Created attachment 116319 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, ca6997fbb8b1f4b8c039db1c487df0ce8961472c, I had a crash by following these steps: - retrieve https://bugs.documentfoundation.org/attachment.cgi?id=116312 (tdf#91878) - open the file - click just below the "1" of the cell which contains "A1" => crash soffice.bin: /home/julien/compile-libreoffice/libreoffice/vcl/source/outdev/map.cxx:382: long int ImplLogicToPixel(long int, long int, long int, long int, long int): Assertion `nMapNum == 0 || std::abs(n) < std::numeric_limits<long>::max() / nMapNum / nDPI' failed. #4 0x00002aaab1c81b88 in ImplLogicToPixel(long, long, long, long, long) (n=-9223372036854772989, nDPI=96, nMapNum=19, nMapDenom=16000, nThres=2528336632909749) at /home/julien/compile-libreoffice/libreoffice/vcl/source/outdev/map.cxx:382 See bt
Noticing this part in bt: #6 0x00002aaace14e975 in SvxRuler::ConvertHPosPixel(long) const (this=0x2590d30, nVal=-9223372036854772989) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:404 #7 0x00002aaace14eb6d in SvxRuler::ConvertPosPixel(long) const (this=0x2590d30, nVal=-9223372036854772989) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:424 #8 0x00002aaace150c4f in SvxRuler::UpdateColumns() (this=0x2590d30) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:835 I suppose investigation can start at frame 8 (since nVal=-9223372036854772989 seems wrong) Putting a break in svx/source/dialog/svxruler.cxx:812 gave me 2 bts: 1) #0 0x00002aaace1509f5 in SvxRuler::UpdateColumns() (this=0x2abd450) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:812 #1 0x00002aaace152aa1 in SvxRuler::Update() (this=0x2abd450) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:1262 #2 0x00002aaace15cfa4 in SvxRuler::Notify(SfxBroadcaster&, SfxHint const&) (this=0x2abd450, rHint=...) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:3413 2) #0 0x00002aaace1509f5 in SvxRuler::UpdateColumns() (this=0x2bb4a40) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:812 #1 0x00002aaace152aa1 in SvxRuler::Update() (this=0x2bb4a40) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:1262 #2 0x00002aaaca575c90 in SwCommentRuler::Update() (this=0x2bb4a40) at /home/julien/compile-libreoffice/libreoffice/sw/source/uibase/misc/swruler.cxx:251 #3 0x00002aaace15cfa4 in SvxRuler::Notify(SfxBroadcaster&, SfxHint const&) (this=0x2bb4a40, rHint=...) at /home/julien/compile-libreoffice/libreoffice/svx/source/dialog/svxruler.cxx:3413 Commenting line 251 in sw/source/uibase/misc/swruler.cxx (see 248 void SwCommentRuler::Update() 249 { 250 Rectangle aPreviousControlRect = GetCommentControlRegion(); 251 // SvxRuler::Update(); 252 if (aPreviousControlRect != GetCommentControlRegion()) 253 Invalidate(); 254 } prevents from the crash. See http://opengrok.libreoffice.org/xref/core/sw/source/uibase/misc/swruler.cxx#248 Just for info, searching git history for this line gives this: commit e047a967b0db8c61dc977b52f3876fc4e385ad77 Author: Rodolfo Ribeiro Gomes <rodolforg@gmail.com> Date: Sat Mar 9 14:08:21 2013 -0300 fdo#38246 Comment control on Writer ruler feature
Now I don't know if it's the good fix. Perhaps sometimes only SwCommentRuler::Update is called and so svxRuler::Update() should be called too. Michael: any thought? (see bt + previous comment) (I put tdf#90502 since it crashes on the same assert but perhaps completely unrelated)
I don't reproduce this with master sources updated today. I'm quite sure it's thanks to http://cgit.freedesktop.org/libreoffice/core/commit/?id=c837bfda8c646fe2f7ff789032dd9a6ee6fd396f so RESOLVED/FIXED. (since it changes FAR_AWAY part)