Loading https://www.libreoffice.org/bugzilla/attachment.cgi?id=107496 (from bug 84752) on 4.4 master leads to a crash. This appears to be a separate issue to the performance regression on the aforementioned bug The same backtrace was observed on: - OSX just from loading the file - Linux when running under valgrind, but not otherwise
Created attachment 107852 [details] OSX backtrace
Created attachment 107854 [details] Linux backtrace Annoyingly I can't yet reproduce this on Linux under memcheck - but callgrind did abort with the attached backtrace which is clearly the same as the OSX crash
Created attachment 107855 [details] Linux memcheck log Not sure how I failed to get this to work the first time, but here's a nice clear memcheck trace showing a bunch of invalid reads which relate to the backtrace of the crash
I think this is going wrong in Edit::ImplDelete at the maText.remove line
hmm, setting a SetMaxTextLen of -1, these used to be unsigned shorts, so that would have meant "max length" in the old days
http://cgit.freedesktop.org/libreoffice/core/commit/?id=e45136f1ff9d817dfec27a6a20ba29fffc6c54bf