Open a Writer document, add a rectangle, right-click on it, select Area... It crashes with an ssertion failure: include/rtl/ref.hxx:166: reference_type *rtl::Reference<XColorList>::operator->() const [reference_type = XColorList]: Assertion `m_pBody != 0' failed
Not surprisingly, happens on OS X too, so changing Platform field to All.
Created attachment 102525 [details] callgrind log file Callgrind log file
Confirmed on: * Version: 4.4.0.0.alpha0+ * Build ID: 3fdd4f069d5436cf39708004af7fda8175fbc4c2 * TinderBox: Linux-rpm_deb-x86_64@46-TDF, * Branch:master, Time: 2014-07-09_02:51:53 * OS: Ubuntu 14.04 x86_64 Status New Importance -> highest - blocker According to "Bug Priority Triage Flowchart Suggestions" I set the importance to blocker and highest because the bug happens every time a user uses this dialog and causes a crash. A valgrind out here: https://www.dropbox.com/s/sin0vhjwm7zmesa/callgrind.out.3329.gz
I confirm it too. But on my side it crashes inside XPropertyList::Count() called by SvxColorTabPage::UpdateModified(): Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000002c Crashed Thread: 0 Thread 0 Crashed: 0 libsvxcorelo.dylib 0x06239df4 XPropertyList::Count() const + 20 1 libcuilo.dylib 0x3366b9d8 SvxColorTabPage::UpdateModified() + 24 2 libcuilo.dylib 0x3366b9d8 SvxColorTabPage::UpdateModified() + 24 3 libcuilo.dylib 0x33670714 SvxColorTabPage::Reset(SfxItemSet const*) + 516 4 libsfxlo.dylib 0x00c72558 SfxTabDialog::ActivatePageHdl(TabControl*) + 1048 5 libvcllo.dylib 0x02fc841c TabControl::calculateRequisition() const + 140 6 libvcllo.dylib 0x02fc85a4 TabControl::GetOptimalSize() const + 20 7 libvcllo.dylib 0x02f540d8 Window::get_ungrouped_preferred_size() const + 152 8 libvcllo.dylib 0x02f56520 Window::get_preferred_size() const + 32 ... * it fails on (XPropertyList*) this, where "this" is already NULL, so let's dig up to the caller * void SvxColorTabPage::UpdateModified() <cui/source/tabpages/tpcolor.cxx:585> -- bool bEnable = pColorList->Count(); <---- pColorList is already NULL here * `long XPropertyList::Count() const' returns `maList.size();' but it's called as `bool bEnable = pColorList->Count();' to do things like m_pBtnModify->Enable( bEnable ); etc. * since when are sizes true/false?! * why pColorList isn't initialized in ctor? but only in SvxColorTabPage::Update, which is called on bottom of strangely titled IMPL_LINK_NOARG(SvxColorTabPage, ClickLoadHdl_Impl) * maybe the logic was: `bool bEnable = false; if (pColorList) { if (pColorList->Count() > 0) { bEnable = true; } }' ?
*** Bug 80940 has been marked as a duplicate of this bug. ***
Bug 80940 sounds like the segfault problem reported here. That bug has a backtrace attached.
I didn't realize I need to attach a backtrace for a crasher in master; by definition, anybody that is going to debug this builds master, and can get a backtrace then in the debugger. Or what am I missing?
Tor, I am not suggesting that you are missing anything. I tend to attach backtraces to bug reports mostly because I lack the knowledge to do anything more useful. Thet said, they may help somebody else working on bug reports, not necessarily a developer, to determine "looks similar" or "looks different". Assertions are a bit different in that they are evident only in debug builds. Maybe I am adding more noise than useful information. Guidance welcome. Thanks, Terry.
Caolan McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=86de78ce5076ed00c6ad19eae7ab6da7c7a91196 Related: fdo#81147 check if colorlist is valid The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Caolan McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=76631b6b9147dd83006a6382441d311f668f3286 Resolves: fdo#81147 fix mismatching drawlayer and docshell colorlists The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.