Created attachment 114406 [details] The referred example 1. I am using LO calc 4.4.1.2 kubuntu 14.04 2. Open the attached example 3. Now copy the sheet CoA before CoA (right clicking down on CoA and choosing Move/copy, etc.) 4. Goto cell AF7. 5. Insert =Recolha.A788 in that cell. It should display "CoB". 6. Now copy that cell *formula only* to all the gray area (paste special and select formula only) 7. Now let's do another copy of CoA (NOT CoA_2) but this time to before sheet "Recolha". Right click CoA down tab, choose before "Recolha" and copy. Calc crashes!!! Skipping steps 4 and 5 the crash does not occur.
No crash with Version: 4.5.0.0.alpha0+ Build ID: 28c61871e876e6a2cac47439f768504b1a4c94a0 TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2015-03-27_06:30:21 No crash with Version: 4.4.3.0.0+ Build ID: 3eba5eb1774ab621a1f0f4dcc7e82cce6c025b0a TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:libreoffice-4-4, Time: 2015-03-27_09:07:12
Confirm crash on windows, LO 4.4.1.2. I'll retest on linux, previously I in point 6 copied only to column AF. When I copy formula to AF:AK , calc crashes. Setting to new.
This seems to have begun at the below commit. commit 746e20f8c6d819fa128417a4db815b2473278291 Author: Kohei Yoshida <kohei.yoshida@collabora.com> AuthorDate: Tue Nov 18 12:35:39 2014 -0500 Commit: Kohei Yoshida <kohei.yoshida@collabora.com> CommitDate: Tue Nov 18 12:38:27 2014 -0500 Combine StartAllListeners() and StartNeededListeners()... And call the new method StartListeners(). This also adjusts what was previously StartAllListener() to be group-listener aware. Change-Id: I74de45c00f5b8ef232eea9fe3b93aa44d1d8855b
Created attachment 114463 [details] 4.4.2.1 backtrace
Created attachment 119904 [details] gdb backtrace
Attached a modified test file to simplify reproducing the problem: Copy the first sheet before the third one to crash LibreOffice. @Kohei: hi Kohei, could you check this problem? It seems, it is introduced by http://cgit.freedesktop.org/libreoffice/core/commit/?id=746e20f8c6d819fa128417a4db815b2473278291. Thanks, Laszlo
Created attachment 119905 [details] The referred example modified by the steps of the bug report except the last step to crash Calc Copy the first sheet before the third one to crash LibreOffice.
Migrating Whiteboard tags to Keywords: (bibisected) [NinjaEdit]
Eike, since Kohei is not following this, I was free to add you. If not your field, or somebody else's, please note. Thank you.
I get... /usr/include/c++/6.1.1/debug/safe_iterator.h:523: Error: attempt to compare iterators from different sequences. from ScColumn::StartListening which calls getBlockPosition which eventually calls ScColumn::InitBlockPosition to set miBroadcasterPos which is then used in StartListening the thing is though is that there appears to be *two* ScColumns of the same tab and col index at this point so the StartListening is "a" but the miBroadcasterPos pos belongs to "b"
at ScDocument::CopyTab we insert a new ScTable and call StartListeners on all the ScTables after the new insert point. But all those ScTables have their old index set, not their new one.
Plausible fix at https://gerrit.libreoffice.org/#/c/26552/
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2511e272481172b439d167fd8b09d14c755f223d Resolves: tdf#90285 during sheet copying the old sheets retain their old index It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
I couldn't really verify this.. with g++ 5.3.1 I get a different crash with or without that change: /usr/include/c++/5.3.1/debug/safe_iterator.h:224:error: attempt to construct a constant iterator from a singular mutable iterator. Objects involved in the operation: iterator "this" @ 0x0x7fff602e84d0 { type = N11__gnu_debug14_Safe_iteratorIN9__gnu_cxx17__normal_iteratorIPKPN4mdds17multi_type_vectorINS3_3mtv18custom_block_func1INS5_33noncopyable_managed_element_blockILi50E14SvtBroadcasterEEEENS3_6detail14mtv_event_funcEE5blockENSt9__cxx19986vectorISF_SaISF_EEEEENSt7__debug6vectorISF_SK_EEEE (constant iterator); state = singular; } iterator "other" @ 0x0x454f548 { type = N11__gnu_debug14_Safe_iteratorIN9__gnu_cxx17__normal_iteratorIPPN4mdds17multi_type_vectorINS3_3mtv18custom_block_func1INS5_33noncopyable_managed_element_blockILi50E14SvtBroadcasterEEEENS3_6detail14mtv_event_funcEE5blockENSt9__cxx19986vectorISF_SaISF_EEEEENSt7__debug6vectorISF_SJ_EEEE (mutable iterator); state = singular; references sequence with type `NSt7__debug6vectorIPN4mdds17multi_type_vectorINS1_3mtv18custom_block_func1INS3_33noncopyable_managed_element_blockILi50E14SvtBroadcasterEEEENS1_6detail14mtv_event_funcEE5blockESaISD_EEE' @ 0x0x488b478 } My previous assumption that some blocks in ColumnBlockPositionSet weren't shifted to the next sheet's tab doesn't hold. However, the change seems to fix some things with g++ 6.1.1
ah, on rereading I see that I fixed a crash on copying the *last* table to position 3, while the crash on copying the *first* table to position 3 remains
Ah, that explains. Twisted stuff.. gives me another idea though.
Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=dd7a2c95b86d158be8d0637bdff13b9a0ed9954b Resolves: tdf#90285 do not reuse the same StartListeningContext It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=d89e803f621f6722d5f7dbe5ea4af4018b0b6851&h=libreoffice-5-2 Resolves: tdf#90285 during sheet copying the old sheets retain their old index It will be available in 5.2.0.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-5-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9a9e1e6fdd5f0a2553d98818c31627be077deca9&h=libreoffice-5-2 Resolves: tdf#90285 do not reuse the same StartListeningContext It will be available in 5.2.0.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=aca8a92b6b78b9d6dbefbcf9784b09675ee8f187&h=libreoffice-5-1 Resolves: tdf#90285 during sheet copying the old sheets retain their old index It will be available in 5.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=dff1d0abc3e66277da76c60943ec6bc92c29b14f&h=libreoffice-5-1 Resolves: tdf#90285 do not reuse the same StartListeningContext It will be available in 5.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.