Bug 384391 - Crash when opening a .doc file with graphic anchored in "too-complex" table
Summary: Crash when opening a .doc file with graphic anchored in "too-complex" table
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openoffice.org
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Caolan McNamara
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: F9Blocker
TreeView+ depends on / blocked
 
Reported: 2007-11-15 11:43 UTC by Nicolas Mailhot
Modified: 2007-12-06 20:51 UTC (History)
1 user (show)

Fixed In Version: 2.3.0-6.7.fc8
Clone Of:
Environment:
Last Closed: 2007-12-06 20:51:01 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
mapped stack (9.26 KB, text/plain)
2007-11-16 08:31 UTC, Caolan McNamara 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
OpenOffice.org 83930 0 None None None Never

Description Nicolas Mailhot 2007-11-15 11:43:37 UTC 
openoffice.org-writer-1:2.3.1-9.1.fc9.x86_64

(I)    x.org loaded video driver of...
(II) Loading /usr/lib64/xorg/modules/drivers//nv_drv.so
(--) Depth 24 pixmap format is 32 bpp
(III)  Desktop is: GNOME
(IV)   libgcj version is: libgcj-4.1.2-33-x86_64
(V)    kernel is: Linux 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 22:14:09 EST 2007
x86_64 x86_64 x86_64
(VI)   OpenOffice.org core rpm version is: openoffice.org-core-2.3.1-9.1.fc9-x86_64
(VII)  accessibility is: true
(VIII) fedora release is: Fedora release 8.90 (Rawhide)
...start free space details ...
Sys. de fich.        1K-blocs       Occupé Disponible Capacité Monté sur
/dev/mapper/VolGroup00-home
                      58151084  31519620  23629916  58% /home
/dev/mapper/VolGroup00-system
                      20314748  12587884   6888004  65% /
...end free space details ...
...start sestatus details ...
SELinux status:                 disabled
...end sestatus details ...
...start stackreport details ...
0x00002aaaaee5ea64: 0x00000000001ebbe8:
/usr/lib64/openoffice.org/program/libuno_sal.so.3 + 0x36a64
0x00002aaaaee5f85a: 0x00000000001ebbe8:
/usr/lib64/openoffice.org/program/libuno_sal.so.3 + 0x3785a
0x000000392cc30f30: 0x0000000000150b60: /lib64/libc.so.6 + 0x30f30
0x00002aaaad15c1c6: 0x0000000000118810:
/usr/lib64/openoffice.org/program/libsvl680lx.so + 0xc41c6
(SfxItemSet::Get(unsigned short, unsigned char) const + 0x16)
0x00002aaaab452db9: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x746db9
0x00002aaaab4882a2: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x77c2a2
0x00002aaaab4ab6f4: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79f6f4
0x00002aaaab4abde7: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79fde7
0x00002aaaab4956ac: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x7896ac
0x00002aaaab4959ed: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x7899ed
0x00002aaaab495c9e: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x789c9e
0x00002aaaab495eb2: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x789eb2
0x00002aaaab49c47f: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79047f
0x00002aaaab49cc0b: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x790c0b
0x00002aaaab49d0d1: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x7910d1
0x00002aaaab49d38b: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79138b
0x00002aaaab49d627: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x791627
0x00002aaaab49d89b: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79189b
0x00002aaaab49ddf4: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x791df4
0x00002aaaab49f02c: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79302c
0x00002aaaab49fd3e: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x793d3e
0x00002aaaab4a0635: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x794635
0x00002aaaab4a074f: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x79474f
0x00002aaaab3a7174: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x69b174
0x00002aaaab53e6fe: 0x0000000000b8d728:
/usr/lib64/openoffice.org/program/libsw680lx.so + 0x8326fe
0x00002aaab076f171: 0x00000000003f8d08:
/usr/lib64/openoffice.org/program/libsfx680lx.so + 0x1c6171
(SfxObjectShell::DoLoad(SfxMedium*) + 0x6e1)
0x00002aaab07cb09c: 0x00000000003f8d08:
/usr/lib64/openoffice.org/program/libsfx680lx.so + 0x22209c
(SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) + 0x16c)
0x00002aaab07f98be: 0x00000000003f8d08:
/usr/lib64/openoffice.org/program/libsfx680lx.so + 0x2508be
0x00002aaab12d737f: 0x00000000002f4318:
/usr/lib64/openoffice.org/program/libfwk680lx.so + 0x1a637f
0x00002aaab12d8d80: 0x00000000002f4318:
/usr/lib64/openoffice.org/program/libfwk680lx.so + 0x1a7d80
0x00002aaab12d8fc8: 0x00000000002f4318:
/usr/lib64/openoffice.org/program/libfwk680lx.so + 0x1a7fc8
0x00002aaab119e03f: 0x00000000002f4318:
/usr/lib64/openoffice.org/program/libfwk680lx.so + 0x6d03f
0x00002aaaaaaefe96: 0x000000000005ccb8:
/usr/lib64/openoffice.org/program/libsoffice.so + 0x42e96
(desktop::DispatchWatcher::executeDispatchRequests(std::vector<desktop::DispatchWatcher::DispatchRequest,
std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&) + 0x1616)
0x00002aaaaaae3ab3: 0x000000000005ccb8:
/usr/lib64/openoffice.org/program/libsoffice.so + 0x36ab3
(desktop::OfficeIPCThread::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&)
+ 0x143)
0x00002aaaaaade853: 0x000000000005ccb8:
/usr/lib64/openoffice.org/program/libsoffice.so + 0x31853
(desktop::Desktop::OpenClients() + 0x11d3)
0x00002aaaaaadfe8a: 0x000000000005ccb8:
/usr/lib64/openoffice.org/program/libsoffice.so + 0x32e8a
(desktop::Desktop::OpenClients_Impl(void*) + 0x3a)
0x00002aaaacd845f1: 0x00000000003aefe8:
/usr/lib64/openoffice.org/program/libvcl680lx.so + 0x2a75f1
0x00002aaab8138c8f: 0x00000000000818b0:
/usr/lib64/openoffice.org/program/libvclplug_gen680lx.so + 0x57c8f
(SalDisplay::DispatchInternalEvent() + 0xbf)
0x00002aaab7e93029: 0x000000000004fea8:
/usr/lib64/openoffice.org/program/libvclplug_gtk680lx.so + 0x18029
0x000000382e02edf3: 0x00000000000c69b8: /lib64/libglib-2.0.so.0 + 0x2edf3
(g_main_context_dispatch + 0x1c3)
0x000000382e0320ed: 0x00000000000c69b8: /lib64/libglib-2.0.so.0 + 0x320ed
0x000000382e03261e: 0x00000000000c69b8: /lib64/libglib-2.0.so.0 + 0x3261e
(g_main_context_iteration + 0x6e)
0x00002aaab7e94ab9: 0x000000000004fea8:
/usr/lib64/openoffice.org/program/libvclplug_gtk680lx.so + 0x19ab9
0x00002aaaacbacfce: 0x00000000003aefe8:
/usr/lib64/openoffice.org/program/libvcl680lx.so + 0xcffce
(Application::Yield(bool) + 0x3e)
0x00002aaaacbad0a7: 0x00000000003aefe8:
/usr/lib64/openoffice.org/program/libvcl680lx.so + 0xd00a7
(Application::Execute() + 0x27)
0x00002aaaaaadacde: 0x000000000005ccb8:
/usr/lib64/openoffice.org/program/libsoffice.so + 0x2dcde
(desktop::Desktop::Main() + 0x13ae)
0x00002aaaacbb2864: 0x00000000003aefe8:
/usr/lib64/openoffice.org/program/libvcl680lx.so + 0xd5864
0x00002aaaacbb2955: 0x00000000003aefe8:
/usr/lib64/openoffice.org/program/libvcl680lx.so + 0xd5955 (SVMain() + 0x25)
0x00002aaaaaacd2de: 0x000000000005ccb8:
/usr/lib64/openoffice.org/program/libsoffice.so + 0x202de (main + 0xae)
0x000000392cc1e074: 0x0000000000150b60: /lib64/libc.so.6 + 0x1e074
(__libc_start_main + 0xf4)
0x0000000000400639: 0x0000000000000890:
/usr/lib64/openoffice.org/program/swriter.bin + 0x639 (main + 0x49)
...end stackreport details ...
...start sample ldd details ...
	linux-vdso.so.1 =>  (0x00007fff473fe000)
	libgtk-x11-2.0.so.0 => /usr/lib64/libgtk-x11-2.0.so.0 (0x00002aaaaad13000)
	libgdk-x11-2.0.so.0 => /usr/lib64/libgdk-x11-2.0.so.0 (0x00002aaaab303000)
	libatk-1.0.so.0 => /usr/lib64/libatk-1.0.so.0 (0x00002aaaab5a3000)
	libgdk_pixbuf-2.0.so.0 => /usr/lib64/libgdk_pixbuf-2.0.so.0 (0x00002aaaab7c2000)
	libpangocairo-1.0.so.0 => /usr/lib64/libpangocairo-1.0.so.0 (0x00002aaaab9df000)
	libpango-1.0.so.0 => /usr/lib64/libpango-1.0.so.0 (0x00002aaaabbe9000)
	libcairo.so.2 => /usr/lib64/libcairo.so.2 (0x00002aaaabe2c000)
	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00002aaaac090000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaac293000)
	libgthread-2.0.so.0 => /lib64/libgthread-2.0.so.0 (0x00002aaaac497000)
	librt.so.1 => /lib64/librt.so.1 (0x00002aaaac69c000)
	libdbus-glib-1.so.2 => /usr/lib64/libdbus-glib-1.so.2 (0x00002aaaac8a5000)
	libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00002aaaacac4000)
	libgobject-2.0.so.0 => /lib64/libgobject-2.0.so.0 (0x00002aaaacd00000)
	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00002aaaacf41000)
	libvclplug_gen680lx.so =>
/usr/lib64/openoffice.org/program/libvclplug_gen680lx.so (0x00002aaaad209000)
	libvcl680lx.so => /usr/lib64/openoffice.org/program/libvcl680lx.so
(0x00002aaaad494000)
	libpsp680lx.so => /usr/lib64/openoffice.org/program/libpsp680lx.so
(0x00002aaaada4e000)
	libsot680lx.so => /usr/lib64/openoffice.org/program/libsot680lx.so
(0x00002aaaadd3f000)
	libutl680lx.so => /usr/lib64/openoffice.org/program/libutl680lx.so
(0x00002aaaadfa5000)
	libtl680lx.so => /usr/lib64/openoffice.org/program/libtl680lx.so
(0x00002aaaae244000)
	libcomphelp4gcc3.so => /usr/lib64/openoffice.org/program/libcomphelp4gcc3.so
(0x00002aaaae4ef000)
	libucbhelper4gcc3.so => /usr/lib64/openoffice.org/program/libucbhelper4gcc3.so
(0x00002aaaae82a000)
	libuno_cppuhelpergcc3.so.3 =>
/usr/lib64/openoffice.org/program/libuno_cppuhelpergcc3.so.3 (0x00002aaaaeaa8000)
	libuno_cppu.so.3 => /usr/lib64/openoffice.org/program/libuno_cppu.so.3
(0x00002aaaaed69000)
	libvos3gcc3.so => /usr/lib64/openoffice.org/program/libvos3gcc3.so
(0x00002aaaaef99000)
	libuno_sal.so.3 => /usr/lib64/openoffice.org/program/libuno_sal.so.3
(0x00002aaaaf1c0000)
	libX11.so.6 => /usr/lib64/libX11.so.6 (0x00002aaaaf5b7000)
	libXext.so.6 => /usr/lib64/libXext.so.6 (0x00002aaaaf8bc000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aaaafacd000)
	libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00002aaaafce8000)
	libm.so.6 => /lib64/libm.so.6 (0x00002aaaaffe9000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00002aaab026c000)
	libc.so.6 => /lib64/libc.so.6 (0x00002aaab047a000)
	libXfixes.so.3 => /usr/lib64/libXfixes.so.3 (0x00002aaab07d2000)
	libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x00002aaab09d7000)
	libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00002aaab0bfb000)
	libXrender.so.1 => /usr/lib64/libXrender.so.1 (0x00002aaab0e2b000)
	libXinerama.so.1 => /usr/lib64/libXinerama.so.1 (0x00002aaab1034000)
	libXi.so.6 => /usr/lib64/libXi.so.6 (0x00002aaab1236000)
	libXrandr.so.2 => /usr/lib64/libXrandr.so.2 (0x00002aaab1440000)
	libXcursor.so.1 => /usr/lib64/libXcursor.so.1 (0x00002aaab1647000)
	libpangoft2-1.0.so.0 => /usr/lib64/libpangoft2-1.0.so.0 (0x00002aaab1851000)
	libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00002aaab1a7d000)
	libz.so.1 => /lib64/libz.so.1 (0x00002aaab1d0c000)
	libpixman-1.so.0 => /usr/lib64/libpixman-1.so.0 (0x00002aaab1f21000)
	/lib64/ld-linux-x86-64.so.2 (0x000000392c800000)
	libnsl.so.1 => /lib64/libnsl.so.1 (0x00002aaab2152000)
	libcap.so.1 => /lib64/libcap.so.1 (0x00002aaab236b000)
	libSM.so.6 => /usr/lib64/libSM.so.6 (0x00002aaab256e000)
	libICE.so.6 => /usr/lib64/libICE.so.6 (0x00002aaab2778000)
	libi18nisolang1gcc3.so =>
/usr/lib64/openoffice.org/program/libi18nisolang1gcc3.so (0x00002aaab2994000)
	libbasegfx680lx.so => /usr/lib64/openoffice.org/program/libbasegfx680lx.so
(0x00002aaab2b99000)
	libicuuc.so.38 => /usr/lib64/libicuuc.so.38 (0x00002aaab2e06000)
	libicule.so.38 => /usr/lib64/libicule.so.38 (0x00002aaab313e000)
	libjvmaccessgcc3.so.3 =>
/usr/lib64/openoffice.org/program/libjvmaccessgcc3.so.3 (0x00002aaab3373000)
	libjvmfwk.so.3 => /usr/lib64/openoffice.org/program/libjvmfwk.so.3
(0x00002aaab357c000)
	libuno_salhelpergcc3.so.3 =>
/usr/lib64/openoffice.org/program/libuno_salhelpergcc3.so.3 (0x00002aaab3798000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaab399d000)
	libxcb-xlib.so.0 => /usr/lib64/libxcb-xlib.so.0 (0x00002aaab3bd5000)
	libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00002aaab3dd7000)
	libXau.so.6 => /usr/lib64/libXau.so.6 (0x00002aaab3ff2000)
	libexpat.so.1 => /lib64/libexpat.so.1 (0x00002aaab41f5000)
	libicudata.so.38 => /usr/lib64/libicudata.so.38 (0x00002aaab4418000)
	libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00002aaab50c2000)
	libXdmcp.so.6 => /usr/lib64/libXdmcp.so.6 (0x00002aaab5401000)
...end sample ldd details ...
Comment 1 Caolan McNamara 2007-11-15 14:45:00 UTC 
On x86_64 2.3.1-9.1.fc9 works fine for me opening some random .docs, so can you
attach one that is a definite crasher.
Comment 2 Nicolas Mailhot 2007-11-15 15:10:55 UTC 
unfortunately the crasher is a complex internal document I'm not allowed to share :(
Comment 3 Caolan McNamara 2007-11-15 16:11:38 UTC 
crap, well do you know if it is specific to this 2.3.1 rpm, or was it also
busted in 2.3.0 ?
Comment 4 Caolan McNamara 2007-11-16 08:31:54 UTC 
Created attachment 260911 [details]
mapped stack

Here's the mapped stack, but we need a document to see why we got to here :-(.

Feel free to email me the document privately if that's acceptable
Comment 5 Caolan McNamara 2007-11-16 15:54:27 UTC 
I can tell that it's probably a table in a footer/header that causes this, FWIW.
Comment 6 Caolan McNamara 2007-11-24 18:00:01 UTC 
gotcha, graphic anchored in table that is "too-complex" so node it is anchored
to gets deleted => catastrophe.

Fix upstreamed as http://www.openoffice.org/issues/show_bug.cgi?id=83930 and
checked in for >= 2.3.1-9.4 

Though "F9Blocker" is a bit unnecessary IMO.
Comment 7 Nicolas Mailhot 2007-11-25 14:04:30 UTC 
Thanks!

I consider any crash in a visible app like OpenOffice.org a blocker, if it's
reported early enough in a cycle (as is the case here)
Comment 8 Fedora Update System 2007-12-06 20:50:58 UTC 
openoffice.org-2.3.0-6.7.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.