Created attachment 127372 [details] DOCX that crashes after save & reopen 1. Open the attached DOCX 2. Save it 3. Reload Crashes. Does not crash in 4.4. Tested crashing both on Windows and Linux.
Created attachment 127373 [details] Backtrace of crash with LibO 5.3 Arch Linux 64-bit, KDE Plasma 5 Version: 5.3.0.0.alpha0+ Build ID: cfde3fd966ae9ef35fe685759e7e19bf0b8466ab CPU Threads: 8; OS Version: Linux 4.7; UI Render: default; Locale: fi-FI (fi_FI.UTF-8); Calc: group Built on September 16th 2016
On pc Debian x86-64 with master sources updated today, I could reproduce this.
It crashes already with 5.0.2.2. No crash with 4.4.5.2. Tested on Win 7.
Not reproduced with v5.0.0.5, 5.1.0.3, 5.2.0.4 and 5.2.1.2 / Windows 7.
In bt, we can see this: #1 0x00007f5077b909a9 in __dynamic_cast () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #2 0x00007f507328767d in SfxItemSet::Get (this=0x9db1928, nWhich=94, bSrchInParent=true) at /home/julien/lo/libreoffice/svl/source/items/itemset.cxx:804 #3 0x00007f504d07d7d0 in SwAttrSet::GetContent (this=0x9db1928, bInP=true) at /home/julien/lo/libreoffice/sw/inc/fmtcntnt.hxx:52 #4 0x00007f504d07d7f9 in SwFormat::GetContent (this=0x9db18f0, bInP=true) at /home/julien/lo/libreoffice/sw/inc/fmtcntnt.hxx:55 #5 0x00007f504d496522 in SwNode::GetFlyFormat (this=0xa0f1980) at /home/julien/lo/libreoffice/sw/source/core/docnode/node.cxx:723 #6 0x00007f504d49547d in SwNode::IsProtect (this=0xa0f1980) at /home/julien/lo/libreoffice/sw/source/core/docnode/node.cxx:433 #7 0x00007f504d4954f5 in SwNode::IsProtect (this=0xa0f1980) at /home/julien/lo/libreoffice/sw/source/core/docnode/node.cxx:439 ... #366 0x00007f504d4954f5 in SwNode::IsProtect (this=0xa0f1980) at /home/julien/lo/libreoffice/sw/source/core/docnode/node.cxx:439 #367 0x00007f504d4954f5 in SwNode::IsProtect (this=0xa0f1980) at /home/julien/lo/libreoffice/sw/source/core/docnode/node.cxx:439 ... so it seems we entered in a infinite recursive loop.
I'll give a try with https://gerrit.libreoffice.org/#/c/28972/
Miklos: After having retested this one, I noticed the docx resaved was different from the original. Just in main xml content, I got this (with master sources updated today), eg: < <Default Extension="emf" ContentType="image/x-emf" /> < <Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml" /> < <Default Extension="xml" ContentType="application/xml" /> < <Default Extension="xlsx" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" /> --- > <Override PartName="/_rels/.rels" ContentType="application/vnd.openxmlformats-package.relationships+xml" /> > <Override PartName="/word/_rels/document.xml.rels" ContentType="application/vnd.openxmlformats-package.relationships+xml" /> > <Override PartName="/word/embeddings/Microsoft_Excel_Worksheet1.xlsx" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" /> > <Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml" /> > <Override PartName="/word/charts/_rels/chart1.xml.rels" ContentType="application/vnd.openxmlformats-package.relationships+xml" /> > <Override PartName="/word/charts/chart1.xml" ContentType="application/vnd.openxmlformats-officedocument.drawingml.chart+xml" /> > <Override PartName="/word/footer1.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml" /> Any thoughts?
Julien Nabet committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=cd72269a6a2c85ae9dd4552aa4808ef4fd1f6c0e tdf#102233: avoid infinite loop recursion in IsProtect node method It will be available in 5.3.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
doesn't crash after that, so lets close it as fixed in master. I haven't queued backports however
gerrit review for 5.2 branch: https://gerrit.libreoffice.org/#/c/29152/
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-5-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=137e42521944c0f3d7ff73891917a476f2868996&h=libreoffice-5-2 tdf#102233: avoid infinite loop recursion in IsProtect node method It will be available in 5.2.3. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Verified the fix in 5.3. Thanks a lot, guys! Arch Linux 64-bit, KDE Plasma 5 Version: 5.3.0.0.alpha0+ Build ID: 7cf444454c0c27e2f6d764164ea880b87163f45a CPU Threads: 8; OS Version: Linux 4.7; UI Render: default; Locale: fi-FI (fi_FI.UTF-8); Calc: group Built on September 27th 2016