Apparently another VclPtr one: Unfortunately this is only reproducible under the experimental UI testing automation I've been working on, and not by hand, but the crash doesn't occur in builds before VclPtr was merged. What the test is doing is: - Open a new Writer window - Open "Insert - Special Character..." - Click on the table cell "!" - Click on the button "Insert"
Created attachment 115726 [details] Linux 5.0 master backtrace (5f653490a40850886f94c9fd6b381b4bed1de58a)
Confirmed with (also unpublished ;) bibisect-50max - this started at exactly the below commit Adding Cc: to michael.meeks@collabora.com; Could you possibly take a look at this one? Thanks commit e8b97a52c96df9c8e8055407b1e40ed7cb9cfc67 Merge: 2b0be6c 0cde74f Author: Michael Meeks <michael.meeks@collabora.com> AuthorDate: Tue Apr 28 11:41:31 2015 +0100 Commit: Michael Meeks <michael.meeks@collabora.com> CommitDate: Tue Apr 28 15:08:48 2015 +0100 Merge remote-tracking branch 'origin/feature/vclptr'
Additional information on the last part of the reproduction - in fact it's doing an accessibility action "press" of the button. If a mouse click is simulated instead, no crash
Could you give a try with this patch? diff --git a/svx/source/dialog/charmap.cxx b/svx/source/dialog/charmap.cxx index c57a4e3..7ec9edd 100644 --- a/svx/source/dialog/charmap.cxx +++ b/svx/source/dialog/charmap.cxx @@ -219,7 +219,7 @@ sal_uInt16 SvxShowCharSet::GetColumnPos(sal_uInt16 _nPos) int SvxShowCharSet::FirstInView() const { int nIndex = 0; - if (aVscrollSB->IsVisible()) + if (aVscrollSB && aVscrollSB->IsVisible()) nIndex += aVscrollSB->GetThumbPos() * COLUMN_COUNT; return nIndex; } Indeed, aVscrollSB has already been disposed, your bt shows svx/source/dialog/charmap.cxx:699 (frame 7), see: 694 void SvxShowCharSet::dispose() 695 { 696 if ( m_pAccessible ) 697 ReleaseAccessible(); 698 aVscrollSB.disposeAndClear(); 699 Control::dispose(); 700 }
Created attachment 115738 [details] Linux 5.0 master backtrace (after comment 4 patch) With the patch it gets slightly further, but still ends up crashing with a different trace
Created attachment 115739 [details] Reproducer script Attached is a minimal reproducer, without various setup dependencies the original script has To run it you'll need: - Python 2 (everyone should have) - A release dogtail package (e.g. python-dogtail on Ubuntu) - LibreOffice running with a single Writer window open and accessibility enabled (export SAL_USE_VCLPLUGIN="gtk" GTK_MODULES="gail:atk-bridge")
Michael Meeks committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=1940d8b85b6cb7321ded254e092cd55bee7007aa tdf#91395 - avoid post-dispose charmap crasher. It will be available in 5.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Hopefully I nailed it - can you re-try with master ? =)
Looks good now - thanks!
Michael Meeks committed a patch related to this issue. It has been pushed to "libreoffice-5-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=15b6db458f5516377703bab8a2860d43753441ed&h=libreoffice-5-0 tdf#91395 - avoid post-dispose charmap crasher. It will be available in 5.0.0.0.beta2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Migrating Whiteboard tags to Keywords: (bibisected) [NinjaEdit]