Description of problem: - Enable tracking changes - right-click on a misspelled word to correct it (choose the correct something from the popup menu) - immediately press Ctrl+z Version-Release number of selected component: libreoffice-core-4.1.1.2-2.fc19 Additional info: reporter: libreport-2.1.6 backtrace_rating: 4 cmdline: /usr/lib/libreoffice/program/soffice.bin --writer file:///home/balwierz/SkypeTransfer/CareerPlan_MaciejWiktor.doc crash_function: SetFormatIgnoreStart executable: /usr/lib/libreoffice/program/soffice.bin kernel: 3.10.5-201.fc19.i686.PAE runlevel: N 5 uid: 670 Truncated backtrace: Thread no. 1 (10 frames) #0 SetFormatIgnoreStart at /usr/src/debug/libreoffice-4.1.1.2/sw/inc/txatbase.hxx:101 #1 SwHistorySetTxt::SetInDoc at /usr/src/debug/libreoffice-4.1.1.2/sw/source/core/undo/rolbck.cxx:246 #2 SwHistory::TmpRollback at /usr/src/debug/libreoffice-4.1.1.2/sw/source/core/undo/rolbck.cxx:1158 #3 SwUndoDelete::UndoImpl at /usr/src/debug/libreoffice-4.1.1.2/sw/source/core/undo/undel.cxx:898 #4 SwUndo::UndoWithContext at /usr/src/debug/libreoffice-4.1.1.2/sw/source/core/undo/undobj.cxx:230 #5 SfxListUndoAction::UndoWithContext at /usr/src/debug/libreoffice-4.1.1.2/svl/source/undo/undo.cxx:1334 #7 SfxUndoManager::ImplUndo at /usr/src/debug/libreoffice-4.1.1.2/svl/source/undo/undo.cxx:794 #8 SfxUndoManager::UndoWithContext at /usr/src/debug/libreoffice-4.1.1.2/svl/source/undo/undo.cxx:761 #9 sw::UndoManager::impl_DoUndoRedo at /usr/src/debug/libreoffice-4.1.1.2/sw/source/core/undo/docundo.cxx:476 #10 sw::UndoManager::Undo at /usr/src/debug/libreoffice-4.1.1.2/sw/source/core/undo/docundo.cxx:503
Created attachment 792423 [details] File: backtrace
Created attachment 792424 [details] File: cgroup
Created attachment 792425 [details] File: core_backtrace
Created attachment 792426 [details] File: dso_list
Created attachment 792427 [details] File: environ
Created attachment 792428 [details] File: exploitable
Created attachment 792429 [details] File: limits
Created attachment 792430 [details] File: maps
Created attachment 792431 [details] File: open_fds
Created attachment 792432 [details] File: proc_pid_status
Created attachment 792433 [details] File: var_log_messages
caolanm->mstahl: I can't reproduce this with a new simple document, but according to the bt at sw/source/core/undo/rolbck.cxx:246 pAttr is NULL and there is an assert(pAttr). A quick bodge to not crash with pAttr of NULL is possible of course, but any idea how that NULL could arise ?
SETATTR_NOTXTATRCHR and SETATTR_NOHINTADJUST there (and the fact that this is Undo so the same hint was inserted previously) ought to skip pretty much every failure mode that could happen in InsertItem. Met, can you perhaps reproduce the problem? it must be caused by some particular text attributes in the document and happens when Undo a deletion of text.
Edited document that had not been saved. 1. Auto formatting had been applied (hanging indent that I didn't want). 2. Undid changes using Ctrl Z perhaps too many times as it was responsding slowly. 3. Pasted additional text. 4. Auto format reapplied. Did this two or three times before it crashed. reporter: libreport-2.1.7 backtrace_rating: 4 cmdline: /usr/lib64/libreoffice/program/soffice.bin --writer '/home/andy/Documents/Job Hunt/CV/CV2013Full_v4.doc' --splash-pipe=5 crash_function: SetFormatIgnoreStart executable: /usr/lib64/libreoffice/program/soffice.bin kernel: 3.11.1-200.fc19.x86_64 package: libreoffice-core-4.1.1.2-5.fc19 reason: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV) runlevel: N 5 type: CCpp uid: 1000
fortunately Arnaud found an easily reproducible scenario where no-extent RSID-only AUTOFMT hints would survive some editing operations and then cause this crash on Undo. my hope is that the fix is sufficiently generic to handle various different operations.
*** Bug 1028415 has been marked as a duplicate of this bug. ***