STR (1) Run Writer from the command line. (2) Turn on page headers. (3) Insert date into the document. (4) Apply bottom border to the page. (5) Save the document. (6) Change the format of the date. (7) Close LibreOffice; at the prompt, do not save the document. Note that there is no crash if instead of step (4) you apply bottom border to the page while the page format dialog is open in step (2). I see this crash in daily dbgutil bibisect versions 2015-12-03 and 2015-05-20. As the latter is the oldest dbgutil version I have, I cannot tell whether this problem is a regression, and the bug is notBibisectable.
Created attachment 121021 [details] terminal output This output is from daily dbgutil bibisect version 2015-12-03: Version: 5.2.0.0.alpha0+ Build ID: 103cd686de34b668a838c459f3d827c02e704656 Threads 1; Ver: Linux 3.2; Render: default; Locale: en-CA (en_CA.UTF-8)
Created attachment 121022 [details] gdb on the core file
Setting whiteboard haveBacktrace notBibisectable.
Just for the record, on pc Debian x86-64 with master sources updated today, I don't reproduce the crash.
Bodhi Moksha Version: 5.2.0.0.alpha0+ Build ID: 1fd41f43eb73c373cb94d32d82c5fb7a7e243367 Not seeing a crash here.
(Adding "in SfxItemPool::Remove" to summary.) Thank you, Julien and Joel, for your efforts. In order to reproduce the bug, I had to start by recreating a whole document and all the missteps that I could remember doing. I found it quite tedious to work from that down to the smallest set of crashing steps that I could find. That is not much excuse for me being so terse when I wrote what is left for the bug description. So, here are similar steps, but written more verbosely. Note that I have added a Save As at step (11). This change is to bring the steps in line with what I did many times; the omission of that was my last simplification, and I only did it once. I am starting with higher step numbers in order not to duplicate the earlier description. In all cases, any blanks in strings are something that I am adding here for ease of reading; do not type those blanks. (10) Run a dbgutil version of LibreOffice with command line parameters --norestore --writer. Program presents Writer window "Untitled 1". (11) Type "<Alt>+F A". Program presents dialog "Save As". (12) Save the file as, let us say, /tmp/a30. (Now you know know how often I have been through this. <grin />) Program closes the dialog and returns focus to Writer window "a30". (13) Type "<Alt>+O P". Program presents dialog "Page Style: Default Style". (14) Click on tab Header. In the dialog, program displays tab Header. (15) Click checkbox "Header on" (turning the checkbox on) and click button <OK>. Program returns focus to Writer window, and the caret is at the beginning of the body of the document. (16) Type "<Alt>+I <up> <up> <up> <up> <up> <up>". Menu option "Field" is highlighted. (I think it may be a bug that it does not serve to type "<Alt>+I d d <right>", but I have lost confidence in my understanding of accelerators and shortcut keys.) (17) Type "<right>" and in the submenu click "Date"; the date I see inserted is 12/05/15. (18) Type "<Alt>+O P". Program presents dialog "Page Style: Default Style" and tab Header. (19) Click tab Borders. In the dialog, program displays tab Borders. (20) In the control labelled User-defined, click at the bottom of the iconic page image. Program puts a black bar with an enclosed white line across the botom of the page image. (21) Click button <OK>. Program returns focus to Writer window; my screen size does not let me see the border at the bottom of the page. (22) Type "<Alt>+F S". An icon in the status bar at the bottom of the window shows the document "not modified". (23) Right click on the date in the body of the document, and in the pop-up menu click "Fields...". Program presents dialog "Edit Fields"; in pane Format, "12/31/99" is reverse-image. (24) In pane Format, click "1999-12-31" and click button <OK>. Program closes the dialog and returns focus to Writer window. The date is displayed in the selected format; I see 2015-12-05. An icon in the status bar shows the document "modified". (As well, I have made the crash by selecting date format "Fri, December 31, 1999" in this step. I have not tried closing the dialog without actually changing anything.) (25) Type "<Ctrl>+Q". Program prompts :Save Document? ...". (26) In the dialog, click button <Dont't Save>. Program crashes.
I tried again, 3 times, no crash here :-( Perhaps, try an even more recent daily build.
Migrating Whiteboard tags to Keywords: (haveBacktrace, notBibisectable)
Some observations, not quite random ... I now have debian-testing on another machine with dual processors. This let me try the following changes. Each crashes. (*) LO executing on 1 or 2 processors (*) Writer window unmaximized or left maximized (as it starts out in debian-testing) (*) new user profile directory or one used just before (*) gnome3 (debian-testing) vs. fallback to gnome2 (debian-wheezy) vs. KDE (debian-testing). I have never succeeded in raising the assertion in a localbuilt dbgutil LO. However, I did succeed in getting a reference to address 0x38 under valgrind. Shall attach output soon. There must be *something* peculiar that I am doing. Any thoughts on what that might be?
Created attachment 121285 [details] valgrind The process of interest is 21903, which starts at line 38 of the file and ends at line 1113. The following points may be of interest: line what ---- ------------------------------ 38 process starts 84 invalid read 203 invalid read 322 invalid read 441 invalid write 560 invalid read 682 invalid read 805 invalid read 928 invalid read 976 Address 0x38 is not stack'd, malloc'd or (recently) free'd 978 Application error ... Signal 6 ... 1044 Process terminating ... SIGABRT ... dumping core 1113 end ... 18 errors from 8 contexts This LibreOffice is commit 5df3264, fetched 2015-12-13 05:56 UTC, configured ... CC=ccache /usr/bin/gcc CXX=ccache /usr/bin/g++ --enable-option-checking=fatal --enable-dbgutil --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src --disable-remote built and running on debian-testing.
Created attachment 121324 [details] valgrind First a correction: in comment 9 where I said KDE, I meant Xfce. I have once again run LO with --valgrind, with somewhat different results: (*) The program raises the assertion in SfxItemPool::Remove. (*) Mostly library names are replaced with source line numnbers. (Why not always? I do not know.) (*) I ran gdb on the core file. This libreOffice is commit 63feac2, fetched 2015-12-14 03:03 UTC, configured ... CC=ccache /usr/bin/gcc CXX=ccache /usr/bin/g++ --enable-option-checking=fatal --enable-dbgutil --enable-debug --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src # --disable-remote built and running on debian-stretch. The process of interest is 3223. The following points may be of interest: line what ---- ---------------------------------- 52 process 3223 starts 202 invalid read 349 invalid read 496 invalid read 643 invalid read 790 invalid read 937 invalid read 1084 invalid read 1231 assertion raised; backtrace by LO 1318 backtrace by valgrind 1387 process 3223 ends 1451 gdb backtrace 1532 gdb backtrace full
Created attachment 121326 [details] valgrind log On pc Debian x86-64 with master sources updated, I gave a try with Valgrind and had a crash! (!?).
(In reply to Julien Nabet from comment #12) > Created attachment 121326 [details] > valgrind log > > On pc Debian x86-64 with master sources updated, I gave a try with Valgrind > and had a crash! (!?). Setting status to NEW according to comment #12. Please set back to unconfirmed if you disagree. Best regards. JBF
Jochen Nitschke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c9493b344a9bd104d0a882f5e9407880c0c63c20 tdf#96248 delete SfxPoolItems with Which Id >= 4000 It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Working in the daily Linux dbgutil repository, I cannot reproduce the assertion, even in versions from before the patch in comment 14. I am setting status VERIFIED WORKSFORME.
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/c5d0d424bd7e78455cb6f9578cf2425ac0787004%5E%21 tdf#120750: Revert "tdf#96248 delete SfxPoolItems with Which Id >= 4000" It will be available in 6.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-6-2": https://git.libreoffice.org/core/+/f1c47b9ea954342ecffc440784b43cc8cfd99f91%5E%21 tdf#120750: Revert "tdf#96248 delete SfxPoolItems with Which Id >= 4000" It will be available in 6.2.0.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-6-1": https://git.libreoffice.org/core/+/73c3c3deff69ccd6a2f55952a911738496fb3c32%5E%21 tdf#120750: Revert "tdf#96248 delete SfxPoolItems with Which Id >= 4000" It will be available in 6.1.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco - does your revert cause this one to recur ? =)
Working on debian-buster in the daily Linux dbgutil bibisect repository, I am unable to reproduce the bug either before or after the patch referenced in comment 15. I think status VERIFIED WORKSFORME is still right.