Summary: | EDITING: CRASH when copy paste multiple pictures from file explorer | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Rainer Bielefeld Retired <LibreOffice> |
Component: | Writer | Assignee: | Michael Stahl <mst.fdo> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | normal | ||
Priority: | medium | CC: | cedric.bosdonnat.ooo, lo_bugs, mst.fdo |
Version: | 4.0.0.0.alpha1 | Keywords: | regression |
Hardware: | Other | ||
OS: | All | ||
See Also: |
https://bugs.freedesktop.org/show_bug.cgi?id=52182 https://bugs.freedesktop.org/show_bug.cgi?id=58459 |
||
Whiteboard: | target:4.1.0 target:4.0.0.0.beta0 target:3.6.5 | ||
i915 platform: | i915 features: | ||
Bug Depends on: | |||
Bug Blocks: | 54157 | ||
Attachments: |
Simple test kit
gdb session with backtraces typescript of valgrind run |
Description
Rainer Bielefeld Retired
2012-12-11 14:29:28 UTC
Created attachment 71340 [details]
Simple test kit
The bug also can be reproduced with some more simple .png, use attached test kit and proceed as per original report.
Created attachment 71367 [details]
gdb session with backtraces
I have reproduced the problem with master commit id 8450a99, fetched
around 2012-12-07 02:00 UTC, configured with parameters
--enable-dbgutil
--enable-crashdump
--disable-build-mozilla
--without-system-postgresql
--without-myspell-dicts
--without-help
--with-extra-buildid
built and running on Linux ubuntu-natty (11.04) 32-bit ...
$ uname -a
Linux cougar-natty 2.6.38-16-generic #67-Ubuntu SMP Thu Sep 6 18:00:43 UTC 2012 i686 athlon i386 GNU/Linux
$ gcc --version
gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ java -version
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~11.04.1)
OpenJDK Client VM (build 20.0-b12, mixed mode, sharing)
and my file explorer is Nautilus 2.32.2.1.
I followed Rainer's instructions as closely as i could. However,
LibreOffice opened directly to Writer document "Untitled 1". In step
6, the caret was already flashing.
In the attached typescript, SIGSEGV is around line 80. Thereafter find ...
info threads
thread apply all backtrace
backtrace full
I am setting Platform All.
Created attachment 71368 [details]
typescript of valgrind run
ctrl-V is after 76 lines of typescript
The crash seems not to happen in 3.6.4.3 (Build ID: 2ef5aff). Setting keyword "regression". that looks like Cedric's object selection changes: #0 0xb279fde8 in SwFlowFrm::IsFollow (this=0x70) at /home/terry/lo_hacking/git/libo4/sw/source/core/inc/flowfrm.hxx:163 [...] #5 0xb2cabcc0 in (anonymous namespace)::lcl_GetCrsrOfst_Objects (pPageFrm=0xa11ecf8, bSearchBackground=false, pPos=0xbfffdd64, rPoint=Point = {...}, pCMS=0xbfffdd1c) at /home/terry/lo_hacking/git/libo4/sw/source/core/layout/trvlfrm.cxx:84 #6 0xb2cac0a1 in SwPageFrm::GetCrsrOfst (this=0xa11ecf8, pPos=0xbfffdd64, rPoint=Point = {...}, pCMS=0xbfffdd1c, bTestBackground=false) at /home/terry/lo_hacking/git/libo4/sw/source/core/layout/trvlfrm.cxx:217 Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2fc4af311656e7d019ca802d23444e5161f820ee fdo#58142: fix frame selection in SwPageFrm::GetCrsrOfst: The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. indeed it was caused by e8fbe97900f13305b17015d9044993bde4adab36 but not in a way i expected... when inserting multiple pictures we essentially loop around this: case SW_PASTESDR_INSERT: SwTransferable::SetSelInShell( rSh, sal_False, pPt ); rSh.Insert( sURL, aEmptyStr, aGrf ); i.e. first un-select any flys and then insert. one of the reasons for un-selecting is that Insert will select the inserted fly at the end. during un-selecting the frame via SwWrtShell::UnSelectFrm() weird things happen in SwPageFrm::GetCrsrOfst(); the SwRect for the page has slightly different x coordinates on different platforms, and for the check whether the nearest frame or the nearest paragraph is closer i get on 64 bit Linux this: Run till exit from #0 rtl::math::approxEqual (a=1.304381782533275e+19, b=1.3043817825332746e+19) at math.hxx:252 basegfx::fTools::equal (rfValA=@0x7fffdb0d8468: 1.304381782533275e+19, rfValB=@0x7fffdb0d8460: 1.3043817825332746e+19) at ftools.hxx:167 Value returned is $8 = true whereas on 32 bit MSVC build the difference is slightly larger and approxEqual returns false. if the fly remains selected by UnSelectFrm() we crash when inserting the next picture, trying to set its anchor to a SwGrfNode. a better handling in SwPageFrm::GetCrsrOfst() of the case where paragraph is hit but background frame is not hit seems to fix it. oh we also should backport the fix to 3.6 because the commit that introduced the regression is on the 3.6 branch too... Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=2ab2046fe7d939be02649b1c69f571cb19f9aeaa&g=libreoffice-4-0 fdo#58142: fix frame selection in SwPageFrm::GetCrsrOfst: It will be available in LibreOffice 4.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-3-6": http://cgit.freedesktop.org/libreoffice/core/commit/?id=4703b45c8fd6b72c8cb797492b14e48b5e1c38f7&g=libreoffice-3-6 fdo#58142: fix frame selection in SwPageFrm::GetCrsrOfst: It will be available in LibreOffice 3.6.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.