| Summary: | FILEOPEN: DOCX from TextMaker freezes Writer due to a style with a blank name | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | Mike <bugzilla> |
| Component: | Writer | Assignee: | Justin L <jluth> |
| Status: | VERIFIED FIXED | ||
| Severity: | major | CC: | bugzilla, cno, jluth, telesto, xiscofauli |
| Priority: | high | Keywords: | bibisected, bisected, regression |
| Version: | 6.1.0.2 rc | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: | https://bugs.documentfoundation.org/show_bug.cgi?id=106174 | ||
| Whiteboard: | target:6.2.0 target:6.1.1 | ||
| Crash report or crash signature: | Regression By: | ||
| Attachments: | DOCX - freezes 6.1RC2 | ||
|
Description
Mike
2018-08-07 07:43:28 UTC
Created attachment 144006 [details]
DOCX - freezes 6.1RC2
I reproduce open with 6.0 and freeze with 6.2+ in Windows so I confirm. But I don't get crash report and the one you wrote starts already in 5.4.0.3: http://crashreport.libreoffice.org/stats/signature/SfxApplication::GetAppDispatcher_Impl%28%29 Are you sure that's the report you get with this document? I just get dump with procdump: FOLLOWUP_IP: writerfilterlo!writerfilter::dmapper::splitFieldCommand+47f21 5090a0a1 8b00 mov eax,dword ptr [eax] Well, at my test I had to kill the task, when LO froze. But one time it got that crash report, so I thought that it had to be connected I did now test it with Version: 5.4.2.2 Build ID: 22b09f6418e8c2d508a9eaf86b2399209b0990f4 CPU threads: 4; OS: Windows 6.2; UI render: GL; Locale: de-DE (de_DE); Calc: group and it did not freeze. I'm not a coder – maybe it's just a coincidence? I mean 'tests' - not 'test', as I wrote. [LO always froze and I had to kill the task.] Regression introduced by: https://cgit.freedesktop.org/libreoffice/core/commit/?id=bc67bda7363df48f1983513a8e969b61738139f5 author Justin Luth <justin_luth@sil.org> 2018-07-09 18:30:52 +0300 committer Miklos Vajna <vmiklos@collabora.co.uk> 2018-07-13 10:21:36 +0200 commit bc67bda7363df48f1983513a8e969b61738139f5 (patch) tree b04cafdd4a6a1b3abd08e84ad0e4aa016d923b8d parent 23793a08b75757c1fe764e3e03e09fe08b72413d (diff) related tdf#106174 writerfilter: replace broken FindParentStyleSheet Bisected with: bibisect-linux64-6.2 Adding Cc: to Justin Luth Hmm, a style with a blank name. <w:style w:type="character" w:styleId="" w:customStyle="1"> <w:name w:val="Нижний колонтитул Знак"/> <w:basedOn w:val="Absatz-Standardschriftart"/> </w:style> And of course every "parent" style defaults to a blank string, so that actually matches a real, live style in this case. Surprisingly, this is not illegal... "If this attribute is not specified, then a style ID can be assigned in any manner desired." But leaving it as a blank seems like a really bad idea, and has exposed an existing vulnerabilty in GetPropertyFromStyleSheet(). Justin Luth committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=b9a739e0d3909e0fa4b76d5c0087d92a505e95fa tdf#119136 GetPropertyFromStyleSheet infinite loop It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Looks fixed. Justin Luth committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=a0bf275c37e9ac40597cc09fde8dc1fe3a04c858&h=libreoffice-6-1 tdf#119136 GetPropertyFromStyleSheet infinite loop It will be available in 6.1.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |