911311 – Segfault when opening a specific .docx file

Bug 911311 - Segfault when opening a specific .docx file

Summary: Segfault when opening a specific .docx file

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libreoffice
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	David Tardon
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-14 17:21 UTC by Richard Schwarting
Modified:	2013-02-15 13:41 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-02-15 13:41:07 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
DOCX causing libreoffice to segfault (90.84 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document) 2013-02-14 17:21 UTC, Richard Schwarting	no flags	Details
Screenshot of Google Docs' rendering of the DOCX (198.30 KB, image/jpeg) 2013-02-14 17:25 UTC, Richard Schwarting	no flags	Details
View All

Description Richard Schwarting 2013-02-14 17:21:16 UTC

Created attachment 697288 [details]
DOCX causing libreoffice to segfault

Description of problem:
Try to open a specific file, the Libreoffice splash briefly appears, and then it crashes.  A backtrace from gdb is below.  I'll also attach the document in question.


Version-Release number of selected component (if applicable):
libreoffice 3.6

How reproducible:
always

Steps to Reproduce:
1. open file 
2.
3.
  
Actual results:
crashes

Expected results:
even if it doesn't support everything in the document, it should not segfault

Additional info:
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd9257cff in SwXShape::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) () from /usr/lib64/libreoffice/program/../program/libswlo.so
(gdb) bt
#0  0x00007fffd9257cff in SwXShape::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) () from /usr/lib64/libreoffice/program/../program/libswlo.so
#1  0x00007fffd924f03b in SwXShape::attach(com::sun::star::uno::Reference<com::sun::star::text::XTextRange> const&) () from /usr/lib64/libreoffice/program/../program/libswlo.so
#2  0x00007fffd931e7c0 in SwXText::insertTextContent(com::sun::star::uno::Reference<com::sun::star::text::XTextRange> const&, com::sun::star::uno::Reference<com::sun::star::text::XTextContent> const&, unsigned char) () from /usr/lib64/libreoffice/program/../program/libswlo.so
#3  0x00007fffd931c70b in SwXText::appendTextContent(com::sun::star::uno::Reference<com::sun::star::text::XTextContent> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
    () from /usr/lib64/libreoffice/program/../program/libswlo.so
#4  0x00007fffd5edf1f4 in writerfilter::dmapper::DomainMapper_Impl::appendTextContent(com::sun::star::uno::Reference<com::sun::star::text::XTextContent>, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#5  0x00007fffd5eea7c6 in writerfilter::dmapper::DomainMapper_Impl::PopShapeContext() () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#6  0x00007fffe8022320 in sax_fastparser::FastSaxParser::callbackEndElement(char const*) () from /usr/lib64/libreoffice/program/../program/fastsax.uno.so
#7  0x0000003a168087b0 in doContent () from /lib64/libexpat.so.1
#8  0x0000003a1680972e in contentProcessor () from /lib64/libexpat.so.1
#9  0x0000003a1680b24e in doProlog () from /lib64/libexpat.so.1
#10 0x0000003a1680b9fb in prologProcessor () from /lib64/libexpat.so.1
#11 0x0000003a1680da3d in XML_ParseBuffer () from /lib64/libexpat.so.1
#12 0x00007fffe80212be in sax_fastparser::FastSaxParser::parse() () from /usr/lib64/libreoffice/program/../program/fastsax.uno.so
#13 0x00007fffe802417e in sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) () from /usr/lib64/libreoffice/program/../program/fastsax.uno.so
#14 0x00007fffd5f74e65 in writerfilter::ooxml::OOXMLDocumentImpl::resolve(writerfilter::Stream&) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#15 0x00007fffd5ec2a4d in writerfilter::dmapper::DomainMapper::lcl_substream(unsigned int, boost::shared_ptr<writerfilter::Reference<writerfilter::Stream> >) ()
   from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#16 0x00007fffd5fb19ce in writerfilter::LoggedStream::substream(unsigned int, boost::shared_ptr<writerfilter::Reference<writerfilter::Stream> >) ()
   from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#17 0x00007fffd5f74031 in writerfilter::ooxml::OOXMLDocumentImpl::resolveFastSubStreamWithId(writerfilter::Stream&, boost::shared_ptr<writerfilter::Reference<writerfilter::Stream> >, unsigned int) ()
   from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#18 0x00007fffd5f75919 in writerfilter::ooxml::OOXMLDocumentImpl::resolveHeader(writerfilter::Stream&, int, rtl::OUString const&) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#19 0x00007fffd5f731e3 in writerfilter::ooxml::OOXMLHeaderHandler::~OOXMLHeaderHandler() () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#20 0x00007fffd5f8077d in writerfilter::ooxml::OOXMLFastContextHandlerProperties::handleHdrFtr() () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#21 0x00007fffd5ffee2c in writerfilter::ooxml::OOXMLFactory_wml::endAction(writerfilter::ooxml::OOXMLFastContextHandler*) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#22 0x00007fffd5f76d63 in writerfilter::ooxml::OOXMLFactory::endAction(writerfilter::ooxml::OOXMLFastContextHandler*, int) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#23 0x00007fffd5f7ebf9 in writerfilter::ooxml::OOXMLFastContextHandler::lcl_endAction(int) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#24 0x00007fffd5f82c21 in writerfilter::ooxml::OOXMLFastContextHandlerProperties::lcl_endFastElement(int) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#25 0x00007fffe8022320 in sax_fastparser::FastSaxParser::callbackEndElement(char const*) () from /usr/lib64/libreoffice/program/../program/fastsax.uno.so
#26 0x0000003a16808624 in doContent () from /lib64/libexpat.so.1
#27 0x0000003a1680972e in contentProcessor () from /lib64/libexpat.so.1
#28 0x0000003a1680da3d in XML_ParseBuffer () from /lib64/libexpat.so.1
#29 0x00007fffe80212be in sax_fastparser::FastSaxParser::parse() () from /usr/lib64/libreoffice/program/../program/fastsax.uno.so
#30 0x00007fffe802417e in sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) () from /usr/lib64/libreoffice/program/../program/fastsax.uno.so
#31 0x00007fffd5f74e65 in writerfilter::ooxml::OOXMLDocumentImpl::resolve(writerfilter::Stream&) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#32 0x00007fffd5f6c8fd in WriterFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/../program/libwriterfilterlo.so
#33 0x000000346e2cb5fa in SfxObjectShell::ImportFrom(SfxMedium&, bool) () from /usr/lib64/libreoffice/program/libsfxlo.so
#34 0x000000346e2cf949 in SfxObjectShell::DoLoad(SfxMedium*) () from /usr/lib64/libreoffice/program/libsfxlo.so
#35 0x000000346e311b7d in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/libsfxlo.so
#36 0x000000346e34a980 in SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) ()
   from /usr/lib64/libreoffice/program/libsfxlo.so
#37 0x00007fffea2d2ab3 in framework::LoadEnv::impl_loadContent() () from /usr/lib64/libreoffice/program/../program/libfwklo.so
#38 0x00007fffea2d3f08 in framework::LoadEnv::startLoading() () from /usr/lib64/libreoffice/program/../program/libfwklo.so
#39 0x00007fffea24ec6e in framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) () from /usr/lib64/libreoffice/program/../program/libfwklo.so
#40 0x00007fffea24f158 in framework::LoadDispatcher::dispatchWithReturnValue(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
   from /usr/lib64/libreoffice/program/../program/libfwklo.so
#41 0x0000003a1e4fed24 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/libcomphelpgcc3.so
#42 0x000000346ec3baf0 in desktop::DispatchWatcher::executeDispatchRequests(std::vector<desktop::DispatchWatcher::DispatchRequest, std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&, bool) () from /usr/lib64/libreoffice/program/libsofficeapp.so
#43 0x000000346ec49851 in desktop::OfficeIPCThread::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&) () from /usr/lib64/libreoffice/program/libsofficeapp.so
#44 0x000000346ec1fa75 in desktop::Desktop::OpenClients() () from /usr/lib64/libreoffice/program/libsofficeapp.so
#45 0x000000346ec20cbc in desktop::Desktop::OpenClients_Impl(void*) () from /usr/lib64/libreoffice/program/libsofficeapp.so
#46 0x0000003469368a22 in ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void const*) () from /usr/lib64/libreoffice/program/libvcllo.so
#47 0x000000346937151c in SalGenericDisplay::DispatchInternalEvent() () from /usr/lib64/libreoffice/program/libvcllo.so
#48 0x00007ffff112e87f in GtkData::userEventFn(void*) () from /usr/lib64/libreoffice/program/libvclplug_gtklo.so
#49 0x00007ffff112e8f9 in call_userEventFn () from /usr/lib64/libreoffice/program/libvclplug_gtklo.so
#50 0x00007fffefb9ca55 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#51 0x00007fffefb9cd88 in g_main_context_iterate.isra.24 () from /lib64/libglib-2.0.so.0
#52 0x00007fffefb9ce44 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#53 0x00007ffff112e611 in GtkData::Yield(bool, bool) () from /usr/lib64/libreoffice/program/libvclplug_gtklo.so
#54 0x00000034690f76f4 in Application::Yield(bool) () from /usr/lib64/libreoffice/program/libvcllo.so
#55 0x00000034690f7797 in Application::Execute() () from /usr/lib64/libreoffice/program/libvcllo.so
#56 0x000000346ec1e450 in desktop::Desktop::Main() () from /usr/lib64/libreoffice/program/libsofficeapp.so
#57 0x00000034690ffba9 in ImplSVMain() () from /usr/lib64/libreoffice/program/libvcllo.so
#58 0x00000034690ffc35 in SVMain() () from /usr/lib64/libreoffice/program/libvcllo.so
#59 0x000000346ec4ac35 in soffice_main () from /usr/lib64/libreoffice/program/libsofficeapp.so
#60 0x00000000004006fb in main ()

Comment 1 Richard Schwarting 2013-02-14 17:25:07 UTC

Created attachment 697289 [details]
Screenshot of Google Docs' rendering of the DOCX

Here is a screenshot of the document as seen through Google Docs.  It doesn't render correct in Google Docs, mind you, but that's the idea of what it should look like when not crashing.

Comment 2 Caolan McNamara 2013-02-15 12:45:30 UTC

caolanm->dtardon: got a few cycles to have a look at this one

Comment 3 David Tardon 2013-02-15 13:41:07 UTC

Seems to be already fixed on 3.6 branch. The fix will appear in 3.6.6 (which is due at the beginning of April).

Note You need to log in before you can comment on or make changes to this bug.