Bug 820283

Summary: [abrt][reproducible] libreoffice-core-3.4.5.2-8.fc16: SwTable::NewInsertCol killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Karolis Dauzickas <karolis>
Component: libreofficeAssignee: Michael Stahl <mstahl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: caolanm, dtardon, erack, ltinkl, mstahl, sbergman
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:b8cb86b3bbef1a379f248b169c9f6f8adbe1da28
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 15:55:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: dso_list
none
File: maps
none
File: backtrace
none
File to reproduce the bug none

Description Karolis Dauzickas 2012-05-09 14:08:59 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        /usr/lib/libreoffice/program/soffice.bin --writer file:///media/D69AC9A59AC9828B/Documents%20and%20Settings/Ingrida/Downloads/CVTemplate-EDITED-KAROLIS.docx --splash-pipe=7
crash_function: GetPos
executable:     /usr/lib/libreoffice/program/soffice.bin
kernel:         3.3.2-6.fc16.i686
pid:            8371
pwd:            /home/karolis
reason:         Process /usr/lib/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
time:           Wed 09 May 2012 02:31:30 PM IST
uid:            1000
username:       karolis
xsession_errors: 

backtrace:      Text file, 40328 bytes
dso_list:       Text file, 19156 bytes
maps:           Text file, 47704 bytes

comment:
:Tried to add a column to a table when it crashed.
:It was a .docx document

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=mothership
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=8359
:GPG_AGENT_INFO=/tmp/keyring-7H0h2E/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:DESKTOP_STARTUP_ID=nautilus-8032-mothership-libreoffice-6_TIME14911677
:HISTSIZE=1000
:XDG_SESSION_COOKIE=6e2bf614b7910041d770f50d0000000f-1336555375.546154-155461563
:GJS_DEBUG_OUTPUT=stderr
:OLDPWD=/usr/lib/libreoffice/program
:GNOME_KEYRING_CONTROL=/tmp/keyring-7H0h2E
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=karolis
:SSH_AUTH_SOCK=/tmp/keyring-7H0h2E/ssh
:USERNAME=karolis
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1576,unix/unix:/tmp/.ICE-unix/1576
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/libreoffice-writer.desktop
:MAIL=/var/spool/mail/karolis
:PATH=/usr/lib/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/go/bin:/home/karolis/.local/bin:/home/karolis/bin
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/karolis
:XMODIFIERS=@im=none
:GNOME_KEYRING_PID=1568
:LANG=en_US.UTF-8
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/karolis
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:SAL_ENABLE_FILE_LOCKING=1
:LOGNAME=karolis
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-wmU1MWVEZc,guid=55f7a6bfacf75b6ab48fe18e000000a0
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/karolis
:DISPLAY=:0.0
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-karolis-ztVzMc/database
:LD_LIBRARY_PATH=/usr/java/jre1.6.0_31/lib/i386/client:/usr/java/jre1.6.0_31/lib/i386/server:/usr/java/jre1.6.0_31/lib/i386/native_threads:/usr/java/jre1.6.0_31/lib/i386

smolt_data:
:
:
:General
:=================================
:UUID: 8bef7ae9-3c6f-46da-8f11-494ba7855420
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: i686
:BogoMIPS: 4748.52
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM) i5 CPU       M 430  @ 2.27GHz
:CPU Stepping: 2
:CPU Family: 6
:CPU Model Num: 37
:Number of CPUs: 4
:CPU Speed: 2267
:System Memory: 2695
:System Swap: 7602
:Vendor: ASUSTeK Computer Inc.
:System: K52Jc 1.0
:Form factor: Notebook
:Kernel: 3.3.2-6.fc16.i686
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(32902:11536:32902:32902) pci, None, HOST/PCI, Core Processor QPI Link 0
:(32902:11362:32902:32902) pci, None, HOST/PCI, Core Processor QuickPath Architecture Generic Non-core Registers
:(32902:11521:32902:32902) pci, None, HOST/PCI, Core Processor QuickPath Architecture System Address Decoder
:(32902:68:4163:7287) pci, agpgart-intel, HOST/PCI, Core Processor DRAM Controller
:(32902:69:4163:7287) pci, pcieport, PCI/PCI, Core Processor PCI Express x16 Root Port
:(6523:9092:4163:6663) pci, None, BASE, xD Host Controller
:(6523:592:4163:6405) pci, jme, ETHERNET, JMC250 PCI Express Gigabit Ethernet Controller
:(6523:9089:4163:6663) pci, None, BASE, Standard SD Host Controller
:(6523:9091:4163:6663) pci, jmb38x_ms, BASE, MS Host Controller
:(6523:9090:4163:6663) pci, sdhci-pci, BASE, SD/MMC Host Controller
:(32902:11539:32902:32902) pci, None, HOST/PCI, Core Processor Reserved
:(32902:15145:4163:7287) pci, ahci, STORAGE, 5 Series/3400 Series Chipset 4 port SATA AHCI Controller
:(32902:15113:4163:7287) pci, None, PCI/ISA, Mobile 5 Series Chipset LPC Interface Controller
:(32902:15154:4163:7287) pci, intel ips, NONE, 5 Series/3400 Series Chipset Thermal Subsystem
:(32902:9288:4163:7287) pci, None, PCI/PCI, 82801 Mobile PCI Bridge
:(32902:15164:4163:7287) pci, ehci_hcd, USB, 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
:(32902:15156:4163:7287) pci, ehci_hcd, USB, 5 Series/3400 Series Chipset USB2 Enhanced Host Controller
:(32902:15204:4163:7287) pci, None, SIMPLE, 5 Series/3400 Series Chipset HECI Controller
:(5772:43:6715:4233) pci, ath9k, NETWORK, AR9285 Wireless Network Adapter (PCI-Express)
:(32902:70:4163:5170) pci, i915, VIDEO, Core Processor Integrated Graphics Controller
:(32902:15170:4163:7287) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 1
:(32902:15172:4163:7287) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 2
:(32902:15190:4163:5107) pci, snd_hda_intel, MULTIMEDIA, 5 Series/3400 Series Chipset High Definition Audio
:(4318:2672:4163:5170) pci, nouveau, VIDEO, GT218 [GeForce 310M]
:(32902:15180:4163:7287) pci, pcieport, PCI/PCI, 5 Series/3400 Series Chipset PCI Express Root Port 6
:(32902:11537:32902:32902) pci, None, HOST/PCI, Core Processor QPI Physical 0
:(32902:11538:32902:32902) pci, None, HOST/PCI, Core Processor Reserved
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/sda5 / ext4 4096 4096 92683806 66468213 65540765 23199744 22943829 22943829
:/dev/sda2 WITHHELD fuseblk 4096 4096 27350527 7382161 7382161 30085700 29687959 29687959
:

var_log_messages:
:May  9 14:31:30 mothership kernel: [15055.727263] soffice.bin[8371]: segfault at 5 ip 02d9bf65 sp bfe37850 error 4 in libswli.so[2b02000+adf000]
:May  9 14:31:31 mothership abrt[8424]: Saved core dump of pid 8371 (/usr/lib/libreoffice/program/soffice.bin) to /var/spool/abrt/ccpp-2012-05-09-14:31:30-8371 (95723520 bytes)
Comment 1 Karolis Dauzickas 2012-05-09 14:09:04 UTC 
Created attachment 583305 [details]
File: dso_list
Comment 2 Karolis Dauzickas 2012-05-09 14:09:06 UTC 
Created attachment 583306 [details]
File: maps
Comment 3 Karolis Dauzickas 2012-05-09 14:09:09 UTC 
Created attachment 583307 [details]
File: backtrace
Comment 4 Caolan McNamara 2012-05-09 19:55:18 UTC 
yuck, tables are hard. Are you able to provide the .docx which triggered the crash when you tried to insert a table. And if so can you indicate which table and into where you tried to add the column.
Comment 5 Karolis Dauzickas 2012-05-10 08:39:56 UTC 
Created attachment 583479 [details]
File to reproduce the bug

Since the file isn't mine, I cleared most of the file, however you can still reproduce the bug by clicking on the column with the word `Writing`, Table -> Insert -> Columns and OK.
Also, this file originally looked like this: http://europass.cedefop.europa.eu/en/documents/curriculum-vitae/templates-instructions/templates/doc.doc
And became the unholy mess in the attachment after a save as docx
Comment 6 Caolan McNamara 2012-06-08 13:41:23 UTC 
reproducible
Comment 7 Michael Stahl 2012-09-24 11:49:00 UTC 
meinsmeinsmeins!
Comment 8 Michael Stahl 2012-09-24 11:50:14 UTC 
grbml, it's mine i said...
Comment 9 Michael Stahl 2012-09-24 11:56:46 UTC 
crash is because the area above the "Wrting" cell in the table is not
covered by a cell.

the DOCX import filter creates tables with an irregular structure,
with different number of cells in each row; the SwDoc::TextToTable
should not allow that.

fixed upstream master:

http://cgit.freedesktop.org/libreoffice/core/commit/?id=6d2e09db4a677068095b0bebd08fbbb96620d60c
Comment 10 Michael Stahl 2012-09-28 17:24:33 UTC 
fix for this should be in next F17 upload 3.5.6.2-7
Comment 11 Michael Stahl 2012-10-04 18:37:01 UTC 
grbml... that fix was actually bogus,
but now i've got one that doesn't break table import,
should be in 3.5.7.2-2.

http://cgit.freedesktop.org/libreoffice/core/commit/?id=4113d9664c60d004474dfc1cffbcd7dc50fa6dc4
Comment 12 Fedora Update System 2012-10-05 05:29:22 UTC 
libreoffice-3.5.7.2-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libreoffice-3.5.7.2-2.fc17
Comment 13 Fedora Update System 2012-10-06 03:49:56 UTC 
Package libreoffice-3.5.7.2-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libreoffice-3.5.7.2-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-15506/libreoffice-3.5.7.2-2.fc17
then log in and leave karma (feedback).
Comment 14 Fedora Update System 2012-12-20 15:55:43 UTC 
libreoffice-3.5.7.2-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.