https://bugs.documentfoundation.org/show_bug.cgi?id=152404
Bug ID: 152404
Summary: Crash in Writer when inserting a new comment while
there is uncommitted text
Product: LibreOffice
Version: 7.5.0.0 alpha1+
Hardware: All
OS: Windows (All)
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: Writer
Assignee: libreoffice-bugs@lists.freedesktop.org
Reporter: plub...@neooffice.org
Description:
After some debugging, I found that the crash occurs when the new comment grabs
focus, it invokes WinSalFrame::EndExtTextInput() which is supposed to commit
the uncommitted text. Unfortunately, Writer's input method handler commits the
text in two steps: first it deletes the uncommitted text, then it inserts the
committed text.
The crash occurs in the first step: when Writer deletes the uncommitted text,
it triggers Writer to remove the newly added comment and the comment's vcl
objects are all deleted.
Steps to Reproduce:
Steps to reproduce. Note: this crash occurs in Windows but not macOS since
macOS has not yet implemented SalFrame::EndExtTextInput():
1. Open a new Writer document
2. Change your keyboard entry to a Chinese, Japanese, or Korean input method (I
used Japanese Hiragana)
3. Type a few characters so that the text is in an uncommitted state (I typed
"aaa" on a US English physical keyboard which get converted to "あああ" by the
Japanese Hiragana input method)
4. Press the Control-Alt-C keys to create a new comment
5. Crash
Actual Results:
Application crashes due to use of a deleted pointer.
Expected Results:
Uncommitted text should be committed and the cursor moved to the new comment.
Reproducible: Always
User Profile Reset: Yes
Additional Info:
Version: 7.5.0.0.alpha1+ (X86_64) / LibreOffice Community
Build ID: c08e5db055c9d34d3f0b0b9d2a192d7ebdcd9576
CPU threads: 1; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: en-US (en_US); UI: en-US
Calc: threaded
--
You are receiving this mail because:
You are the assignee for the bug.
