Created attachment 124775 [details] procedure Hellow, I use LibreOffice_5.1.2_Win_x86.msi, Win7 SP1 on Base 1.Create database 2.Create table 3.Insert join 4.Undo 5.Redo 6.Crash For more detaile procedurr, please see the attached file
I can confirm with Version: 5.2.0.0.alpha0+ and 4.0; win7
Created attachment 124801 [details] bt with symbols On pc Debian x86-64 with master sources updated today, I had a crash when I tried to a create the join at the beginning.
I tried to understand the problem of bt I had and noticed this new bt: #0 com::sun::star::uno::BaseReference::iquery (pInterface=0x2bacd08, rType=invalid uno::Type) at /home/julien/lo/libreoffice/include/com/sun/star/uno/Reference.hxx:54 #1 0x00002aaad9c3cd18 in com::sun::star::uno::Reference<com::sun::star::lang::XUnoTunnel>::iquery (pInterface=0x2bacd08) at /home/julien/lo/libreoffice/include/com/sun/star/uno/Reference.hxx:69 #2 0x00002aaad9c39fa5 in com::sun::star::uno::Reference<com::sun::star::lang::XUnoTunnel>::Reference (this=0x7fffffff3a90, rRef=...) at /home/julien/lo/libreoffice/include/com/sun/star/uno/Reference.hxx:170 #3 0x00002aaad9e127c6 in dbaui::OJoinExchObj::GetSourceDescription (_rxObject=uno::Reference to (GtkDnDTransferable *) 0x2bacd08) at /home/julien/lo/libreoffice/dbaccess/source/ui/querydesign/JoinExchange.cxx:76 #4 0x00002aaad9ea2330 in dbaui::OTableWindowListBox::ExecuteDrop (this=0x3f66cc0, _rEvt=...) at /home/julien/lo/libreoffice/dbaccess/source/ui/querydesign/TableWindowListBox.cxx:308 Stephan: any thoughts? (openjdk version "1.8.0_91" OpenJDK Runtime Environment (build 1.8.0_91-8u91-b14-2-b14) OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) )
(In reply to Julien Nabet from comment #3) > Stephan: any thoughts? Smells like _rEvt.maDropEvent.Transferable in frame #4 is already corrupted.
Also reproduced in Version: 5.3.0.3 Build ID: 1:5.3.0~rc3-0ubuntu1~yakkety1.1 CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk3; Layout Engine: new; Locale: es-ES (ca_ES.UTF-8); Calc: group
Created attachment 139372 [details] bt with debug symbols On pc Debian x86-64 with master sources updated some days ago, I could reproduce this. Since the bt is different, I attach a new one.
Dear tadanet3, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
@Lionel, I thought you might be interested in this issue
Does this happen also with joins on two different tables, or only in the "join the table to itself" case that the original bug reporter was showing in attachment 124775 [details]?
(In reply to Lionel Elie Mamane from comment #9) > Does this happen also with joins on two different tables, or only in the > "join the table to itself" case that the original bug reporter was showing > in attachment 124775 [details]? In brief, yes In detail: on pc Debian x86-64 with master sources updated today, here are the steps I did: - create brand new odb embedded HSQLDB file - create ORDERS and CUSTOMERS table with wizard (I kept by default options for both). - create a new Query with Design - add both tables - insert join between ORDERS.CUSTOMER_ID and CUSTOMERS.ID - undo - redo => crash
Created attachment 161125 [details] bt with debug symbols Just to update the bt but it seems quite the same.
Created attachment 161135 [details] Valgrind trace If it may help...
Dear tadanet3, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Took description of comment 10. Crash could be reproduced with internal HSQLDB and also internal Firebird on OpenSUSE 15.3 with Version: 7.3.4.1 / LibreOffice Community Build ID: 13668373362b52f6e3ebcaaecb031bd59a3ac66b CPU threads: 6; OS: Linux 5.3; UI render: default; VCL: kf5 (cairo+xcb) Locale: de-DE (de_DE.UTF-8); UI: en-US Calc: threaded
Still reproduced following comment 10 steps with: Version: 24.8.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 2f5ab5b8e7bd7dd06e00153abb77a69e5d192dd2 CPU threads: 8; OS: Linux 6.5; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: CL threaded Crash report for 24.2: https://crashreport.libreoffice.org/stats/crash_details/0b9d870f-96da-417b-b504-eec845a0ae17
I think what is happening is this: Internally, the join is called a connection and is stored in an OQueryTableConnection. When a connection is added an OQueryAddTabConnUndoAction is created to record the undo action. When the action is undone, OQueryAddTabConnUndoAction calls OQueryTableView::DropConnection which calls OQueryTableView::RemoveConnection. That in turn tries to add another undo action to allow undoing the remove. This second undo object is marked as “owning” the OQueryTableConnection. The second undo object is blocked from being added to the undo manager because SfxUndoManager::mbUndoEnabled is set to false while an undo operation is taking place. When the undo operation is finished being applied this second undo operation is instead immediately deleted. However, because it thinks it owns the OQueryTableConnection it calls dispose on it which makes it no longer have a window pointer. The first undo operation then marks itself as owning the connection. When the redo button is pressed, the “add connection” operation is redone but it crashes when it tries to access the null window pointer. You can also trigger the bug if you delete the join with the delete key and then press undo, redo, undo. I made a UI test case to trigger the bug and I’m trying to think of the best way to fix it.
Neil Roberts committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/2dde26dcaee48d37a508617515addce634d0c96c tdf#99619 Don’t add undo action when removing conn but not deleting It will be available in 26.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Neil Roberts committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/f016c1537d36f7da42fb26d0322e0d4fdaa1f551 tdf#99619 Add a UI test It will be available in 26.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Neil Roberts committed a patch related to this issue. It has been pushed to "libreoffice-25-8": https://git.libreoffice.org/core/commit/3a681cf1498da6ffba430cd06192290b8c5e2251 tdf#99619 Don’t add undo action when removing conn but not deleting It will be available in 25.8.4. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Neil Roberts committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/e6ee6fb69a8a1afd5fb41482796d4d8d2dff289c UITest/tdf99619: Close the query window at the end of the test It will be available in 26.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.