Bug 334150

Summary: Words crashes on table manipulations
Product: [Applications] calligrawords Reporter: kdeuser56
Component: tablesAssignee: Calligra Words Bugs <calligra-words-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: cbo
Priority: NOR    
Version: 2.8.1   
Target Milestone: ---   
Platform: Kubuntu   
OS: Linux   
URL: https://drive.google.com/file/d/0B-ihXi2hkCPfcTFodUdMNVFPNVk/edit?usp=sharing
Latest Commit: http://commits.kde.org/calligra/4311febc5e764eb02fbfafc80900e3f339e39a20 Version Fixed In:
Sentry Crash Report:

Description kdeuser56 2014-04-30 18:02:58 UTC 
Check out the video https://drive.google.com/file/d/0B-ihXi2hkCPfcTFodUdMNVFPNVk/edit?usp=sharing to see how the backtrace here was achieved:
(I have triggered multiple crashes and always got similar backtraces ... you can find all of them here: https://drive.google.com/file/d/0B-ihXi2hkCPfZEZ2cU1LNUljMDQ/edit?usp=sharing)

Application: Calligra Words (calligrawords), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
To enable execution of this file add
	add-auto-load-safe-path /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19-gdb.py
line to your configuration file "/home/user/.gdbinit".
To completely disable this security protection add
	set auto-load safe-path /
line to your configuration file "/home/user/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
	info "(gdb)Auto-loading safe path"
[Current thread is 1 (Thread 0x7f7bf1af57c0 (LWP 3660))]

Thread 2 (Thread 0x7f7bc87e2700 (LWP 3665)):
#0  0x00007f7bf143d6bd in read () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f7bec434c20 in read (__nbytes=16, __buf=0x7f7bc87e1be0, __fd=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/unistd.h:44
#2  g_wakeup_acknowledge (wakeup=0x7f7bc0002430) at /build/buildd/glib2.0-2.40.0/./glib/gwakeup.c:210
#3  0x00007f7bec3f3b14 in g_main_context_check (context=context@entry=0x7f7bc0329f40, max_priority=2147483647, fds=fds@entry=0x7f7bc0263ee0, n_fds=n_fds@entry=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3532
#4  0x00007f7bec3f3f7b in g_main_context_iterate (context=context@entry=0x7f7bc0329f40, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3731
#5  0x00007f7bec3f40ec in g_main_context_iteration (context=0x7f7bc0329f40, may_block=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#6  0x00007f7befb557be in QEventDispatcherGlib::processEvents (this=0x7f7bc0329300, flags=...) at kernel/qeventdispatcher_glib.cpp:436
#7  0x00007f7befb270af in QEventLoop::processEvents (this=this@entry=0x7f7bc87e1de0, flags=...) at kernel/qeventloop.cpp:149
#8  0x00007f7befb273a5 in QEventLoop::exec (this=this@entry=0x7f7bc87e1de0, flags=...) at kernel/qeventloop.cpp:204
#9  0x00007f7befa23c5f in QThread::exec (this=this@entry=0x26a7800) at thread/qthread.cpp:537
#10 0x00007f7befb08823 in QInotifyFileSystemWatcherEngine::run (this=0x26a7800) at io/qfilesystemwatcher_inotify.cpp:265
#11 0x00007f7befa2632f in QThreadPrivate::start (arg=0x26a7800) at thread/qthread_unix.cpp:349
#12 0x00007f7bec8d3182 in start_thread (arg=0x7f7bc87e2700) at pthread_create.c:312
#13 0x00007f7bf144c30d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7f7bf1af57c0 (LWP 3660)):
[KCrash Handler]
#6  ref (this=0x91) at /usr/include/qt4/QtCore/qatomic_x86_64.h:121
#7  operator= (o=..., this=0x2f9d4d0, this@entry=0x2f9d4c8) at /usr/include/qt4/QtCore/qshareddata.h:97
#8  KoTableRowStyle::operator= (this=this@entry=0x2f9d4d0, rhs=...) at /build/buildd/calligra-2.8.1-1/libs/kotext/styles/KoTableRowStyle.cpp:72
#9  0x00007f7beecba55b in qCopy<KoTableRowStyle*, KoTableRowStyle*> (dest=0x2f9d4d8, end=0x2f9d4e0, begin=0x2f9d4f0) at /usr/include/qt4/QtCore/qalgorithms.h:82
#10 erase (aend=<optimized out>, abegin=<optimized out>, this=0x2f4b000) at /usr/include/qt4/QtCore/qvector.h:634
#11 remove (n=<optimized out>, i=<optimized out>, this=0x2f4b000) at /usr/include/qt4/QtCore/qvector.h:372
#12 KoTableColumnAndRowStyleManager::removeRows (this=this@entry=0x7ffffe10c690, row=<optimized out>, numberRows=<optimized out>) at /build/buildd/calligra-2.8.1-1/libs/kotext/KoTableColumnAndRowStyleManager.cpp:189
#13 0x00007f7beed3aa58 in DeleteTableRowCommand::redo (this=0x2fc8e60) at /build/buildd/calligra-2.8.1-1/libs/kotext/commands/DeleteTableRowCommand.cpp:78
#14 0x00007f7bedb0d12d in KUndo2QStack::push (this=this@entry=0xa0a2d0, cmd=0x2fc8e60) at /build/buildd/calligra-2.8.1-1/libs/kundo2/kundo2stack.cpp:570
#15 0x00007f7beec8eeae in KoTextEditor::addCommand (this=this@entry=0xb95f20, command=command@entry=0x2fc8e60) at /build/buildd/calligra-2.8.1-1/libs/kotext/KoTextEditor_undo.cpp:230
#16 0x00007f7beec886dd in KoTextEditor::deleteTableRow (this=0xb95f20) at /build/buildd/calligra-2.8.1-1/libs/kotext/KoTextEditor.cpp:1100
#17 0x00007f7bd5f15fc5 in TextTool::qt_static_metacall (_o=0x119d830, _id=49927400, _a=0x91, _c=<optimized out>) at /build/buildd/calligra-2.8.1-1/obj-x86_64-linux-gnu/plugins/textshape/TextTool.moc:208
#18 0x00007f7befb3c87a in QMetaObject::activate (sender=sender@entry=0x1cc2cd0, m=m@entry=0x7f7bf0fc4de0 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffffe10c970) at kernel/qobject.cpp:3539
#19 0x00007f7bf0514a62 in QAction::triggered (this=this@entry=0x1cc2cd0, _t1=false) at .moc/release-shared/moc_qaction.cpp:276
#20 0x00007f7bf0516433 in QAction::activate (this=0x1cc2cd0, event=<optimized out>) at kernel/qaction.cpp:1257
#21 0x00007f7bf08cdb02 in QAbstractButtonPrivate::click (this=this@entry=0x273c5e0) at widgets/qabstractbutton.cpp:530
#22 0x00007f7bf08cdc2c in QAbstractButton::mouseReleaseEvent (this=0x26f7d00, e=0x7ffffe10ce80) at widgets/qabstractbutton.cpp:1123
#23 0x00007f7bf0984a4a in QToolButton::mouseReleaseEvent (this=<optimized out>, e=<optimized out>) at widgets/qtoolbutton.cpp:723
#24 0x00007f7bf056a50a in QWidget::event (this=0x26f7d00, event=0x7ffffe10ce80) at kernel/qwidget.cpp:8376
#25 0x00007f7bf051ae2c in QApplicationPrivate::notify_helper (this=this@entry=0x805120, receiver=receiver@entry=0x26f7d00, e=e@entry=0x7ffffe10ce80) at kernel/qapplication.cpp:4567
#26 0x00007f7bf05215dd in QApplication::notify (this=<optimized out>, receiver=receiver@entry=0x26f7d00, e=e@entry=0x7ffffe10ce80) at kernel/qapplication.cpp:4110
#27 0x00007f7bf105fe07 in KoApplication::notify (this=<optimized out>, receiver=0x26f7d00, event=0x7ffffe10ce80) at /build/buildd/calligra-2.8.1-1/libs/main/KoApplication.cpp:590
#28 0x00007f7befb284dd in QCoreApplication::notifyInternal (this=0x7ffffe10d640, receiver=receiver@entry=0x26f7d00, event=event@entry=0x7ffffe10ce80) at kernel/qcoreapplication.cpp:953
#29 0x00007f7bf0520d93 in sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#30 QApplicationPrivate::sendMouseEvent (receiver=receiver@entry=0x26f7d00, event=event@entry=0x7ffffe10ce80, alienWidget=alienWidget@entry=0x26f7d00, nativeWidget=nativeWidget@entry=0x25643d0, buttonDown=buttonDown@entry=0x7f7bf1000318 <qt_button_down>, lastMouseReceiver=..., spontaneous=spontaneous@entry=true) at kernel/qapplication.cpp:3178
#31 0x00007f7bf05959cb in QETWidget::translateMouseEvent (this=this@entry=0x25643d0, event=event@entry=0x7ffffe10d200) at kernel/qapplication_x11.cpp:4634
#32 0x00007f7bf0595269 in QApplication::x11ProcessEvent (this=0x7ffffe10d640, event=event@entry=0x7ffffe10d200) at kernel/qapplication_x11.cpp:3627
#33 0x00007f7bf05bcb02 in x11EventSourceDispatch (s=0x8069f0, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#34 0x00007f7bec3f3e04 in g_main_dispatch (context=0x805610) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3064
#35 g_main_context_dispatch (context=context@entry=0x805610) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3663
#36 0x00007f7bec3f4048 in g_main_context_iterate (context=context@entry=0x805610, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3734
#37 0x00007f7bec3f40ec in g_main_context_iteration (context=0x805610, may_block=1) at /build/buildd/glib2.0-2.40.0/./glib/gmain.c:3795
#38 0x00007f7befb557a1 in QEventDispatcherGlib::processEvents (this=0x8050e0, flags=...) at kernel/qeventdispatcher_glib.cpp:434
#39 0x00007f7bf05bcbb6 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#40 0x00007f7befb270af in QEventLoop::processEvents (this=this@entry=0x7ffffe10d5d0, flags=...) at kernel/qeventloop.cpp:149
#41 0x00007f7befb273a5 in QEventLoop::exec (this=this@entry=0x7ffffe10d5d0, flags=...) at kernel/qeventloop.cpp:204
#42 0x00007f7befb2cb79 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#43 0x00007f7bf051937c in QApplication::exec () at kernel/qapplication.cpp:3828
#44 0x00007f7bf1719e95 in kdemain (argc=<optimized out>, argv=<optimized out>) at /build/buildd/calligra-2.8.1-1/words/app/main.cpp:44
#45 0x00007f7bf1372ec5 in __libc_start_main (main=0x4006d0 <main(int, char**)>, argc=1, argv=0x7ffffe10d778, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffffe10d768) at libc-start.c:287
#46 0x00000000004006fe in _start ()

Reproducible: Always

Steps to Reproduce:
No clear instructions figured out yet, but I am successful reproducing this every time, it takes me usually one minute of playing around with nothing more than a table to trigger the crash.
I have done so in many different ways and all back traces look similar and seem to be the same bug.
Comment 1 Camilla Boemann 2015-01-22 12:40:44 UTC 
reproduced in 2.9 branch following the video
Comment 2 Camilla Boemann 2015-01-22 13:17:02 UTC 
Git commit 4311febc5e764eb02fbfafc80900e3f339e39a20 by C. Boemann.
Committed on 22/01/2015 at 13:12.
Pushed by boemann into branch 'calligra/2.9'.

We had some leftover change tracking code  and it seems like it caused some crashes

M  +6    -43   libs/kotext/KoTextEditor.cpp
M  +11   -25   libs/kotext/commands/DeleteTableColumnCommand.cpp
M  +1    -1    libs/kotext/commands/DeleteTableColumnCommand.h
M  +10   -25   libs/kotext/commands/DeleteTableRowCommand.cpp
M  +1    -2    libs/kotext/commands/DeleteTableRowCommand.h
M  +2    -11   libs/kotext/commands/InsertTableColumnCommand.cpp
M  +1    -2    libs/kotext/commands/InsertTableColumnCommand.h
M  +2    -12   libs/kotext/commands/InsertTableRowCommand.cpp
M  +1    -2    libs/kotext/commands/InsertTableRowCommand.h

http://commits.kde.org/calligra/4311febc5e764eb02fbfafc80900e3f339e39a20
Comment 3 kdeuser56 2015-01-23 19:30:09 UTC 
I know Bugzilla is a working tool for you, but I simply want to thank you for doing that! This helps my confidence in reporting bugs (despite no clear instructions figured out and the bug lying around for some time, you took the time to look into it, kudos!)
Maybe I will try Calligra soon again and report bugs, I was a bit frustrated the last time (the product itself is highly promising, the vision great, the stability was still a bit of a problem the last time).
Thank you very much!
Comment 4 kdeuser56 2015-01-23 19:30:27 UTC 
I know Bugzilla is a working tool for you, but I simply want to thank you for doing that! This helps my confidence in reporting bugs (despite no clear instructions figured out and the bug lying around for some time, you took the time to look into it, kudos!)
Maybe I will try Calligra soon again and report bugs, I was a bit frustrated the last time (the product itself is highly promising, the vision great, the stability was still a bit of a problem the last time).
Thank you very much!
Comment 5 Camilla Boemann 2015-01-23 21:23:54 UTC 
"thank you"s are welcome and thank you for taking the time to say thanks

we have not worked on it much for almost a year but are slowly trying to get back in gear