71368 [details] typescript of valgrind run ctrl-V is after 76 lines of typescript
The crash seems not to happen in 3.6.4.3 (Build ID: 2ef5aff). Setting keyword "regression".
that looks like Cedric's object selection changes: #0 0xb279fde8 in SwFlowFrm::IsFollow (this=0x70) at /home/terry/lo_hacking/git/libo4/sw/source/core/inc/flowfrm.hxx:163 [...] #5 0xb2cabcc0 in (anonymous namespace)::lcl_GetCrsrOfst_Objects (pPageFrm=0xa11ecf8, bSearchBackground=false, pPos=0xbfffdd64, rPoint=Point = {...}, pCMS=0xbfffdd1c) at /home/terry/lo_hacking/git/libo4/sw/source/core/layout/trvlfrm.cxx:84 #6 0xb2cac0a1 in SwPageFrm::GetCrsrOfst (this=0xa11ecf8, pPos=0xbfffdd64, rPoint=Point = {...}, pCMS=0xbfffdd1c, bTestBackground=false) at /home/terry/lo_hacking/git/libo4/sw/source/core/layout/trvlfrm.cxx:217
Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2fc4af311656e7d019ca802d23444e5161f820ee fdo#58142: fix frame selection in SwPageFrm::GetCrsrOfst: The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
indeed it was caused by e8fbe97900f13305b17015d9044993bde4adab36 but not in a way i expected... when inserting multiple pictures we essentially loop around this: case SW_PASTESDR_INSERT: SwTransferable::SetSelInShell( rSh, sal_False, pPt ); rSh.Insert( sURL, aEmptyStr, aGrf ); i.e. first un-select any flys and then insert. one of the reasons for un-selecting is that Insert will select the inserted fly at the end. during un-selecting the frame via SwWrtShell::UnSelectFrm() weird things happen in SwPageFrm::GetCrsrOfst(); the SwRect for the page has slightly different x coordinates on different platforms, and for the check whether the nearest frame or the nearest paragraph is closer i get on 64 bit Linux this: Run till exit from #0 rtl::math::approxEqual (a=1.304381782533275e+19, b=1.3043817825332746e+19) at math.hxx:252 basegfx::fTools::equal (rfValA=@0x7fffdb0d8468: 1.304381782533275e+19, rfValB=@0x7fffdb0d8460: 1.3043817825332746e+19) at ftools.hxx:167 Value returned is $8 = true whereas on 32 bit MSVC build the difference is slightly larger and approxEqual returns false. if the fly remains selected by UnSelectFrm() we crash when inserting the next picture, trying to set its anchor to a SwGrfNode. a better handling in SwPageFrm::GetCrsrOfst() of the case where paragraph is hit but background frame is not hit seems to fix it.
oh we also should backport the fix to 3.6 because the commit that introduced the regression is on the 3.6 branch too...
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2ab2046fe7d939be02649b1c69f571cb19f9aeaa&g=libreoffice-4-0 fdo#58142: fix frame selection in SwPageFrm::GetCrsrOfst: It will be available in LibreOffice 4.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-3-6": http://cgit.freedesktop.org/libreoffice/core/commit/?id=4703b45c8fd6b72c8cb797492b14e48b5e1c38f7&g=libreoffice-3-6 fdo#58142: fix frame selection in SwPageFrm::GetCrsrOfst: It will be available in LibreOffice 3.6.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.