Bug 631543

Summary: [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double
Product: [Fedora] Fedora Reporter: Richard Henderson <rth>
Component: openoffice.orgAssignee: David Tardon <dtardon>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: caolanm, dtardon, the.hw.group
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:386d06e5164070a103c6e053b4db1666b1e4a68b
Fixed In Version: openoffice.org-3.2.0-12.33.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-27 22:34:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Richard Henderson 2010-09-07 20:33:01 UTC 
abrt version: 1.1.13
architecture: x86_64
Attached file: backtrace
cmdline: /usr/lib64/openoffice.org3/program/swriter.bin -writer file:///local/home/rth/pecoff_v8.docx
component: openoffice.org
crash_function: raise
executable: /usr/lib64/openoffice.org3/program/swriter.bin
kernel: 2.6.34.6-47.fc13.x86_64
package: openoffice.org-writer-1:3.2.0-12.31.fc13
rating: 4
reason: Process /usr/lib64/openoffice.org3/program/swriter.bin was killed by signal 6 (SIGABRT)
release: Fedora release 13 (Goddard)
time: 1283890810
uid: 5000

How to reproduce
-----
Opened the following doc file.

http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/pecoff_v8.docx
Comment 1 Richard Henderson 2010-09-07 20:33:03 UTC 
Created an attachment (id=445780)
File: backtrace
Comment 2 David Tardon 2010-09-08 05:59:28 UTC 
Confirmed. It's okay in 3.3.0-5.3.fc15 .
Comment 3 David Tardon 2010-09-08 11:50:10 UTC 
It looks like several places in the code suppose that there is always at least one instance of SvtSysLocale hanging around somewhere, so it's safe to take a pointer to LocaleDataWrapper out of a temporary instance of SvtSysLocale. That's evidently not the case here ;)
Comment 4 David Tardon 2010-09-08 12:34:43 UTC 
fix will be in >=3.2.0-12.32.fc13
Comment 5 Fedora Update System 2010-10-12 19:17:22 UTC 
openoffice.org-3.2.0-12.32.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.32.fc13
Comment 6 Fedora Update System 2010-10-14 06:27:15 UTC 
openoffice.org-3.2.0-12.32.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openoffice.org'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.32.fc13
Comment 7 Fedora Update System 2010-10-16 05:44:06 UTC 
openoffice.org-3.2.0-12.33.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.33.fc13
Comment 8 the.hw.group 2010-10-26 00:34:58 UTC 
Package: openoffice.org-writer-1:3.2.0-12.31.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)


How to reproduce
-----
1.
2.
3.
I opened up a .docx file, then open office writer crashed.
Comment 9 Fedora Update System 2010-10-27 22:34:06 UTC 
openoffice.org-3.2.0-12.33.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.