Bug 631543 - [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double
Summary: [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2D...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openoffice.org
Version: 13
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: David Tardon
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:386d06e5164070a103c6e053b4d...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-07 20:33 UTC by Richard Henderson
Modified: 2010-10-27 22:34 UTC (History)
3 users (show)

Fixed In Version: openoffice.org-3.2.0-12.33.fc13
Clone Of:
Environment:
Last Closed: 2010-10-27 22:34:32 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (74.98 KB, text/plain)
2010-09-07 20:33 UTC, Richard Henderson 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
OpenOffice.org 114409 0 None None None Never

Description Richard Henderson 2010-09-07 20:33:01 UTC 
abrt version: 1.1.13
architecture: x86_64
Attached file: backtrace
cmdline: /usr/lib64/openoffice.org3/program/swriter.bin -writer file:///local/home/rth/pecoff_v8.docx
component: openoffice.org
crash_function: raise
executable: /usr/lib64/openoffice.org3/program/swriter.bin
kernel: 2.6.34.6-47.fc13.x86_64
package: openoffice.org-writer-1:3.2.0-12.31.fc13
rating: 4
reason: Process /usr/lib64/openoffice.org3/program/swriter.bin was killed by signal 6 (SIGABRT)
release: Fedora release 13 (Goddard)
time: 1283890810
uid: 5000

How to reproduce
-----
Opened the following doc file.

http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/pecoff_v8.docx
Comment 1 Richard Henderson 2010-09-07 20:33:03 UTC 
Created an attachment (id=445780)
File: backtrace
Comment 2 David Tardon 2010-09-08 05:59:28 UTC 
Confirmed. It's okay in 3.3.0-5.3.fc15 .
Comment 3 David Tardon 2010-09-08 11:50:10 UTC 
It looks like several places in the code suppose that there is always at least one instance of SvtSysLocale hanging around somewhere, so it's safe to take a pointer to LocaleDataWrapper out of a temporary instance of SvtSysLocale. That's evidently not the case here ;)
Comment 4 David Tardon 2010-09-08 12:34:43 UTC 
fix will be in >=3.2.0-12.32.fc13
Comment 5 Fedora Update System 2010-10-12 19:17:22 UTC 
openoffice.org-3.2.0-12.32.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.32.fc13
Comment 6 Fedora Update System 2010-10-14 06:27:15 UTC 
openoffice.org-3.2.0-12.32.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openoffice.org'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.32.fc13
Comment 7 Fedora Update System 2010-10-16 05:44:06 UTC 
openoffice.org-3.2.0-12.33.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.33.fc13
Comment 8 the.hw.group 2010-10-26 00:34:58 UTC 
Package: openoffice.org-writer-1:3.2.0-12.31.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)


How to reproduce
-----
1.
2.
3.
I opened up a .docx file, then open office writer crashed.
Comment 9 Fedora Update System 2010-10-27 22:34:06 UTC 
openoffice.org-3.2.0-12.33.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.