[Upstream] soffice.bin crashed with SIGSEGV in Timer::ImplTimerCallbackProc()

Created attachment 92215
Spreadsheet with macros to reproduce this crash

Problem description:
I have a package composed by a collection of spreadsheets with macros. Since a couple of LibreOffice versions I get this crash. I attach a spreadsheet with macros where I can reproduce this crash 100% of the times. I will try to create a simpler test case since this spreadsheet is unnecessarily complex (a part of my package).

Steps to reproduce:
1) Open 1num1cat.ods (attached file). Press OK to the dialog that appears.
2) Go to the "Data entry" worksheet
3) Copy the range A2:B50 (any range here would do)
4) Double click on A1 or B1, a dialog opens, click OK.

Current behavior:
Libreoffice freezes for 20 seconds and then crashes

Expected behavior:
The macro should paste the data in the range A2:B50

For a stacktrace see:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1269734

Operating System: Ubuntu
Version: 4.1.3.2 release

Not reproducible in MASTER:
Microsoft Windows Vista Business x86 6.0.6002 Service Pack 2 Build 6002
Version: 4.3.0.0.alpha0+
Build ID: 42f551d524a1df46f6a311d5897ac30bd8fc1aaf
TinderBox: Win-x86@42, Branch:master, Time: 2014-01-15_22:51:46

Is reproducible in:
lsb_release -rd
Description: Ubuntu Trusty Tahr (development branch)
Release: 14.04

apt-cache policy libreoffice-calc
libreoffice-calc:
  Installed: 1:4.1.3-0ubuntu3
  Candidate: 1:4.1.3-0ubuntu3
  Version table:
 *** 1:4.1.3-0ubuntu3 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

May be linux only and/or older version only issue.

I can also reproduce it in:

lsb_release -rd
Description: Ubuntu Trusty Tahr (development branch)
Release: 14.04

apt-cache policy libreoffice-calc
libreoffice-calc:
  Installed: 1:4.2.1-0ubuntu1
  Candidate: 1:4.2.1-0ubuntu1
  Version table:
 *** 1:4.2.1-0ubuntu1 0
        500 http://ftp.caliu.cat/pub/distribucions/ubuntu/archive/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Still reproducing it in:

libreoffice:
  Installed: 1:4.2.3~rc3-0ubuntu2
  Candidate: 1:4.2.3~rc3-0ubuntu2
  Version table:
 *** 1:4.2.3~rc3-0ubuntu2 0
        500 http://ftp.caliu.cat/pub/distribucions/ubuntu/archive/ trusty/universe amd64 Packages
        100 /var/lib/dpkg/status

Still reproducing it in (the testcase above crashes Libreoffice after some seconds of unresponsiveness):

Description: Ubuntu Utopic Unicorn (development branch)
Release: 14.10

apt-cache policy libreoffice-calc
libreoffice-calc:
  Installed: 1:4.3.2-0ubuntu1
  Candidate: 1:4.3.2-0ubuntu1
  Version table:
 *** 1:4.3.2-0ubuntu1 0
        500 http://ftp.caliu.cat/pub/distribucions/ubuntu/archive/ utopic/main amd64 Packages
        100 /var/lib/dpkg/status

Not able to reproduce in Windows, I haven't tried in this last versions but in 4.2.3 I cannot reproduce it.

It's also working in the Mac version.

Right now I'm able to reproduce this bug in all 4.3.X versions in all platforms: Windows, Mac and Linux

This is a re-entrance problem. While the charts are updated there are chart data listeners in BASIC that in turn modify things such that charts are inserted/removed from the listener chain, invalidating the iterator.

Eike Rathke committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ef2ed50231fd946c1f374ffbce28ebb98eda56c5

fdo#73695 prevent use of invalidated iterator due to re-entrance

It will be available in 4.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Pending review for 4-3 at https://gerrit.libreoffice.org/12434

Pushed to -4-3: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=547d613e0868726e602ccb00fca0e7518a6c4bee