Description: Open Calc, type "=COUNTIF(BM5:BM9,0)" in a cell. Calc crashes. It is the same for the other functions of the same family (SUMIF, COUNTIFS, etc.). It works until BL column, but fails for column after that. If these columns have data, then the formula works ok. What makes the bug worse: if the columns have data, then the formula is added, then the data is removed, the file can be saved. But then LibreOffice crashes as soon as the file is opened, making it unusable and causing data loss. Steps to Reproduce: 1. Open Calc on an empty file 2. Type "=COUNTIF(BM5:BM9,0)" in a cell Actual Results: Calc crashes Expected Results: No crash Reproducible: Always User Profile Reset: No Additional Info: Version: 7.0.3.1 Build ID: 00(Build:1) CPU threads: 4; OS: Linux 5.9; UI render: default; VCL: gtk3 Locale: en-US (en_US.UTF-8); UI: en-US 7.0.3-5 Calc: threaded That's the version I have currently, but the problem is older than that.
On pc Debian x86-64 with LO Debian package 7.0.4.2, I could reproduce this. I noticed this on console: LibreOffice 7.0 - Fatal Error: multi_type_vector::position#1707: block position not found! (logical pos=4, block size=12297823529846995071, logical size=0) I'm waiting for the end of my local build to test with master sources updated today.
Created attachment 169295 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this too.
extra logs: ad /home/julien/lo/libreoffice/svx/source/accessibility/AccessibleTextHelper.cxx:271 /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/debug/vector:427: In function: std::__debug::vector::reference std::__debug::vector<std::unique_ptr<ScColumn, o3tl::default_delete<ScColumn>>, std::allocator<std::unique_ptr<ScColumn, o3tl::default_delete<ScColumn>>>>::operator[](std::__debug::vector::size_type) [_Tp = std::unique_ptr<ScColumn, o3tl::default_delete<ScColumn>>, _Allocator = std::allocator<std::unique_ptr<ScColumn, o3tl::default_delete<ScColumn>>>] Error: attempt to subscript container with out-of-bounds index 64, but container only holds 64 elements. Objects involved in the operation: sequence "this" @ 0x0x35fa1c0 { type = std::__debug::vector<std::unique_ptr<ScColumn, o3tl::default_delete<ScColumn> >, std::allocator<std::unique_ptr<ScColumn, o3tl::default_delete<ScColumn> > > >; } Eike/Noel: thought you might be interested in this one.
I mimicked void ScQueryCellIterator::InitPos() { nRow = maParam.nRow1; if (maParam.bHasHeader && maParam.bByRow) ++nRow; const ScColumn& rCol = rDoc.maTabs[nTab]->CreateColumnIfNotExists(nCol); maCurPos = rCol.maCells.position(nRow); } and this seems to work: diff --git a/sc/source/core/data/dociter.cxx b/sc/source/core/data/dociter.cxx index 9597fcedbbfd..8f3f79461c53 100644 --- a/sc/source/core/data/dociter.cxx +++ b/sc/source/core/data/dociter.cxx @@ -1469,8 +1469,8 @@ void ScCountIfCellIterator::InitPos() nRow = maParam.nRow1; if (maParam.bHasHeader && maParam.bByRow) ++nRow; - ScColumn* pCol = &(rDoc.maTabs[nTab])->aCol[nCol]; - maCurPos = pCol->maCells.position(nRow); + const ScColumn& rCol = rDoc.maTabs[nTab]->CreateColumnIfNotExists(nCol); + maCurPos = rCol.maCells.position(nRow); } void ScCountIfCellIterator::IncPos() Any thoughts?
Added crash signature Repro Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 66013201749df7d5ac5ddaf377a7b3732518a93b CPU threads: 4; OS: Windows 10.0 Build 21296; UI render: default; VCL: win Locale: es-ES (es_ES); UI: en-US Calc: CL
this is fixed in trunk. If someone could bibisect the fix, we can backport that patch.
When you say trunk it is the master branch? I can still reproduce it with the latest master.
I just get ERR:509 in the relevant cell when I try to reproduce Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 41eaf2d389277a8198974a78d9c70df2f6be8e89 CPU threads: 8; OS: Windows 10.0 Build 19042; UI render: Skia/Raster; VCL: win Locale: en-ZA (en_ZA); UI: en-US Calc: CL
That's because of your locale. You should type "=COUNTIF(BM5:BM9;0)" using the semicolon separator, not the comma. I tried en_ZA, I can reproduce it with: Version: 7.2.0.0.alpha0+ / LibreOffice Community Build ID: d2fe1369ca92f3978a5203498d1ad2898c6a09e8 CPU threads: 4; OS: Linux 5.9; UI render: default; VCL: gtk3 Locale: en-ZA (en_ZA.utf8); UI: en-US Calc: threaded
Created attachment 169408 [details] File causing Calc to crash This is a file causing Calc to crash during loading, obtained by first filling data in the BN column, typing "=COUNTIF(BN4:BN6;0)" then removing the data and saving the file.
This is indeed a regression from author Noel Grandin <noel.grandin@collabora.co.uk> 2019-02-01 15:15:16 +0100 committer Mike Kaganski <mike.kaganski@collabora.com> 2019-04-05 13:43:52 +0200 commit 7282014e362a1529a36c88eb308df8ed359c2cfa (patch) tree 2776ad9601f494330076ac58c08554e719c6ab3a parent df30a4515b1303b0891baa53754fa9b3e47e0c02 (diff) tdf#50916 Makes numbers of columns dynamic.
Crash report I get: https://crashreport.libreoffice.org/stats/signature/mdds::multi_type_vector%3Cmdds::mtv::custom_block_func3%3Cmdds::mtv::default_element_block%3C52,svl::SharedString%3E,mdds::mtv::noncopyable_managed_element_block%3C53,EditTextObject%3E,mdds::mtv::noncopyable_managed_element_block%3C54,ScFormulaCell%3E%20%3E,sc::CellStoreEven
Noel Grandin committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/c4540f86925609a54d473051ceb8dcf46d0e22aa tdf#140014 calc crash on COUNTIF It will be available in 7.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Noel Grandin committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/7f921fb690005a21bbc1c2e24d5142a0eae9af50 tdf#140014 calc crash on COUNTIF It will be available in 7.1.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Noel Grandin committed a patch related to this issue. It has been pushed to "libreoffice-7-0": https://git.libreoffice.org/core/commit/04ccd7f247dd6be93e7f44e11333852ae65dbef2 tdf#140014 calc crash on COUNTIF It will be available in 7.0.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.