Description of problem: Abiword crashes due to NULL pointer dereference when opening a RTF file (generated by java fo2rtf tool). I believe that the file is correct, as it is interpreted correctly by OpenOffice.org. The minimal testcase is attached. Version-Release number of selected component (if applicable): abiword-2.4.6-1.fc6 Additional info: (gdb) run crasher.rtf [Thread debugging using libthread_db enabled] [New Thread -1208641824 (LWP 12937)] warning: the debug information found in "/usr/lib/debug//usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so.debug" does not match "/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so.debug" does not match "/usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so" (CRC mismatch). Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208641824 (LWP 12937)] FL_DocLayout::fillLayouts (this=0xa43a690) at fl_DocLayout.cpp:598 598 if(pCL->getContainerType() == FL_CONTAINER_BLOCK) (gdb) bt #0 FL_DocLayout::fillLayouts (this=0xa43a690) at fl_DocLayout.cpp:598 #1 0x08167a5d in AP_Frame::_replaceView (this=0xa1d7fd0, pG=0xa444910, pDocLayout=0xa43a690, pView=0xa446848, pScrollObj=0xa43e6a0, pViewListener=0xa43f438, pOldDoc=0x0, pScrollbarViewListener=0xa43f560, lid=1, lidScrollbarViewListener=2, iZoom=114) at ap_Frame.cpp:697 #2 0x08167325 in AP_Frame::_showDocument (this=0xa1d7fd0, iZoom=114) at ap_Frame.cpp:525 #3 0x0816779a in AP_Frame::loadDocument (this=0xa1d7fd0, szFilename=0xbfb299a3 "crasher.rtf", ieft=0, createNew=true) at ap_Frame.cpp:340 #4 0x0814807e in AP_App::openCmdLineFiles (this=0xa0c8550, args=0xbfb27dd4) at ap_App.cpp:60 #5 0x081429e3 in AP_UnixApp::main (szAppName=0x83efde7 "AbiWord", argc=2, argv=0xbfb27ec4) at ap_UnixApp.cpp:1529 #6 0x0813e9aa in main (argc=138648616, argv=0xa0c8550) at UnixMain.cpp:26 (gdb) l 593 { 594 fl_DocSectionLayout * pLastSec = getLastSection(); 595 fl_ContainerLayout * pCL = pLastSec->getLastLayout(); 596 fl_BlockLayout * pBL = NULL; 597 bool bRebreak = false; 598 if(pCL->getContainerType() == FL_CONTAINER_BLOCK) 599 { 600 pBL = static_cast<fl_BlockLayout *>(pCL); 601 } 602 else (gdb) print pCL $2 = <value optimized out> (gdb) print *pCL Cannot access memory at address 0x0 (gdb)
Created attachment 159141 [details] Minimal reproducer for an Abiword crash
Fixed upstream in revision 21892
Marc Maurer: Would it be hard to backport the patch? This bug causes AbiWord to die on all RTF files generated by fop2rtf which is about the only way to generate RTFs from docbook.
I commited the fix that also cleanly applies against F-7 to Rawhide. Marc please consider updating the stable releases.
Thanks for already doing that for me.