Created attachment 90206 [details] Sample calc file With the attached file: Select e.g. row 20 with the mouse, and use Crtl - to delete the row no issue. Select e.g. row 22 with the mouse, and use Crtl - to delete the row calc crash. Reproducible with some other spreadsheet but not with a new one. Win7x64Ultimate Version: 4.2.0.0.beta1 Build ID: f4ca7b35f580827ad2c69ea6d29f7c9b48ebbac7 Version: 4.3.0.0.alpha0+ Build ID: 86268546a09c3bdd0d5cb6bc047408db779e057c TinderBox: Win-x86@47-TDF, Branch:master, Time: 2013-12-03_15:52:47 No reproducible with 4.1.4
Hello, Reproduced with LO 4.2.0.0.beta1 Build ID: f4ca7b35f580827ad2c69ea6d29f7c9b48ebbac7 & Windows 7 Home Premium. Don't reproduced if linked file is deleted. Probably related. Not reproduced with LO 4.1.3.2. Kind regards. Jacques
Created attachment 90383 [details] typescript with backtrace from core file The crash is signal 6, Aborted. The interesting part of the terminal output is: /usr/include/c++/4.7/debug/safe_iterator.h:292:error: attempt to increment a past-the-end iterator. Objects involved in the operation: iterator "this" @ 0x0x7fffc3f5f820 { type = N11__gnu_debug14_Safe_iteratorIN9__gnu_cxx17__normal_iteratorIPKP13ScFormulaCellNSt9__cxx19986vectorIS4_SaIS4_EEEEENSt7__debug6vectorIS4_S9_EEEE (constant iterator); state = past-the-end; references sequence with type `NSt7__debug6vectorIP13ScFormulaCellSaIS2_EEE' @ 0x0x7fffc3f5f820 } Application Error Backtrace starts at line 132 of the typescript. This observation comes from master commit 3d7d622, fetched 2013-11-19, configured as: --enable-option-checking=fatal --enable-dbgutil --enable-crashdump --without-system-postgresql --without-myspell-dicts --with-extra-buildid --without-doxygen --with-external-tar=/home/terry/lo_hacking/git/src built and running on debian-wheezy. Note well that this is a debug build. That can change the kind of failure, hopefully in an informative way.
From git bisect: 177c67106d0e92dd76255a9842c948a917d92cdf is the first bad commit ... source-hash-93ab5bc4daed5197a815275cf78fcc562bda4d5b and from git bisect log: # bad: [d31848bf3b700a22d127d7c775a0f910a7e133d0] source-hash-86cbe18a6143bf054c31f69dc97368dfdd3ad374 # good: [3e7462bd65e692bf0592d5b080b7716341b62a47] source-hash-1eddfce9894fd05315173744f495619189093dc7 git bisect start 'latest' 'oldest' # good: [578fb08152ad11454e2f09ad6f8c8e527da817de] source-hash-4e3e171262aed0e52fa76158950d5be770249e80 git bisect good 578fb08152ad11454e2f09ad6f8c8e527da817de # bad: [efb04c1c794ef7fc4cda1eb80880d333ca969a5e] source-hash-7908692490120350f2ad45241f7b19ba52dc0489 git bisect bad efb04c1c794ef7fc4cda1eb80880d333ca969a5e # good: [b46b5a58fcaec85eefb31b23afb0fc389a0c5334] source-hash-34c1b7bdd0bca4753f66a7d17ef46647a64a319e git bisect good b46b5a58fcaec85eefb31b23afb0fc389a0c5334 # good: [3791268ce3e6f9e570f02c09d586fd8e9f2485c3] source-hash-51daa4de4fbb86903aeb9cdfefbb089e8d00c001 git bisect good 3791268ce3e6f9e570f02c09d586fd8e9f2485c3 # good: [8f14f077f5faef9b7660ddf5ebcd188eb3042372] source-hash-dd5c0b2db451ff4d6fac7a72770758513583d468 git bisect good 8f14f077f5faef9b7660ddf5ebcd188eb3042372 # bad: [44280d2c3d00ce9bf30fa620dbd4d4c76d60fdc3] source-hash-942501b6e49c6c9e19556d9ec132a458e5fef6c3 git bisect bad 44280d2c3d00ce9bf30fa620dbd4d4c76d60fdc3 # good: [7ddc3936819ea8fd00a6419c80183bfd764f5b7c] source-hash-5ab07df58bcc33423fabba2d0363cdde6a51f566 git bisect good 7ddc3936819ea8fd00a6419c80183bfd764f5b7c # good: [8d6f38a4488ba5c2c9a80f38ffe91a970fdc8ef7] source-hash-39f42b0b03489459540404dd218c38709853c021 git bisect good 8d6f38a4488ba5c2c9a80f38ffe91a970fdc8ef7 # bad: [177c67106d0e92dd76255a9842c948a917d92cdf] source-hash-93ab5bc4daed5197a815275cf78fcc562bda4d5b git bisect bad 177c67106d0e92dd76255a9842c948a917d92cdf
Created attachment 91847 [details] bt with master sources at opening On pc Debian x86-64 with master sources updated today, I had a crash at the opening!
I gave a try with 4.2, I reproduced the exact crash of Terrence. Here's the first pb: http://opengrok.libreoffice.org/xref/core/sc/source/core/data/column.cxx#2384 2384 for (; it != itEnd; ++it) 2385 { 2386 const ScFormulaCell& rCell = **it; 2387 if (!rCell.IsShared()) 2388 continue; 2389 2390 if (rCell.IsSharedTop()) 2391 { 2392 // Check its tokens and record its reference boundaries. 2393 const ScTokenArray& rCode = *rCell.GetCode(); 2394 rCode.CheckRelativeReferenceBounds( 2395 mrCxt, rCell.aPos, rCell.GetSharedLength(), mrBounds); 2396 2397 // Move to the last cell in the group, to get incremented to 2398 // the next cell in the next iteration. 2399 size_t nOffsetToLast = rCell.GetSharedLength() - 1; 2400 std::advance(it, nOffsetToLast); 2401 } 2402 } after line 2400 if it == itEnd, line 2384 increases again and past the end. After checking this one by using std::distance(it, itEnd) and nOffsetToLast I had another crash here: http://opengrok.libreoffice.org/xref/core/sc/source/core/tool/sharedformula.cxx#71 70 sc::formula_block::iterator itEnd = it; 71 std::advance(itEnd, nLength2); No check here before using advance After a check, I got a third crash http://opengrok.libreoffice.org/xref/core/sc/source/core/data/column3.cxx#2772 2771 sc::formula_block::iterator itGrpEnd = it; 2772 std::advance(itGrpEnd, xCurGrp->mnLength); I stopped here. I used Opengrok to show lines corresponding with master sources but it's almost the same with 4.2 sources for these issues. Kohei/Markus/Eike: any idea to make std::advance safer?
Confirmed:4.2.0.1:OSX Crash when doing repro steps from bug description. Confirmed:4.3.0.0a0+:OSX Version: 4.3.0.0.alpha0+ Build ID: cbe7ab3d6188e725414cbb15ca534f96fe51d8c7 TinderBox: MacOSX-x86@49-TDF, Branch:master, Time: 2014-01-12_00:08:19 Instant crash when opening test file.
I have filed bug 73522 for the segfault.
Taking a stab at this.
Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=42f551d524a1df46f6a311d5897ac30bd8fc1aaf resolved fdo#72293 correctly split grouped formulas and regroup The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Pending review for 4-2 at https://gerrit.libreoffice.org/7452 for 4-2-0 at https://gerrit.libreoffice.org/7453
Eike Rathke committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=60b187c774430b52c8a4b62642547c6b2852d818 unit test for shared formula row deletion, fdo#72293 The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=d72321b665f54946cf603e6f30740f31151c898f&h=libreoffice-4-2 resolved fdo#72293 correctly split grouped formulas and regroup It will be available in LibreOffice 4.2.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thanks Eike. According with commits, seems solved. Win7x64Ultimate Version: 4.2.1.0.0+ Build ID: d72321b665f54946cf603e6f30740f31151c898f TinderBox: Win-x86@42, Branch:libreoffice-4-2, Time: 2014-01-16_02:01:06 Version: 4.3.0.0.alpha0+ Build ID: 42f551d524a1df46f6a311d5897ac30bd8fc1aaf TinderBox: Win-x86@39, Branch:master, Time: 2014-01-15_22:44:37 And I think it continues awaiting review until: Version: 4.2.0.2 Build ID: cd65d6220c5694ee7012d7863bcde3455c9e3c30
*** Bug 73542 has been marked as a duplicate of this bug. ***
Eike Rathke committed a patch related to this issue. It has been pushed to "libreoffice-4-2-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9f27edb1de3a7ef7499fc0e4c0bdc36e3ae20ada&h=libreoffice-4-2-0 resolved fdo#72293 correctly split grouped formulas and regroup It will be available already in LibreOffice 4.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Works now on LO 4.2.0.3 Build ID: c63c03decdf780d8fb80823950665b782ec9ecd0 & Windows 7 Home Premium Thanks to all, Jacques
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.