Steps to reproduce : Open this document : https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1235935/+attachment/3862408/+files/Impacting%20the%20bioscience%20progress%20by%20backporting%20software%20fro%20Biolinux.odt Search Bio-Linux and replace by BioLinux Undo this operation Expected behavior : No modification in the document and no crash Current behavior : Crash Same on the master
Reproducible with 4.1.0.2.0 - 4.1.2.3 under Win7x64. Not reproducible with 4.1.0.1 and older -> regression.
I proposed a patch on Gerrit : https://gerrit.libreoffice.org/#/c/6147/
problematic paragraph: <text:p text:style-name="P61"><text:span text:style-name="T34">O</text:span>ne other repository <text:span text:style-name="T30">already mentioned above </text:span>is direct from the Bio-Linux team and provide the software that makes Bio-<text:span text:style-name="T110">L</text:span>inux to Bio-<text:span text:style-name="T110">L</text:span>inux. <text:span text:style-name="T30">It could be viewed at:</text:span></text:p> minimal reproduction: put cursor before second Bio-Linux in that paragraph, replace _both_ second and third Bio-Linux, Undo crash in SwHistorySetTxt::SetInDoc() node nOffset = 119 m_nStart = 122 m_nEnd = 122 which is the space in "Linux team" ... so the hint somehow moved from its original position on the "L" to the right, and lost its 1-character extent while doing so, and then is deleted by the SwpHints::TryInsertHint() special case for RSID-only empty range AUTOFMT. ... the first replace leaves behind the empty-range AUTOFMT and the second replace records it in SwHistorySetTxt... the empty-range RSID-only AUTOFMT is produced by SwTxtNode::Update. probably we should delete this somewhere..
Created attachment 87278 [details] minimal reproducer bugdoc just Ctrl+H and replace "bar" with "blah" and Replace All, Undo -> crash could be used for unit test too...
fixed on master - although no unit test yet :)
Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=91159b1c31a7fd474ba0b97828f593604790ce3c fdo#70201: sw: eliminate no-extent RSID-only AUTOFMT hints The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=a1d37630ae191f526cc83b0c964df9b9bcb7d41d&h=libreoffice-4-1 fdo#70201: sw: eliminate no-extent RSID-only AUTOFMT hints It will be available in LibreOffice 4.1.4. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.