Description of problem: oowriter crashes when I use Save As on a .doc file (attached). Version-Release number of selected component (if applicable): openoffice.org-writer-2.0.3-7.9 How reproducible: Always Steps to Reproduce: 1. oowriter CSI\ Letterhead.doc & 2. attach to oowriter in gdb Actual results: Crash (backtrace below) Expected results: No crash Additional info: Continuing. [New Thread 1126189376 (LWP 24827)] [New Thread 1136679232 (LWP 24828)] [Thread 1126189376 (LWP 24827) exited] [Thread 1136679232 (LWP 24828) exited] *** stack smashing detected ***: /usr/lib64/openoffice.org2.0/program/swriter.bin terminated Program received signal SIGABRT, Aborted. [Switching to Thread 46912688705152 (LWP 24796)] 0x00002aaaacf52205 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) bt #0 0x00002aaaacf52205 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00002aaaacf53b70 in *__GI_abort () at abort.c:88 #2 0x00002aaaacf8976b in __libc_message (do_abort=1, fmt=0x2aaaad03bec0 "*** stack smashing detected ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x00002aaaad003f4f in __stack_chk_fail () at stack_chk_fail.c:31 #4 0x00002aaaab6dc400 in WW8Dop::Write (this=0x2aaabd790080, rStrm=@0x2aaac13a3790, rFib=@0x7fffcb5e114c) at /usr/src/debug/OOC680_m7/sw/source/filter/ww8/ww8scan.cxx:6807 #5 0x00002aaaab66e9f8 in SwWW8Writer::WriteFkpPlcUsw (this=0x2aaac16d5b28) at /usr/src/debug/OOC680_m7/sw/source/filter/ww8/wrtww8.cxx:2068 #6 0x00002aaaab66ebbd in SwWW8Writer::StoreDoc1 (this=0x2aaac16d5b28) at /usr/src/debug/OOC680_m7/sw/source/filter/ww8/wrtww8.cxx:2109 #7 0x00002aaaab66f68b in SwWW8Writer::StoreDoc (this=0x2aaac16d5b28) at /usr/src/debug/OOC680_m7/sw/source/filter/ww8/wrtww8.cxx:2398 #8 0x00002aaaab670529 in SwWW8Writer::WriteStorage (this=0x2aaac16d5b28) at /usr/src/debug/OOC680_m7/sw/source/filter/ww8/wrtww8.cxx:2563 #9 0x00002aaaab6378a2 in StgWriter::Write (this=0x2aaac16d5b28, rPaM=@0x2aaac0749640, rStg=<value optimized out>, pFName=<value optimized out>) at /usr/src/debug/OOC680_m7/sw/source/filter/writer/writer.cxx:641 #10 0x00002aaaab6374bf in Writer::Write (this=0x2aaac16d5b28, rPaM=@0x2aaac0749640, rStrm=@0x2aaac2f6b0b0, pFName=0x7fffcb5e1ad0) at /usr/src/debug/OOC680_m7/sw/source/filter/writer/writer.cxx:350 #11 0x00002aaaab574e99 in SwWriter::Write (this=0x7fffcb5e1a00, rxWriter=@0x7fffcb5e1ae0, pRealFileName=0x7fffcb5e1ad0) at /usr/src/debug/OOC680_m7/sw/source/filter/basflt/shellio.cxx:1001 #12 0x00002aaaab746dbe in SwDocShell::ConvertTo (this=0x2aaabd6ed118, rMedium=@0x2aaac2f96ac0) at /usr/src/debug/OOC680_m7/sw/source/ui/app/docsh.cxx:930 #13 0x00002aaab18a5405 in SfxObjectShell::SaveTo_Impl (this=0x2aaabd6ed118, rMedium=@0x2aaac2f96ac0, pSet=0x0) at /usr/src/debug/OOC680_m7/sfx2/source/doc/objstor.cxx:1585 #14 0x00002aaab18a8323 in SfxObjectShell::PreDoSaveAs_Impl (this=0x2aaabd6ed118, rFileName=@0x7fffcb5e23c0, aFilterName=@0x7fffcb5e25d0, pParams=<value optimized out>) at /usr/src/debug/OOC680_m7/sfx2/source/doc/objstor.cxx:2741 #15 0x00002aaab18a8a87 in SfxObjectShell::CommonSaveAs_Impl (this=0x2aaabd6ed118, aURL=@0x7fffcb5e2550, aFilterName=@0x7fffcb5e25d0, aParams=0x2aaac13becd0) at /usr/src/debug/OOC680_m7/sfx2/source/doc/objstor.cxx:2612 #16 0x00002aaab18afa33 in SfxObjectShell::APISaveAs_Impl (this=0x2aaabd6ed118, aFileName=@0x7fffcb5e28a0, aParams=0x2aaac13becd0) at /usr/src/debug/OOC680_m7/sfx2/source/doc/objserv.cxx:442 #17 0x00002aaab18e6aec in SfxBaseModel::impl_store (this=0x2aaaaab71d18, sURL=@0x7fffcb5e2fe0, seqArguments=@0x7fffcb5e3880, bSaveTo=0 '\0') at /usr/src/debug/OOC680_m7/sfx2/source/doc/sfxbasemodel.cxx:3414 #18 0x00002aaab18f5578 in SfxBaseModel::storeAsURL (this=0x2aaaaab71d18, rURL=@0x7fffcb5e2fe0, rArgs=@0x7fffcb5e3880) at /usr/src/debug/OOC680_m7/sfx2/source/doc/sfxbasemodel.cxx:2270 #19 0x00002aaab190d1b9 in SfxStoringHelper::GUIStoreModel (this=<value optimized out>, xModel=<value optimized out>, aSlotName=<value optimized out>, aArgsSequence=@0x7fffcb5e3880) at /usr/src/debug/OOC680_m7/sfx2/source/doc/guisaveas.cxx:1431 #20 0x00002aaab18b2109 in SfxObjectShell::ExecFile_Impl (this=0x2aaabd6ed118, rReq=@0x7fffcb5e3e50) at /usr/src/debug/OOC680_m7/sfx2/source/doc/objserv.cxx:722 #21 0x00002aaab1961746 in SfxDispatcher::Call_Impl (this=0x2aaac04ea790, rShell=@0x2aaabd6ed118, rSlot=@0x2aaab1cdbba0, rReq=@0x7fffcb5e3e50, bRecord=1 '\001') at ../../inc/shell.hxx:226 #22 0x00002aaab1955e6a in SfxBindings::Execute_Impl (this=0x2aaac0a4c080, aReq=@0x7fffcb5e3e50, pSlot=0x2aaab1cdbba0, pShell=0x2aaabd6ed118) at /usr/src/debug/OOC680_m7/sfx2/source/control/bindings.cxx:1751 #23 0x00002aaab197ea27 in SfxDispatchController_Impl::dispatch (this=0x2aaabdb26308, aURL=@0x7fffcb5e3ea0, ---Type <return> to continue, or q <return> to quit--- aArgs=<value optimized out>, rListener=@0x7fffcb5e3fc0) at /usr/src/debug/OOC680_m7/sfx2/source/control/unoctitm.cxx:827 #24 0x00002aaab197f3a1 in SfxOfficeDispatch::dispatch (this=0x2aaac1517eb8, aURL=@0x7fffcb5e4080, aArgs=@0x7fffcb5e4110) at /usr/src/debug/OOC680_m7/sfx2/source/control/unoctitm.cxx:450 #25 0x00002aaab23aaa45 in framework::MenuBarManager::Select (this=0x2aaac1359488, pMenu=0x2aaac243da90) at /usr/src/debug/OOC680_m7/framework/source/uielement/menubarmanager.cxx:1428 #26 0x00002aaaad48799e in Menu::Select (this=0x2aaac1150a90) at /usr/src/debug/OOC680_m7/solver/680/unxlngx6.pro/inc/tools/link.hxx:154 #27 0x00002aaaad483625 in Menu::ImplCallSelect (this=0x60dc) at /usr/src/debug/OOC680_m7/vcl/source/window/menu.cxx:2683 #28 0x00002aaaad4e4e01 in ImplWindowFrameProc (pInst=0x2aaabe77dda0, pFrame=0x2aaabe727390, nEvent=<value optimized out>, pEvent=0x2aaac13c8558) at /usr/src/debug/OOC680_m7/solver/680/unxlngx6.pro/inc/tools/link.hxx:154 #29 0x00002aaab9a22e87 in SalDisplay::DispatchInternalEvent (this=0x2aaaaab00808) at ../../../inc/salframe.hxx:302 #30 0x00002aaab976e446 in GtkXLib::userEventFn (data=<value optimized out>) at /usr/src/debug/OOC680_m7/vcl/unx/gtk/app/gtkdata.cxx:647 #31 0x00000034f422cf34 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #32 0x00000034f422fd6d in g_main_context_check () from /lib64/libglib-2.0.so.0 #33 0x00000034f423029e in g_main_context_iteration () from /lib64/libglib-2.0.so.0 #34 0x00002aaab976e98f in GtkXLib::Yield (this=0x2aaab6261308, bWait=1 '\001') at /usr/src/debug/OOC680_m7/vcl/unx/gtk/app/gtkdata.cxx:697 #35 0x00002aaaad327e7d in Application::Yield () at /usr/src/debug/OOC680_m7/vcl/source/app/svapp.cxx:545 #36 0x00002aaaad327f18 in Application::Execute () at /usr/src/debug/OOC680_m7/vcl/source/app/svapp.cxx:507 #37 0x00002aaaaacf0ac5 in desktop::Desktop::Main (this=0x7fffcb5e4c60) at /usr/src/debug/OOC680_m7/desktop/source/app/app.cxx:1720 #38 0x00002aaaad32cde2 in ImplSVMain () at /usr/src/debug/OOC680_m7/vcl/source/app/svmain.cxx:242 #39 0x00002aaaad32cec5 in SVMain () at /usr/src/debug/OOC680_m7/vcl/source/app/svmain.cxx:273 #40 0x00002aaaaace4036 in sal_main (argc=<value optimized out>, argv=<value optimized out>) at /usr/src/debug/OOC680_m7/desktop/source/app/main.cxx:77 #41 0x00002aaaacf3faa4 in __libc_start_main (main=0x4005d0, argc=3, ubp_av=0x7fffcb5e4dc8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffcb5e4db8) at libc-start.c:231 #42 0x0000000000400619 in _start () (gdb)
Created attachment 134442 [details] test case
oh, *yuck*, sizeof(long) != 4, fix checked in
*** Bug 203433 has been marked as a duplicate of this bug. ***