Summary: | Crash when opening Tools > Language > Hangul/Hanja Conversion in Calc ( gtk/gtk3) | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | artur |
Component: | Calc | Assignee: | Caolán McNamara <caolan.mcnamara> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | caolan.mcnamara, serval2412, sungdh86, xiscofauli |
Priority: | medium | Keywords: | bibisected, bisected, haveBacktrace, regression |
Version: | 5.4 all versions | ||
Hardware: | x86-64 (AMD64) | ||
OS: | Linux (All) | ||
See Also: |
https://bugs.documentfoundation.org/show_bug.cgi?id=71409 https://bugs.documentfoundation.org/show_bug.cgi?id=104381 https://bugs.documentfoundation.org/show_bug.cgi?id=125985 |
||
Whiteboard: | target:6.4.0 target:6.3.0.1 | ||
Crash report or crash signature: | Regression By: | ||
Bug Depends on: | |||
Bug Blocks: | 113196, 122043, 103503 | ||
Attachments: |
bt with debug symbols (gtk3)
bt from throw |
Description
artur
2019-06-18 10:17:00 UTC
It crashes under the following circumstances: 1. Open LibreOffice ( not calc ) 2. From the start center, open Calc 3. Go to Tools > Language > Hangul/Hanja Conversion Regression introduced by: author Kohei Yoshida <kohei.yoshida@collabora.com> 2017-02-28 17:52:10 -0500 committer Kohei Yoshida <libreoffice@kohei.us> 2017-03-01 00:07:25 +0000 commit 10077a06d8f6d08f276f99024528ee31a57390a9 (patch) tree ce5a669a90878ee685c071bc2502822ca74faaba parent 4f762202f647976ffd80c23bacada8401d633001 (diff) Revert my fix for tdf#71409, to hopefully fix tdf#104381. Bisected with: bibisect-linux-64-5.4 @Caolán, I thought you might be interested in this issue... it doesn't crash with gen env I think It's Korean features, So I add CJK-Korean Meta issue tdf#113196 . I think It's Korean features, So I add CJK-Korean Meta issue tdf#113196 . I was able to reproduce it, its an accessibility related crash, gtk2 and gtk3 have working accessibility while gen doesn't sc/source/ui/view/viewfun4.cxx:575 of DoSheetConversion the pEngine.reset() seems to be where the editengine is destroyed that is later used-after-delete causing the crash in a11y https://gerrit.libreoffice.org/#/c/74378/ is my effort here Created attachment 152296 [details]
bt with debug symbols (gtk3)
On pc Debian x86-64 with master sources updated today, I could reproduce this.
I had to use gdb --pid=$(pidof soffice.bin) method since I couldn't reproduce this by using "make debugrun"
Also, I noticed a lot of these: warn:svx:15746:15746:svx/source/accessibility/AccessibleTextHelper.cxx:1356: DBG_UNHANDLED_EXCEPTION in virtual void accessibility::AccessibleTextHelper_Impl::Notify(SfxBroadcaster&, const SfxHint&) exception: com.sun.star.uno.RuntimeException message: Text forwarder is invalid, model might be dead context: ScAccessibleEditObject Created attachment 152297 [details]
bt from throw
Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/cf13e1ddef974fb929916a9a4a54f37188b10389%5E%21 tdf#125982 a11y use-after-free of editengine It will be available in 6.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. That seems to work, hopefully without horrific sideeffects. Will risk 6-4 backport, but no further. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/+/b4e1b145ff9cccd4d91798c5da2e32ffa9b267ec%5E%21 tdf#125982 a11y use-after-free of editengine It will be available in 6.3.0.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. *** Bug 125985 has been marked as a duplicate of this bug. *** Verified in Version: 6.4.0.0.alpha0+ Build ID: 9712f5d2316fa469b92f2f8092925e2cd4e8dd5b CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded @Caolán, thanks for fixing this issue! |