Bug 107786 - FILEOPEN: Crash: WW8 import: NULL pointer dereference
Summary: FILEOPEN: Crash: WW8 import: NULL pointer dereference
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
3.5 all versions
Hardware: All All
: highest critical
Assignee: Caolán McNamara
QA Contact:
URL:
Whiteboard: target:5.4.0 target:5.3.4
Keywords: bibisected, haveBacktrace, regression
Depends on:
Blocks:
 
Reported: 2017-05-11 23:39 UTC by Roman Lozko
Modified: 2017-07-10 15:34 UTC (History)
2 users (show)

See Also:
Crash report or crash signature: ["wwSectionManager::SetSegmentToPageDesc(wwSection%20const%20&,bool)"]


Attachments
Stack trace (2.28 KB, text/plain)
2017-05-11 23:41 UTC, Roman Lozko
Details
Testcase (45.00 KB, application/msword)
2017-05-11 23:42 UTC, Roman Lozko
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Roman Lozko 2017-05-11 23:39:20 UTC
Description:
On opening the attached document LibreOffice crashes.



Steps to Reproduce:
1. Open the document any way you want

Actual Results:  
Crash

Expected Results:
No crash


Reproducible: Always

User Profile Reset: No

Additional Info:
Tested on Ubuntu 16.04.2 with latest updates, crashes built-in version 5.1.6.2 as well as latest 5.4.0.0.alpha+


User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.55 Safari/537.36 Vivaldi/1.9.811.13
Comment 1 Roman Lozko 2017-05-11 23:41:04 UTC
Created attachment 133248 [details]
Stack trace
Comment 2 Roman Lozko 2017-05-11 23:42:02 UTC
Created attachment 133249 [details]
Testcase
Comment 3 Xisco Faulí 2017-05-12 00:12:08 UTC
Confirmed in

- Version: 5.4.0.0.alpha1+
Build ID: f12096272e684ddcd8ffa4e34dcb0a680cc594c2
CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk2; 
Locale: fo-FO (ca_ES.UTF-8); Calc: group

- Versión: 5.3.2.2
Id. de compilación: 6cd4f1ef626f15116896b1d8e1398b56da0d0ee1
Subproc. CPU: 1; SO: Windows 6.1; Repr. de IU: predet.; Motor de trazado: HarfBuzz; 
Configuración regional: ro-RO (es_ES); Calc: group

- Version: 4.3.0.0.alpha1+
Build ID: c15927f20d4727c3b8de68497b6949e72f9e6e9e

- Version 4.1.0.0.alpha0+ (Build ID: efca6f15609322f62a35619619a6d5fe5c9bd5a)

but not in

- LibreOffice 3.5.0 
Build ID: d6cde02
Comment 5 Xisco Faulí 2017-05-12 10:31:07 UTC
@Caolán, one for you ?
Comment 6 Commit Notification 2017-05-12 13:05:47 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=858d1e065530997a695dc303b9224fd136137c8d

Resolves: tdf#107786 crash on null pointer access

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 7 Caolán McNamara 2017-05-12 13:06:19 UTC
backport to 5-3 in gerrit
Comment 8 Commit Notification 2017-05-16 10:03:49 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=b462870a3a5053b1efd507960c2d0d2a13a838c7&h=libreoffice-5-3

Resolves: tdf#107786 crash on null pointer access

It will be available in 5.3.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.