Created attachment 122640 [details] sample db that will crash LOBase Version: 5.1.0.3 Build ID: 5e3e00a007d9b3b6efb6797a8b8e57b51ab1f737 CPU Threads: 4; OS Version: Linux 3.19; UI Render: default; Locale: en-US (en_US.UTF-8) will crash when attempting to delete inner join Here is a video of the bug in action :( https://youtu.be/wq0CzET-6zg
Created attachment 122644 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this. I attached bt with symbols.
Additional findings in gdb: (gdb) frame 1 #1 0x00002aaad95932a8 in dbaui::OJoinDesignViewAccess::getAccessibleChild (this=0x3d36a30, i=6) at /home/julien/compile-libreoffice/libreoffice/dbaccess/source/ui/querydesign/JAccess.cxx:80 80 aRet = m_pTableView->getTableConnections()[i - nTableWindowCount]->GetAccessible(); (gdb) p m_pTableView->getTableConnections() $1 = std::__debug::vector of length 4, capacity 4 = {{m_rInnerRef = rtl::Reference to 0x3cf0900}, {m_rInnerRef = empty rtl::Reference}, { m_rInnerRef = rtl::Reference to 0x38dd820}, {m_rInnerRef = rtl::Reference to 0x38de2b0}} (gdb) p nTableWindowCount $2 = 5 (gdb) p i $3 = 6 (gdb) p m_pTableView->getTableConnections()[0] $4 = (__gnu_cxx::__alloc_traits<std::allocator<VclPtr<dbaui::OTableConnection> > >::value_type &) @0x3cf1d70: {m_rInnerRef = rtl::Reference to 0x3cf0900} (gdb) p m_pTableView->getTableConnections()[1] $5 = (__gnu_cxx::__alloc_traits<std::allocator<VclPtr<dbaui::OTableConnection> > >::value_type &) @0x3cf1d78: {m_rInnerRef = empty rtl::Reference} (gdb) p m_pTableView->getTableConnections()[2] $6 = (__gnu_cxx::__alloc_traits<std::allocator<VclPtr<dbaui::OTableConnection> > >::value_type &) @0x3cf1d80: {m_rInnerRef = rtl::Reference to 0x38dd820} (gdb) p m_pTableView->getTableConnections()[3] $7 = (__gnu_cxx::__alloc_traits<std::allocator<VclPtr<dbaui::OTableConnection> > >::value_type &) @0x3cf1d88: {m_rInnerRef = rtl::Reference to 0x38de2b0} I wonder if it's normal that second element is an empty ref.
Michael: following your work about tdf#92434, thought you might be interested in this one.
With this patch: diff --git a/dbaccess/source/ui/querydesign/JAccess.cxx b/dbaccess/source/ui/querydesign/JAccess.cxx index 6ad8eb0..acf7a02 100644 --- a/dbaccess/source/ui/querydesign/JAccess.cxx +++ b/dbaccess/source/ui/querydesign/JAccess.cxx @@ -76,7 +76,7 @@ namespace dbaui ; aRet = aIter->second->GetAccessible(); } - else if( size_t(i - nTableWindowCount) < m_pTableView->getTableConnections().size() ) + else if( size_t(i - nTableWindowCount) < m_pTableView->getTableConnections().size() && m_pTableView->getTableConnections()[i - nTableWindowCount]) I got this: #0 0x00002aaab3606936 in com::sun::star::uno::BaseReference::is (this=0x9999999999999bb9) at /home/julien/lo/libreoffice/include/com/sun/star/uno/Reference.h:94 #1 0x00002aaab362b0d0 in vcl::Window::GetAccessible (this=0x42fdd40, bCreate=true) at /home/julien/lo/libreoffice/vcl/source/window/accessibility.cxx:132 #2 0x00002aaad9e53d47 in dbaui::OJoinTableView::RemoveConnection (this=0x3dd1100, _pConn=0x42fdd40, _bDelete=true) at /home/julien/lo/libreoffice/dbaccess/source/ui/querydesign/JoinTableView.cxx:264 #3 0x00002aaad9eed0b4 in dbaui::ORelationTableView::RemoveConnection (this=0x3dd1100, pConn=0x42fdd40) at /home/julien/lo/libreoffice/dbaccess/source/ui/relationdesign/RelationTableView.cxx:271 and indeed, m_vTableConnection contained refs (included _pConn) so with it->disposeAndClear() it seems _pConn has been deleted and so we can't call a notifyAccessibleEvent on it or a DisposeOnce. I must recognize I'm a bit lost here.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e55f83e1731e1031c63d8463b57c434cceb126e3 Resolves: tdf#97854 crash on deleting inner join relationship It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=3185d9b8fbaad56fc7170a277569b5e441d946f4 Related: tdf#97854 confirm that on !bDelete there's a ref to the connection It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2436bdd9aa937fd9964655548932ac7c1caed258&h=libreoffice-5-2 Resolves: tdf#97854 crash on deleting inner join relationship It will be available in 5.2.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
On pc Debian x86-64 with master sources updated today, I don't reproduce this. Thank you Caolán!
Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=79da0edfb4743ed914c67759b78b104fcde43b0d&h=libreoffice-5-1 Resolves: tdf#97854 crash on deleting inner join relationship It will be available in 5.1.4. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.