Created attachment 103543 [details] Writer document which demonstrates the crash Paste/undo actions in tables with merged cells cause document corruption and crashes Observed on OSX with LO 4.2.5.2. Other platforms unknown Steps to reproduce 1. Load the attached Writer document (which contains a 3x3 table in which A2:A3 and B2:C2 are merged cells, and the letters "a" "b" and "c" are placed in cells C1, B2 and C3 respectively) 2. Select and cut the range C1:C3 (the three cells containing the "a" "b" and "c") 3. Place the cursor in cell B2 4. Repeatedly paste then undo Result Despite the fact that the selection is unchanged, and the cursor is not moved, the three charaters are placed differently in each paste-undo cycle. After a couple of cycles, the table structure is corrupted and LO crashes
Created attachment 103544 [details] Crash dump
Still occurs in 4.3.0.4 release
Dear Matthew, Thank you for submitting the bug. I can confirm that the bug is available in 3.3.0, 3.6.7, 4.2.5, and 4.3.1. It will crash between 2 to 4 paste and undo cycles.
Created attachment 103729 [details] linux backtrace
(This is an automated message.) LibreOffice development currently prioritizes bugs with the so called MAB (most annoying bugs) -- as this bug has not run through that process (including writing a short rationale for this bug being a candidate and other who are watching the tracker bug silently approving that rationale etc.) its priority is set to high. Note this is effectively no change in the urgency assigned to this bug, as we are currently not making a difference between high and highest and severity is untouched. You can find out more about MABs and how the process works by contacting libreoffice qa on irc: http://webchat.freenode.net/?channels=libreoffice-qa The QA wiki page also gives you hints on how to get in contact with the team (if IRC fails you, your next best choice is the mailing list): https://wiki.documentfoundation.org/QA
Created attachment 109584 [details] Linux dbg bt of TB45 dbg build with symbols and source refs Backtrace with recent 32-bit Linux TB45-debug build On Fedora 20, 32-bit en-US with debug build Version: 4.4.0.0.alpha1+ Build ID: d59b9b4af36148e4d8df8f3e3492116d378642e2 TinderBox: Linux-rpm_deb-x86@45-TDF-dbg, Branch:master, Time: 2014-11-06_03:11:43 SIGABRT crash, assertion while finding pointer position pBlock->pData[ nOffset... BigPtrEntry::GetPos()
You can reproduce the basic issue with an even simpler document: 1. Insert Table with 2 columns, 1 row 2. Type a in column 1, b in column 2 3. Highlight and cut 4. GO to column2, paste (note how it just shows a 5. Undo 6. Paste again (now it shows a and b!) This simple case doesn't seem to crash, but does likely show the underlying bug. A similar issue happens if you do 1 column, 2 rows. The first paste adds a new row. The undo removes it and then a and b are both pasted in the same 2nd row.
*** Bug 81923 has been marked as a duplicate of this bug. ***
(This is an automated message.) Setting priority to highest as this is a MAB. This is part of an effort to make the importance of MAB reflected in priority too.
issue remains with 4.3 and 4.4 builds. Moving to mab4.3
try that with the correct bug id for mab4.3
What I see is that undo always leaves a pam that points to the start of the undone area and a mark to the end of the undone area, even if that area is empty. (In the normal where there is a selection this can be seen by selecting something, deleting it, and undoing and the newly undeleted stuff is again selected) The table overwrite/paste thing looks to see if a mark is set and goes off to "do something very complex" if its set. So if after each undo cycle, you physically click at the point where the cursor is flashing (which clears the mark) and then paste, undo, *click*, paste you get a wonderfully stable experience. So it seems reasonable to me to "do the simple thing" if there is no mark, or if the mark and point are the same, i.e. there is nothing actually selected by the PaM.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e06905df15ff03c6d3c84f61bd67860a91416c2d Resolves: tdf#81806 crash on certain table paste+undo+page cycles It will be available in 5.1.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=5fbf5b10ca45528a075aba5d5f8e3f6af08c287f&h=libreoffice-5-0 Resolves: tdf#81806 crash on certain table paste+undo+page cycles It will be available in 5.0.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-4-4": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ff6fb90179f1aa70e9d83bf4d90848fa13ff87db&h=libreoffice-4-4 Resolves: tdf#81806 crash on certain table paste+undo+page cycles It will be available in 4.4.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.