Summary: | CRASH when drag-copy cell with comment after Chinese conversion and Undo | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Mike Kaganski <mikekaganski> |
Component: | Calc | Assignee: | Caolán McNamara <caolan.mcnamara> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | eudien, h3734236, lgodard.libre, raal, serval2412 |
Priority: | high | Keywords: | haveBacktrace, regression |
Version: | 4.2.0.4 release | ||
Hardware: | Other | ||
OS: | All | ||
See Also: |
https://bugs.documentfoundation.org/show_bug.cgi?id=89226 https://bugs.documentfoundation.org/show_bug.cgi?id=83192 |
||
Whiteboard: | target:5.3.0 target:5.2.0.2 target:5.1.5 | ||
Crash report or crash signature: | Regression By: | ||
Attachments: |
bt with symbols
Another bt but with slight changes in step by step process Valgrind trace easier demo |
Description
Mike Kaganski
2015-06-11 01:30:35 UTC
Suspecting possible cause by commit aa94b17208a5512a344301345f26a9418f943a00 Author: Kohei Yoshida <kohei.yoshida at collabora.com> Date: Fri Jan 24 21:29:54 2014 -0500 Stop leaking all ScPostIt instances. And re-implement correct swapping of two ScPostIt instances during sort. (cherry picked from commit ab05317c79f665bcf9d5cff7b8312ce6963ff969) I can confirm crash with LO 4.4.3, win7 Has anyone tested this bug in Linux to confirm that it's Windows only? Created attachment 126036 [details]
bt with symbols
On pc Debian x86-64 with master sources updated today, I could reproduce this.
I attached a bt.
Created attachment 126037 [details]
Another bt but with slight changes in step by step process
I followed the step by step process except I haven't done the "Undo" part.
The drag and drop was ok but when trying to close LO without saving, it crashed.
Thought it might help to add this bt here.
Perhaps both problems are related.
Created attachment 126038 [details]
Valgrind trace
I wanted to retrieve a Valgrind trace but had a crash when doing first step (copy-paste Chinese symbols from bugtracker to Calc).
Anyway, there's perhaps some interesting thing here, eg:
33423 ==29535== Invalid read of size 8
33424 ==29535== at 0x839C43A: rtl::OUString::getLength() const (ustring.hxx:542)
33425 ==29535== by 0x83DD02B: ContentNode::Len() const (editdoc.cxx:1671)
33426 ==29535== by 0x848278A: ImpEditEngine::SelectWord(EditSelection const&, short, bool) (impedit2.cxx:1511)
33427 ==29535== by 0x84885EF: ImpEditEngine::ImpInsertText(EditSelection const&, rtl::OUString const&) (impedit2.cxx:2659)
33428 ==29535== by 0x848CD45: ImpEditEngine::InsertText(com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable>&, rtl::OUString const&, EditPaM const&, bool) (impedit2.cxx:3525)
33429 ==29535== by 0x840DE9B: EditEngine::InsertText(com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable>&, rtl::OUString const&, EditPaM const&, bool) (editeng.cxx:798)
33430 ==29535== by 0x847268F: ImpEditView::Paste(com::sun::star::uno::Reference<com::sun::star::datatransfer::clipboard::XClipboard>&, bool) (impedit.cxx:1495)
I looked at this, saw that the transliterate code was similar to the spellchecking code and so checked with an equivalent spelling demo. And that crashes in the same way, so the actual "chinese conversion" is innocent. Its a generic problem with spell-checking replacement and transliteration/hanga-hangul replacement and undo Created attachment 126065 [details]
easier demo
load, use spellchecking, say convert all, close document, dismiss save, crash
bug #99255 seems similar *** Bug 89226 has been marked as a duplicate of this bug. *** https://gerrit.libreoffice.org/#/c/26913/ for my effort Caolán McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=7566851d653ec052e9b7baa98ec2a993328f84e4 Resolves: tdf#91995 copying cells to undo doc shallow copied note pointer It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=da2aad871bfccd28b47d8ddf47dd6b5b1f834220&h=libreoffice-5-2 Resolves: tdf#91995 copying cells to undo doc shallow copied note pointer It will be available in 5.2.0.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=7bcd59241495fe474387abb176185d8775aa104c&h=libreoffice-5-1 Resolves: tdf#91995 copying cells to undo doc shallow copied note pointer It will be available in 5.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |