Created attachment 103853 [details] Demo spreadsheet Problem description: Moving a column corrupts the screen; pressing control-Z to un-do the move crashes the process Steps to reproduce: 1. Open the attached "crasher.ods" spreadsheet 2. Click in column I header to select entire column I 3. Click on in cell I8 (or any cell in col I), drag to col G & release the mouse (screen corrupted at this point) 4. Type Control-Z Current behavior: crash (probably segfault) Expected behavior: column copy works, and LO doesn't crash Note: This demo spreadsheet contains spanned columns, but not involving the area being moved. I tried constructing a simpler demo spreadsheet and the problem does not appear, so the crash may be related to the spanned cells. Operating System: Ubuntu Version: 4.4.0.0.alpha0+ Master
Bug observed running Version: 4.3.1.0.0+ Build ID: 0ad283adb51b3a1bb777e6341e61541d4bffaa44 TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:libreoffice-4-3, Time: 2014-07-21_07:30:30
Test System: Kubuntu 14.04 (KDE 4.13.2) LibreOffice 4.2.4.2 - When I open the file, column G is wide. - When I drag column I over, column G takes the width of column I (is that corrupted?) - Ctrl+Z does crash the application, though I can drag the column G data back to column I successfully before trying Ctrl+G. Have elevated to high/major because of crash.
The "corruption" seen on my system is as if column I is rendered narrower than usual (showing truncated original content), plus an "extra" column squished in and the edges of the columns no longer align with the edges of the column labels. I'll attach a brief (about 10 second) video showing how it looks on my system.
Created attachment 103892 [details] video screen-capture showing corrupted rendering (mp4)
I can reproduce crash with LO 4.2.6.2 - Ubuntu 12.04 x86 without rendering corruption.
Found that problem is with SUMIF function. Steps to reproduce from scratch: 1. In new spreadsheet, in cell A1 type: =SUMIF(B1:B2;1) 2. Click column B header to select entire column B 3. Click on in any cell in column B, drag to column C & release the mouse 4. Undo Not tested yet with similar function like SUMIFS or SUMPRODUCT
(In reply to comment #6) Another variations of step 1 to reproduce crash: - in cell A1 type one of the following: =SUM(B1:C1) =SUM(B1:B2) =COUNTBLANK(B1:B2) =AVERAGE(B1:B2) - in cell B3 type =SUM(B1:B2) Seems reproducible with all functions which has range. Also reproduced in: Version: 4.2.7.0.0+ Build ID: 546cd96371b5ae012e4f3bfe963ea299e1dcec54 TinderBox: Linux-rpm_deb-x86@45-TDF, Branch:libreoffice-4-2, Time: 2014-07-30_13:16:10
No crash in 4.1.6.2 -> regression
Created attachment 103942 [details] bt with master sources On pc Debian x86-64 with master sources updated today, I could reproduce this. I attached a bt.
bibisected: bbc3e332548c8e2aa5648ca68a69e713cbf21580 is the first bad commit commit bbc3e332548c8e2aa5648ca68a69e713cbf21580 Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com> Date: Mon May 12 00:14:14 2014 +0000 source-hash-fa40f7df971b1aaabccc11668a987336f50e3b0d commit fa40f7df971b1aaabccc11668a987336f50e3b0d Author: Miklos Vajna <vmiklos@collabora.co.uk> AuthorDate: Sat Mar 15 17:36:49 2014 +0100 Commit: Miklos Vajna <vmiklos@collabora.co.uk> CommitDate: Sat Mar 15 17:40:46 2014 +0100 rtftok: OPEN_M_TOKEN -> RTFTokenizer::lookupMathKeyword() Change-Id: I60d0e65d0e7f37b2d5cded64cee1270c51ed5b3d :100644 100644 22186839f42f5d422f85906177e65a5a86aab3c6 67cf4d993a8880c8e558da6b353cea364e230330 M ccache.log :100644 100644 2a2fa2a93aeee93d774a245fa6928cd0f71ee7b4 1b45c18989cb85a070dde3282d4d88c740b546fa M commitmsg :100644 100644 32730498dfcfe90ba8e20e3de525cf584f324c8b fa3e2cdec7e5f609dddff4d1452f663a2fca7ebe M make.log :040000 040000 c6cc4459e2dbc27c9c690bdb7289682a4d54260b 834530fad4ed019169a143c964faa33bf7cd7032 M opt # bad: [423a84c4f7068853974887d98442bc2a2d0cc91b] source-hash-c15927f20d4727c3b8de68497b6949e72f9e6e9e # good: [65fd30f5cb4cdd37995a33420ed8273c0a29bf00] source-hash-d6cde02dbce8c28c6af836e2dc1120f8a6ef9932 git bisect start 'latest' 'oldest' # good: [e02439a3d6297a1f5334fa558ddec5ef4212c574] source-hash-6b8393474974d2af7a2cb3c47b3d5c081b550bdb git bisect good e02439a3d6297a1f5334fa558ddec5ef4212c574 # good: [4850941efe43ae800be5c76e1102ab80ac2c085d] source-hash-980a6e552502f02f12c15bfb1c9f8e6269499f4b git bisect good 4850941efe43ae800be5c76e1102ab80ac2c085d # good: [a900e72b6357882284c5955bdf939bf14269f5fb] source-hash-dd1050b182260a26a1d0ba6d0ef3a6fecc3f4e07 git bisect good a900e72b6357882284c5955bdf939bf14269f5fb # skip: [e80660c5a1d812cd04586dae1f22767fc3778c4a] source-hash-07c60c8ee2d1465544a6a39e57bc06b3690b8dfb git bisect skip e80660c5a1d812cd04586dae1f22767fc3778c4a # bad: [df9bcaed2faa2a8d11b19f877cdff3a12a887278] source-hash-6ba9692d8bbe3e3c245aca9a7c928e81178d05f1 git bisect bad df9bcaed2faa2a8d11b19f877cdff3a12a887278 # bad: [9d57c189d74551d2b3770cc81139ea10a62e672f] source-hash-5b5e62650354788e50b44f32c22b687b2018aba9 git bisect bad 9d57c189d74551d2b3770cc81139ea10a62e672f # bad: [ce81582766413e76a63c047bfd6227ab12fcd866] source-hash-3d1b1eea83703919c43620f9adef05e5b24c4bed git bisect bad ce81582766413e76a63c047bfd6227ab12fcd866 # good: [4e0843c411a14e3065f96f196eeb4d603664f97f] source-hash-51605bf98220d7e54dee20af17c33cebe23a0813 git bisect good 4e0843c411a14e3065f96f196eeb4d603664f97f # bad: [bfba063779a12bca219e4a9fba9bba8b67821ec1] source-hash-86a32589e90ee983159fb5b2c6a594428ab7d422 git bisect bad bfba063779a12bca219e4a9fba9bba8b67821ec1 # bad: [ba00e7cba37a309a8eed876fe76a0286a8898174] source-hash-1eb20c97e4d0f644efcf46aedac619a9765488c3 git bisect bad ba00e7cba37a309a8eed876fe76a0286a8898174 # bad: [bbc3e332548c8e2aa5648ca68a69e713cbf21580] source-hash-fa40f7df971b1aaabccc11668a987336f50e3b0d git bisect bad bbc3e332548c8e2aa5648ca68a69e713cbf21580 # first bad commit: [bbc3e332548c8e2aa5648ca68a69e713cbf21580] source-hash-fa40f7df971b1aaabccc11668a987336f50e3b0d
Reproducible with Version: 4.4.0.0.alpha0+ Build ID: 8957c9419af8a1bc56b7e6cb248dc3fd57708589 TinderBox: Win-x86@42, Branch:master, Time: 2014-08-19_05:34:52
*** Bug 82933 has been marked as a duplicate of this bug. ***
Created attachment 105135 [details] Simple Sample This simple sample shows that the crash also will appear for an UNDO of moveing a cells range not touching formula's range and without any contents: In Simple Sample 1. Select range I9:M19 2. Click I9, Drag and Drop Range, release mouse button in O9 3. UNDO -> Crash (90% reproducible)
Good catch Bugcruncher.. I can also reproduce that with moving column D (which is not referenced to formula in A1) to column E on step 2-3 in comment 6. Reproduced either with moving column A (which contain the formula) to column C. Tested with LO 4.3.1.1 - Ubuntu 12.04 x86 I think we should raise importance since it's also reproduced with moving any column/row.
@Ign - when you raise something to highest please add to the MAB list tracker and leave a comment on the tracker saying why you added it. highest is reserved exclusively for MAB :) Thanks!
Done Joel.. :)
The latest master branch no longer reproduces Bug 83709, which has a very similar backtrace to this one. Can someone please try to reproduce this using the latest master that contains http://cgit.freedesktop.org/libreoffice/core/commit/?id=2be9ae72189e8b86d7e609727bab223645975ddb ? Thanks.
I do confirm that the crash isn't reproducible with a build from 527462c2fe9c21e567a9c49f2d63be5a08f7a91c but it's reproducible with a build from 8e4defe4b59a72fbe82f94b26e233ba36640c739
Excellent! That commit has been backported to 4.2 and 4.3 branches, so the fix should appear in their next respective release.
Let's add the targets from fdo#79441 (as indicated in the commit quoteed comment 17)
Wow..thanks all.. That commit could saves many peoples life :)
Migrating Whiteboard tags to Keywords: (bibisected) [NinjaEdit]