Created attachment 90206 [details] Sample calc file With the attached file: Select e.g. row 20 with the mouse, and use Crtl - to delete the row no issue. Select e.g. row 22 with the mouse, and use Crtl - to delete the row calc crash. Reproducible with some other spreadsheet but not with a new one. Win7x64Ultimate Version: 4.2.0.0.beta1 Build ID: f4ca7b35f580827ad2c69ea6d29f7c9b48ebbac7 Version: 4.3.0.0.alpha0+ Build ID: 86268546a09c3bdd0d5cb6bc047408db779e057c TinderBox: Win-x86@47-TDF, Branch:master, Time: 2013-12-03_15:52:47 No reproducible with 4.1.4
Hello, Reproduced with LO 4.2.0.0.beta1 Build ID: f4ca7b35f580827ad2c69ea6d29f7c9b48ebbac7 & Windows 7 Home Premium. Don't reproduced if linked file is deleted. Probably related. Not reproduced with LO 4.1.3.2. Kind regards. Jacques
Created attachment 90383 [details] typescript with backtrace from core file The crash is signal 6, Aborted. The interesting part of the terminal output is: /usr/include/c++/4.7/debug/safe_iterator.h:292:error: attempt to increment a past-the-end iterator. Objects involved in the operation: iterator "this" @ 0x0x7fffc3f5f820 { type = N11__gnu_debug14_Safe_iteratorIN9__gnu_cxx17__normal_iteratorIPKP13ScFormulaCellNSt9__cxx19986vectorIS4_SaIS4_EEEEENSt7__debug6vectorIS4_S9_EEEE (constant iterator); state = past-the-end; references sequence with type `NSt7__debug6vectorIP13ScFormulaCellSaIS2_EEE' @ 0x0x7fffc3f5f820 } Application Error Backtrace starts at line 132 of the typescript. This observation comes from master commit 3d7d622, fetched 2013-11-19, configured as: --enable-option-checking=fatal --enable-dbgutil --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src built and running on debian-wheezy. Note well that this is a debug build. That can change the kind of failure, hopefully in an informative way.
From git bisect: 177c67106d0e92dd76255a9842c948a917d92cdf is the first bad commit ... source-hash-93ab5bc4daed5197a815275cf78fcc562bda4d5b and from git bisect log: # bad: [d31848bf3b700a22d127d7c775a0f910a7e133d0] source-hash-86cbe18a6143bf054c31f69dc97368dfdd3ad374 # good: [3e7462bd65e692bf0592d5b080b7716341b62a47] source-hash-1eddfce9894fd05315173744f495619189093dc7 git bisect start 'latest' 'oldest' # good: [578fb08152ad11454e2f09ad6f8c8e527da817de] source-hash-4e3e171262aed0e52fa76158950d5be770249e80 git bisect good 578fb08152ad11454e2f09ad6f8c8e527da817de # bad: [efb04c1c794ef7fc4cda1eb80880d333ca969a5e] source-hash-7908692490120350f2ad45241f7b19ba52dc0489 git bisect bad efb04c1c794ef7fc4cda1eb80880d333ca969a5e # good: [b46b5a58fcaec85eefb31b23afb0fc389a0c5334] source-hash-34c1b7bdd0bca4753f66a7d17ef46647a64a319e git bisect good b46b5a58fcaec85eefb31b23afb0fc389a0c5334 # good: [3791268ce3e6f9e570f02c09d586fd8e9f2485c3] source-hash-51daa4de4fbb86903aeb9cdfefbb089e8d00c001 git bisect good 3791268ce3e6f9e570f02c09d586fd8e9f2485c3 # good: [8f14f077f5faef9b7660ddf5ebcd188eb3042372] source-hash-dd5c0b2db451ff4d6fac7a72770758513583d468 git bisect good 8f14f077f5faef9b7660ddf5ebcd188eb3042372 # bad: [44280d2c3d00ce9bf30fa620dbd4d4c76d60fdc3] source-hash-942501b6e49c6c9e19556d9ec132a458e5fef6c3 git bisect bad 44280d2c3d00ce9bf30fa620dbd4d4c76d60fdc3 # good: [7ddc3936819ea8fd00a6419c80183bfd764f5b7c] source-hash-5ab07df58bcc33423fabba2d0363cdde6a51f566 git bisect good 7ddc3936819ea8fd00a6419c80183bfd764f5b7c # good: [8d6f38a4488ba5c2c9a80f38ffe91a970fdc8ef7] source-hash-39f42b0b03489459540404dd218c38709853c021 git bisect good 8d6f38a4488ba5c2c9a80f38ffe91a970fdc8ef7 # bad: [177c67106d0e92dd76255a9842c948a917d92cdf] source-hash-93ab5bc4daed5197a815275cf78fcc562bda4d5b git bisect bad 177c67106d0e92dd76255a9842c948a917d92cdf
Created attachment 91847 [details] bt with master sources at opening On pc Debian x86-64 with master sources updated today, I had a crash at the opening!
I gave a try with 4.2, I reproduced the exact crash of Terrence. Here's the first pb: http://opengrok.libreoffice.org/xref/core/sc/source/core/data/column.cxx#2384 2384 for (; it != itEnd; ++it) 2385 { 2386 const ScFormulaCell& rCell = **it; 2387 if (!rCell.IsShared()) 2388 continue; 2389 2390 if (rCell.IsSharedTop()) 2391 { 2392 // Check its tokens and record its reference boundaries. 2393 const ScTokenArray& rCode = *rCell.GetCode(); 2394 rCode.CheckRelativeReferenceBounds( 2395 mrCxt, rCell.aPos, rCell.GetSharedLength(), mrBounds); 2396 2397 // Move to the last cell in the group, to get incremented to 2398 // the next cell in the next iteration. 2399 size_t nOffsetToLast = rCell.GetSharedLength() - 1; 2400 std::advance(it, nOffsetToLast); 2401 } 2402 } after line 2400 if it == itEnd, line 2384 increases again and past the end. After checking this one by using std::distance(it, itEnd) and nOffsetToLast I had another crash here: http://opengrok.libreoffice.org/xref/core/sc/source/core/tool/sharedformula.cxx#71 70 sc::formula_block::iterator itEnd = it; 71 std::advance(itEnd, nLength2); No check here before using advance After a check, I got a third crash http://opengrok.libreoffice.org/xref/core/sc/source/core/data/column3.cxx#2772 2771 sc::formula_block::iterator itGrpEnd = it; 2772 std::advance(itGrpEnd, xCurGrp->mnLength); I stopped here. I used Opengrok to show lines corresponding with master sources but it's almost the same with 4.2 sources for these issues. Kohei/Markus/Eike: any idea to make std::advance safer?
Confirmed:4.2.0.1:OSX Crash when doing repro steps from bug description. Confirmed:4.3.0.0a0+:OSX Version: 4.3.0.0.alpha0+ Build ID: cbe7ab3d6188e725414cbb15ca534f96fe51d8c7 TinderBox: MacOSX-x86@49-TDF, Branch:master, Time: 2014-01-12_00:08:19 Instant crash when opening test file.
I have filed bug 73522 for the segfault.
Taking a stab at this.
Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=42f551d524a1df46f6a311d5897ac30bd8fc1aaf resolved fdo#72293 correctly split grouped formulas and regroup The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Pending review for 4-2 at https://gerrit.libreoffice.org/7452 for 4-2-0 at https://gerrit.libreoffice.org/7453
Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=60b187c774430b52c8a4b62642547c6b2852d818 unit test for shared formula row deletion, fdo#72293 The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=d72321b665f54946cf603e6f30740f31151c898f&h=libreoffice-4-2 resolved fdo#72293 correctly split grouped formulas and regroup It will be available in LibreOffice 4.2.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thanks Eike. According with commits, seems solved. Win7x64Ultimate Version: 4.2.1.0.0+ Build ID: d72321b665f54946cf603e6f30740f31151c898f TinderBox: Win-x86@42, Branch:libreoffice-4-2, Time: 2014-01-16_02:01:06 Version: 4.3.0.0.alpha0+ Build ID: 42f551d524a1df46f6a311d5897ac30bd8fc1aaf TinderBox: Win-x86@39, Branch:master, Time: 2014-01-15_22:44:37 And I think it continues awaiting review until: Version: 4.2.0.2 Build ID: cd65d6220c5694ee7012d7863bcde3455c9e3c30
*** Bug 73542 has been marked as a duplicate of this bug. ***
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-4-2-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9f27edb1de3a7ef7499fc0e4c0bdc36e3ae20ada&h=libreoffice-4-2-0 resolved fdo#72293 correctly split grouped formulas and regroup It will be available already in LibreOffice 4.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Works now on LO 4.2.0.3 Build ID: c63c03decdf780d8fb80823950665b782ec9ecd0 & Windows 7 Home Premium Thanks to all, Jacques
Migrating Whiteboard tags to Keywords: (bibisected) [NinjaEdit]