Steps to reproduce: 1/ open a new spreadsheet 2/ select cell A1 -> right click > Add a comment ==> crash (segmentation fault) tested on Version 4.1.0.0.alpha0+ (Build ID: 5a9b1bcc3941574f0f42791c189f90b302816da) with Ubuntu 12.04 x86-64 Best regards. JBF
Created attachment 75007 [details] bt + console logs on master On pc Debian x86-64 with master sources updated today (commit e2f6fd6abee572c86d25e39f799d477ffcee7b3d), I reproduced the crash. I attached console logs + bt
Kohei/Markus/Eike: one for you or for Caolán (since bt shows vcl part)?
I am not sure but this bug may be related to bug 61024. I found this crash when trying to confirm bug 61024 on the master. Best regards. JBF
I think I know what is the problem here. Sadly it requires much more debugging. We are somehow deleting the object that we are still using indirectly out of one of the object's methods. As nice as it sounds as ugly is it to debug.
Created attachment 76129 [details] typescript of valgrind run Markus is probably far ahead of me on this, but just in case, here is a run under valgrind. Summary ... typescript user lines action ----- --------------------- 57 rt-click A1 insert comment 62 "foo bar" 78 click A2 269 close document <Close without saving> 270 close Start Center This reports 7 cases of FuText::MouseButtonDown(MouseEvent const&) (futext.cxx) doing a read at various offsets within the same previously freed block. These observations are from master commit 2082dc5, pulled around 2013-03-06 06:00 UTC, built and executing on ubuntu-natty (11.04) 32-bit, configured with... --enable-dbgutil --enable-crashdump --disable-build-mozilla --without-system-postgresql --without-myspell-dicts --without-help --with-extra-buildid HTH, Terry.
Markus Mohrhard committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=d2157548221e28d8f702cc81991f7aef198b523e fix fdo#61025, Revert "fdo#55430 switches off text mode when ... The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
So the bug has been fixed by reverting the problematic part of the commit. I have to understand now why it introduced the regression before I commit the patch again. The problem has been introduced with the last patch from Bug 55430.
Verified on Version 4.1.0.0.alpha0+ (Build ID: 1e67ecc6569e1c01485471a4c396a63b597a052) on Ubuntu 12.04 x86-64 Thank you very much, Markus. :-) Best regards. JBF