Summary: | Using drag/drop to reorder a Heading in Navigator window causes Writer to crash (EDIT) (gtk only) | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | bugzilla |
Component: | Writer | Assignee: | Caolán McNamara <caolan.mcnamara> |
Status: | VERIFIED FIXED | ||
Severity: | critical | CC: | caolan.mcnamara, serval2412, stephane.guillou |
Priority: | high | Keywords: | bibisected, bisected, haveBacktrace |
Version: | 7.5.1.2 release | ||
Hardware: | x86-64 (AMD64) | ||
OS: | Linux (All) | ||
See Also: | https://bugs.documentfoundation.org/show_bug.cgi?id=149412 | ||
Whiteboard: | target:7.6.0 target:7.4.7 target:7.5.2.2 | ||
Crash report or crash signature: | ["libgtk-3.so.0","libwayland-client.so.0 "] | Regression By: | Caolán McNamara |
Bug Depends on: | |||
Bug Blocks: | 103030 | ||
Attachments: | bt with debug symbols |
Description
bugzilla
2023-03-16 17:43:51 UTC
Reproduced. Drag-and-dropping the headings crashes Writer in a trunk build from today too: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 44837a12d12be3e525fa48b37c3dd2553cc97d94 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Likely linked to the new feature from bug 145359 but will check now. Doesn't seem to affect Windows 10. Signature probably makes it gtk-specific. I could also crash it before, before Jim's addition, with many successive drag and drops eventually resulting in: https://crashreport.libreoffice.org/stats/crash_details/21d10262-85d4-4d46-a02a-adb3967a5613 in: Version: 7.4.6.2 / LibreOffice Community Build ID: 5b1f5509c2decdade7fda905e3e1429a67acd63d CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded and: Version: 7.3.7.2 / LibreOffice Community Build ID: e114eadc50a9ff8d8c8a0567d6da8f454beeb84f CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Could not reproduce in: Version: 7.2.7.2 / LibreOffice Community Build ID: 8d71d29d553c0f7dcbfa38fbfda25ee34cce99a2 CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded Will have a go at bisecting. Created attachment 186023 [details]
bt with debug symbols
On pc Debian x86-64 with master sources updated today + gtk3 rendering, I could reproduce this.
With gen and kf5 renderings, impossible to reorder and I noticed these:
warn:svtools.contnr:25559:25565:vcl/source/treelist/treelistbox.cxx:1022: SvTreeListBox::QueryDrop(): no format
Caolán: it seems gtk specific, I think you might be interested in this one. Crash is instant on first drag in 7.5 and 7.6, but takes a few goes before those versions, so I don't think I was seeing the same thing in previous versions. Bibisected the instant crash with gtk3 vcl and linux-64-7.5 repo to first bad commit 00c1911de432173d6f46f6f1cac9321d8f017ff6 which points to fix for bug 149412: commit e033e1f2a8e202f5ded99729fe896f72e9a0c3be author Caolán McNamara <caolanm@redhat.com> Thu Jan 19 11:13:50 2023 +0000 committer Adolfo Jayme Barrientos <fitojb@ubuntu.com> Fri Jan 20 13:52:26 2023 +0000 tdf#149412 gtk3: show all selected rows in dnd icon otherwise it looks like only one row is getting moved Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145820 I think that commit made this more frequent, but we might have had it as a bug for much longer ==3221972== Invalid read of size 8 ==3221972== at 0x23F281DA: gtk_drag_begin_internal (gtkdnd.c:1801) ==3221972== by 0x23F2886F: gtk_drag_begin_with_coordinates (gtkdnd.c:1995) ==3221972== by 0x23845075: (anonymous namespace)::GtkInstanceWidget::signal_motion(_GdkEventMotion const*) (gtkinst.cxx:3139) ==3221972== by 0x23844F09: (anonymous namespace)::GtkInstanceWidget::signalMotion(_GtkWidget*, _GdkEventMotion*, void*) (gtkinst.cxx:3130) ==3221972== by 0x23C0FC56: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:84) ==3221972== by 0x1378C05F: g_closure_invoke (gclosure.c:832) ==3221972== by 0x137B8F65: signal_emit_unlocked_R.isra.0 (gsignal.c:3796) ==3221972== by 0x137A8ED5: g_signal_emit_valist (gsignal.c:3559) ==3221972== by 0x137A96F2: g_signal_emit (gsignal.c:3606) ==3221972== by 0x23EF1073: gtk_widget_event_internal.part.0.lto_priv.0 (gtkwidget.c:7812) ==3221972== by 0x23D825AD: UnknownInlinedFun (gtkmain.c:2588) ==3221972== by 0x23D825AD: propagate_event.lto_priv.0 (gtkmain.c:2691) ==3221972== by 0x23D83320: UnknownInlinedFun (gtkmain.c:1921) ==3221972== by 0x23D83320: gtk_main_do_event (gtkmain.c:1691) ==3221972== Address 0x2c7d8070 is 0 bytes inside a block of size 16 free'd ==3221972== at 0x48460E4: free (vg_replace_malloc.c:884) ==3221972== by 0x1383388C: g_free (gmem.c:229) ==3221972== by 0x1384E093: g_slice_free1 (gslice.c:1185) ==3221972== by 0x23CD7A08: gtk_drag_source_set (gtkdragsource.c:162) ==3221972== by 0x23ED1EAB: gtk_tree_view_enable_model_drag_source (gtktreeview.c:14303) ==3221972== by 0x23877F41: (anonymous namespace)::GtkInstanceTreeView::drag_source_set(std::__debug::vector<_GtkTargetEntry, std::allocator<_GtkTargetEntry> > const&, GdkDragAction) (gtkinst.cxx:16279) ==3221972== by 0x238440B3: (anonymous namespace)::GtkInstanceWidget::do_enable_drag_source(rtl::Reference<TransferDataContainer> const&, unsigned char) (gtkinst.cxx:2707) ==3221972== by 0x23877E99: (anonymous namespace)::GtkInstanceTreeView::enable_drag_source(rtl::Reference<TransferDataContainer>&, unsigned char) (gtkinst.cxx:16270) ==3221972== by 0x36AAE6D2: SwContentTree::DragBeginHdl(bool&) (content.cxx:1227) ==3221972== by 0x36AAE2CE: SwContentTree::LinkStubDragBeginHdl(void*, bool&) (content.cxx:1180) ==3221972== by 0x238D38DA: Link<bool&, bool>::Call(bool&) const (link.hxx:111) ==3221972== by 0x23878D2D: (anonymous namespace)::GtkInstanceTreeView::do_signal_drag_begin(bool&) (gtkinst.cxx:16520) (In reply to Caolán McNamara from comment #6) > I think that commit made this more frequent, but we might have had it as a > bug for much longer I agree, I was able to crash it as far back as 7.2 but I could not find a consistent way to do it. Caolán McNamara committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/fd32093df9fdf5d46ed4def9fd8dada7d0d5e361 tdf#154232 signal_drag_begin callback can delete current GtkTargetList It will be available in 7.6.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-4": https://git.libreoffice.org/core/commit/9cb9bda78a7e47c4948e6ef2702f07460b22050a tdf#154232 signal_drag_begin callback can delete current GtkTargetList It will be available in 7.4.7. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-5": https://git.libreoffice.org/core/commit/c4f29ffc62af42365c983f4dc3514b2f8633c095 tdf#154232 signal_drag_begin callback can delete current GtkTargetList It will be available in 7.5.3. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Caolán McNamara committed a patch related to this issue. It has been pushed to "libreoffice-7-5-2": https://git.libreoffice.org/core/commit/ee55e17b556753e9853219dbeee9a10da18cd608 tdf#154232 signal_drag_begin callback can delete current GtkTargetList It will be available in 7.5.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Thanks Caolán! Verified as fixed in: Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 0d18262789fbe95eafe32bd775a9827ed99685ef CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3 Locale: en-AU (en_AU.UTF-8); UI: en-US Calc: threaded I've tested LO 7.5.2.2 via Ubuntu PPA. Mouse drag/drop in Navigator Heading view now works correctly with no crashes. Thanks for speedy resolution. |