Bug 63168

Summary: FILEOPEN: crash when reading a certain docx
Product: LibreOffice Reporter: sander
Component: WriterAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED WORKSFORME    
Severity: major CC: cedric.bosdonnat.ooo, michael.stahl, sander, serval2412
Priority: high    
Version: 4.0.2.1 rc   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
Crash report or crash signature: Regression By:
Attachments: File that causes the crash
The gdb backtrace
console + bt with symbols on master sources

Description sander 2013-04-05 13:42:24 UTC 
Created attachment 77485 [details]
File that causes the crash

LibreOffice crashes when opening a certain docx file.

I start LO from the command line with the file as the argument. The splash screen appears briefly, and then the program terminates.

I'll attach the file and a gdb backtrace.

This is with version 4.0.2~rc2-2 from today's Debian experimental.
Comment 1 sander 2013-04-05 13:42:55 UTC 
Created attachment 77486 [details]
The gdb backtrace
Comment 2 Julien Nabet 2013-04-05 21:52:41 UTC 
Comment on attachment 77485 [details]
File that causes the crash

Mimetype fixed
Comment 3 Julien Nabet 2013-04-05 21:59:18 UTC 
Created attachment 77500 [details]
console + bt with symbols on master sources

On pc Debian (testing updated today) x86-64 with master sources updated today, I reproduced the crash.

I attached the bt (the same as reporter's + few details) + console logs
Comment 4 Julien Nabet 2013-04-05 22:00:22 UTC 
Cédric/Michael: one for you?
Comment 5 Julien Nabet 2013-04-05 22:06:27 UTC 
After having searched in git history of sw/source/core/unocore/unotext.cxx, I found this commit: d0cde9640b52ccfbb28ed1f65bba0927afd7b69b
(2013/02/20), Cédric definitely for you? :-P
Comment 6 Julien Nabet 2013-04-05 22:13:23 UTC 
Adding some traces, "pEndStartTableNode" is NULL after line 1628

diff --git a/sw/source/core/unocore/unotext.cxx b/sw/source/core/unocore/unotext.cxx
index 8d3b8c9..c3ffd05 100644
--- a/sw/source/core/unocore/unotext.cxx
+++ b/sw/source/core/unocore/unotext.cxx
@@ -1626,7 +1626,7 @@ throw (lang::IllegalArgumentException, uno::RuntimeException)
             SwTableNode * pStartTableNode(pStartStartNode->FindTableNode());
             // Is it the same table start node than the end?
             SwTableNode *const pEndStartTableNode(pEndStartNode->FindTableNode());
-            while (pEndStartTableNode->GetIndex() < pStartTableNode->GetIndex())
+            while (pEndStartTableNode && (pEndStartTableNode->GetIndex() < pStartTableNode->GetIndex()))
             {
                 SwStartNode* pStartStartTableNode = pStartTableNode->StartOfSectionNode();
                 pStartTableNode = pStartStartTableNode->FindTableNode();

prevents from the crash but perhaps it should need more things.
Anyway, if you think I can push this patch on master, just tell me.
Comment 7 Owen Genat (retired) 2013-11-09 10:47:10 UTC 
LO v4.1.3.2 Build ID: 70feb7d99726f064edab4605a8ab840c50ec57a under GNU/Linux Crunchbang 11 opens the attachment in the description without crashing.
Comment 8 Julien Nabet 2013-11-09 14:17:55 UTC 
Thank you Owen for your feedback.
On pc Debian x86-64 with 4.1 sources updated 1 week ago, I don't reproduce this anymore.
I put it as WFM.
ssander: if you still reproduce this with 4.1.3 version, don't hesitate to reopen this tracker.
Comment 9 sander 2013-11-09 20:25:05 UTC 
I confirm that it works now.  Thank you very much!