Bug 248103
| Summary: | Abiword dereferences NULL pointer when opening certain RTF file | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Lubomir Kundrak <lkundrak> | ||||
| Component: | abiword | Assignee: | Marc Maurer <uwog> | ||||
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 6 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2007-09-03 23:32:30 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 159141 [details]
Minimal reproducer for an Abiword crash
Fixed upstream in revision 21892 Marc Maurer: Would it be hard to backport the patch? This bug causes AbiWord to die on all RTF files generated by fop2rtf which is about the only way to generate RTFs from docbook. I commited the fix that also cleanly applies against F-7 to Rawhide. Marc please consider updating the stable releases. Thanks for already doing that for me. |
Description of problem: Abiword crashes due to NULL pointer dereference when opening a RTF file (generated by java fo2rtf tool). I believe that the file is correct, as it is interpreted correctly by OpenOffice.org. The minimal testcase is attached. Version-Release number of selected component (if applicable): abiword-2.4.6-1.fc6 Additional info: (gdb) run crasher.rtf [Thread debugging using libthread_db enabled] [New Thread -1208641824 (LWP 12937)] warning: the debug information found in "/usr/lib/debug//usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so.debug" does not match "/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so.debug" does not match "/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so" (CRC mismatch). Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208641824 (LWP 12937)] FL_DocLayout::fillLayouts (this=0xa43a690) at fl_DocLayout.cpp:598 598 if(pCL->getContainerType() == FL_CONTAINER_BLOCK) (gdb) bt #0 FL_DocLayout::fillLayouts (this=0xa43a690) at fl_DocLayout.cpp:598 #1 0x08167a5d in AP_Frame::_replaceView (this=0xa1d7fd0, pG=0xa444910, pDocLayout=0xa43a690, pView=0xa446848, pScrollObj=0xa43e6a0, pViewListener=0xa43f438, pOldDoc=0x0, pScrollbarViewListener=0xa43f560, lid=1, lidScrollbarViewListener=2, iZoom=114) at ap_Frame.cpp:697 #2 0x08167325 in AP_Frame::_showDocument (this=0xa1d7fd0, iZoom=114) at ap_Frame.cpp:525 #3 0x0816779a in AP_Frame::loadDocument (this=0xa1d7fd0, szFilename=0xbfb299a3 "crasher.rtf", ieft=0, createNew=true) at ap_Frame.cpp:340 #4 0x0814807e in AP_App::openCmdLineFiles (this=0xa0c8550, args=0xbfb27dd4) at ap_App.cpp:60 #5 0x081429e3 in AP_UnixApp::main (szAppName=0x83efde7 "AbiWord", argc=2, argv=0xbfb27ec4) at ap_UnixApp.cpp:1529 #6 0x0813e9aa in main (argc=138648616, argv=0xa0c8550) at UnixMain.cpp:26 (gdb) l 593 { 594 fl_DocSectionLayout * pLastSec = getLastSection(); 595 fl_ContainerLayout * pCL = pLastSec->getLastLayout(); 596 fl_BlockLayout * pBL = NULL; 597 bool bRebreak = false; 598 if(pCL->getContainerType() == FL_CONTAINER_BLOCK) 599 { 600 pBL = static_cast<fl_BlockLayout *>(pCL); 601 } 602 else (gdb) print pCL $2 = <value optimized out> (gdb) print *pCL Cannot access memory at address 0x0 (gdb)