Steps: 1) Open Writer 2) Insert a table with 3 rows 3) Select rows 2 and 3 4) Insert rows above through table toolbar button or context menu 5) Undo 6) Crash Regression as this doesnt happen in 5.0 daily. Version: 5.1.0.0.alpha1+ Build ID: f6bc5b79c31225c02e9500d0ced4bd26f998f82b TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2015-11-24_01:06:28 Locale: en-US (en_US.UTF-8) Version: 5.0.4.0.0+ Build ID: ec0da57d9cc93b2bfaaa5b6b2d47c3850b3a814e TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:libreoffice-5-0, Time: 2015-11-12_14:15:55 Locale: en-US (en_US.UTF-8)
confirmed in Version: 5.1.0.0.alpha1+ Build ID: f6bc5b79c31225c02e9500d0ced4bd26f998f82b Threads 2; Ver: 4.2; Render: default; TinderBox: Linux-rpm_deb-x86@71-TDF, Branch:master, Time: 2015-11-24_01:06:34 Locale: nl-NL (nl_NL.UTF-8) thanks for hunting this one, Jay ;)
*** Bug 96675 has been marked as a duplicate of this bug. ***
*** Bug 96680 has been marked as a duplicate of this bug. ***
also, undo insert columns are affected too.
Created attachment 121520 [details] `make debugrun` with backtrace LibreOffice in the attached `make debugrun` is commit 30b8dbc, fetched 2015-12-22 00:55 UTC, configured ... CC=ccache /usr/bin/gcc CXX=ccache /usr/bin/g++ --enable-option-checking=fatal --enable-dbgutil --enable-debug --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src # --disable-remote ..., build and running on debian-stretch. My STR are ... (1) Run Writer from the command line. Program presents Writer window "Untitled 1". (2) Take menu option Table > "Insert Table...". Program presents dialog "Insert Table". (3) In dialog "Insert Table" type "<Enter>">. Program closes the dialog and returns focus to "Untitled 1", which now shows a table, 2-by-2; the caret is in the upper left cell. (4) Move mouse cursor into the left margin beside the second row of the table. The mouse cursor changes to a bold righ-pointing arrow. (5) Right-click and from the popup menu select Insert > "Rows Above". The table is now three rows by two columns, and the caret is in the first cell of row three. (5) Type "<Ctrl>+Z". SIGSEGV. ..., but note that in the same test on daily dbgutil bibisect repo version 2015-12-23, running chroot-sid, the program failed with SIGABRT ... /usr/include/c++/4.8/debug/vector:353:error: attempt to subscript container with out-of-bounds index 2, but container only holds 2 elements. Objects involved in the operation: sequence "this" @ 0x0x2644820 { type = NSt7__debug6vectorIP11SwTableLineSaIS2_EEE; } Application Error Fatal exception: Signal 6 ( I am going off now to see what I have to do to get the STL debug classes in my local build. )
Working the the daily dbgutil bibisect repository, I have determined that the bug came into LibreOffice between 2015-11-11 and 2015-11-12. The corresponding source hashes are 591903a..4b91870, which covers 80 commits. Considering the error thrown by the debug version of STL iterators, the following commits jump out at me ... 2ff2fafff8fe455a2493d04e7da709588a691ddd svx: boost::ptr_vector->std::vector<std::unique_ptr> 8978ce53e16de9a597015b0704f813dffa7da920 svx: boost::ptr_vector->std::vector<std::unique_ptr> 44d3577f4b5ec181219268826d2ec504e61541f3 linguistic: boost::ptr_vector->std::vector<std::unique_ptr> 5d892a3378dfd5c452ba106b002c7cef9a77a861 idl: boost::ptr_vector->std::vector<std::unique_ptr> 1459f127711ba11e0ce044d9fb70d1941b5c3209 framework: boost::ptr_vector->std::vector<std::unique_ptr> aef8a59d51954f1858296ef23f70c8bd65c77c1c framework: boost::ptr_vector->std::vector<std::unique_ptr> ea2ae023cf0ca44b445aead93a47b8154f0cc818 framework: boost::ptr_vector->std::vector<std::unique_ptr> 2a2b9920c1ccd9cfb2ec474ceffed7c5d78ecb00 extensions: boost::ptr_vector->std::vector<std::unique_ptr> d1bda375a077d0de31cc4f5e602b3e33fdde0d55 extensions: boost::ptr_vector->std::vector<std::unique_ptr> Noel, do you want to take this bug on? Adding Noel to cc; adding keywords bibisect, have-backtrace.
Sorry, I can't see how that could be any of my commits. This looks like a stale SwTableBox* pointer, but why that is arising here I don't know.
I had time to run some bisecting compiles and I narrowed it down to this range: 14c2b50 unused header fa91dd3 5th step to remove tools/rtti.hxx c21ddcd tdf#93243 replace boost::bind with c++11 lambdas in vcl/source tree a31b4f4 Missing includes 3503873 loplugin:staticmethods My guess is on fa91dd3
Created attachment 121536 [details] valgrind and gdb backtrace full This time, running with parameter --valgrind, the LibreOffice of comment 5 raised the STL assertion. The failing task is pid 28204. The following points may be of interest ... line what ---- -------------------- 144 process starts 352 invalid read 488 STL error message 499 stack printout 575 process terminating, valgrind prints stack 644 ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) 662 gdb starts 699 backtrace full
Setting whiteboard haveValgrind.
I can confirm that the problem commit is fa91dd3 5th step to remove tools/rtti.hxx Adding Oliver to CC
(In reply to Noel Grandin from comment #8) > My guess is on fa91dd3 unfortunately, at least <http://cgit.freedesktop.org/libreoffice/core/commit/?id=75f0f9d5538577e0d4923b4d46ba6f88b6199814> "New loplugin:faileddyncast" in combination with <http://cgit.freedesktop.org/libreoffice/core/commit/?id=548c43238d02b34cf73e7c2ca1a912ee4fe82544> "Mark some classes as final" did not turn up any problems introduced with that commit
Oliver Specht committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=70d2673ba06878ee84c99d7877e4b71749ac06f0 tdf#96067: fix crash in undo of table row insertion It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Oliver Specht committed a patch related to this issue. It has been pushed to "libreoffice-5-1-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=151aba28ba46d6f0aae6ac69b70144e713d466e1&h=libreoffice-5-1-0 tdf#96067: fix crash in undo of table row insertion It will be available in 5.1.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Oliver Specht committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9a4f133bc8b00ea2051e6979087b46fd0401e60f&h=libreoffice-5-1 tdf#96067: fix crash in undo of table row insertion It will be available in 5.1.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
I no longer see the crash in daily dbgutil bibisect version 2016-01-18 running in and environment chroot'd to debian-sid.
I am setting status RESOLVED FIXED.
Version: 5.2.0.0.alpha0+ Build ID: d95d9d7f908419f397941ef60ac6ced3261c9b87 CPU Threads: 2; OS Version: Linux 4.2; UI Render: default; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2016-01-19_00:40:21 Locale: en-US (en_US.UTF-8)
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=0089da5af5ab1e1cbbba76b4635e8472c2678c5f tdf#96067 Add uitest It will be available in 5.4.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/820a5155973fef28891c7cc9f9547c21b0f2bf1a tdf#80663, tdf#96067: move UItest to CppunitTest It will be available in 7.0.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.