113812 – assertion fail nMapNum >= 0 in ImplLogicToPixel

Bug 113812 - assertion fail nMapNum >= 0 in ImplLogicToPixel

Summary: assertion fail nMapNum >= 0 in ImplLogicToPixel

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	filters and storage (show other bugs)
Version: (earliest affected)	5.2 all versions
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium normal
Assignee:	Bartosz

URL:
Whiteboard:
Keywords:	filter:pptx, haveBacktrace

Depends on:
Blocks:	Crash-Assert
	Show dependency tree / graph

Reported:	2017-11-13 22:58 UTC by sam tygier
Modified:	2022-04-19 10:41 UTC (History)
CC List:	4 users (show)

See Also:
Crash report or crash signature:

Attachments
gdb log (170.66 KB, text/plain) 2017-11-13 22:59 UTC, sam tygier	Details
bt with debug symbols (15.00 KB, text/plain) 2018-06-24 09:57 UTC, Julien Nabet	Details
bt with debug symbols (12.14 KB, text/plain) 2020-06-20 16:05 UTC, Julien Nabet	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description sam tygier 2017-11-13 22:58:28 UTC

Description:
Opening a specific pptx I get a crash.

(Full GDB log attached)
#0  0x00007ffff73998df in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff739b4da in __GI_abort () at abort.c:89
#2  0x00007ffff7391d67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x7fffecb5a491 "nMapNum >= 0", file=file@entry=0x7fffecb5a3e8 "/usr/local/src/libreoffice/core/vcl/source/outdev/map.cxx", line=line@entry=359, function=function@entry=0x7fffecb5acc0 <ImplLogicToPixel(long, long, long, long, long)::__PRETTY_FUNCTION__> "long int ImplLogicToPixel(long int, long int, long int, long int, long int)") at assert.c:92
#3  0x00007ffff7391e12 in __GI___assert_fail (assertion=0x7fffecb5a491 "nMapNum >= 0", file=0x7fffecb5a3e8 "/usr/local/src/libreoffice/core/vcl/source/outdev/map.cxx", line=359, function=0x7fffecb5acc0 <ImplLogicToPixel(long, long, long, long, long)::__PRETTY_FUNCTION__> "long int ImplLogicToPixel(long int, long int, long int, long int, long int)") at assert.c:101
#4  0x00007fffec442b1d in ImplLogicToPixel(long, long, long, long, long) (n=-31131, nDPI=96, nMapNum=-1, nMapDenom=2032, nThres=48038396025285285) at /usr/local/src/libreoffice/core/vcl/source/outdev/map.cxx:359
#5  0x00007fffec443828 in OutputDevice::ImplLogicToDevicePixel(tools::Polygon const&) const (this=0x7868610, rLogicPoly=...) at /usr/local/src/libreoffice/core/vcl/source/outdev/map.cxx:544
#6  0x00007fffec3f6b3b in OutputDevice::DrawPolygon(tools::Polygon const&) (this=0x7868610, rPoly=...) at /usr/local/src/libreoffice/core/vcl/source/outdev/polygon.cxx:223
#7  0x00007fffec3f64ac in OutputDevice::DrawPolyPolygon(tools::PolyPolygon const&) (this=0x7868610, rPolyPoly=...) at /usr/local/src/libreoffice/core/vcl/source/outdev/polygon.cxx:122
#8  0x00007fffc18cbf54 in emfio::MtfTools::ImplDrawBitmap(Point const&, Size const&, BitmapEx const&) (this=0x7ffffffebc40, rPos=..., rSize=..., rBitmap=...) at /usr/local/src/libreoffice/core/emfio/source/reader/mtftools.cxx:1633
#9  0x00007fffc18cd6fa in emfio::MtfTools::ResolveBitmapActions(std::__debug::vector<std::unique_ptr<emfio::BSaveStruct, std::default_delete<emfio::BSaveStruct> >, std::allocator<std::unique_ptr<emfio::BSaveStruct, std::default_delete<emfio::BSaveStruct> > > >&) (this=0x7ffffffebc40, rSaveList=std::__debug::vector of length 1, capacity 1 = {...}) at /usr/local/src/libreoffice/core/emfio/source/reader/mtftools.cxx:1921
#10 0x00007fffc18e5110 in emfio::EmfReader::ReadEnhWMF() (this=0x7ffffffebc40) at /usr/local/src/libreoffice/core/emfio/source/reader/emfreader.cxx:654

Crash happens with 
Version: 6.0.0.0.alpha1+
Build ID: 9984579e96a966c2e47db98ceeb9a83b1adefa00
CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk2; 
Locale: en-GB (en_GB.utf8); Calc: group

But I can open the file fine with
Version: 5.4.2.2
Build ID: 22b09f6418e8c2d508a9eaf86b2399209b0990f4
CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk2; 
Locale: en-GB (en_GB.utf8); Calc: group

I shall try to bisect.

Steps to Reproduce:
1. Download https://indico.cern.ch/event/647714/contributions/2632839/attachments/1556799/2448620/Exp-Upgrades.pptx
2. Open with LibreOffice
3. Crashes during open

Actual Results:  
Crashes

Expected Results:
Opens file


Reproducible: Always


User Profile Reset: No



Additional Info:


User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Comment 1 sam tygier 2017-11-13 22:59:46 UTC

Created attachment 137730 [details]
gdb log

Comment 2 Aron Budea 2017-11-13 23:32:09 UTC

Assertion checks are only compiled into debug builds, therefore you will never encounter assetion failures in release builds. No need to bother with bibisecting.

Comment 3 Aron Budea 2017-11-14 01:20:48 UTC

Assertion failure reproduced.

Version: 6.0.0.0.alpha1+
Build ID: 31b26130d90d4746cbb126fd9b6c1cb3487f644f
CPU threads: 16; OS: Linux 4.10; UI render: default; VCL: gtk3; 
Locale: en-US (en_US.UTF-8); Calc: group

Comment 4 sam tygier 2017-11-14 08:48:36 UTC

OK. I get the same assertion fail with a self built 5.4

soffice.bin: /usr/local/src/libreoffice/core/vcl/source/outdev/map.cxx:374: long int ImplLogicToPixel(long int, long int, long int, long int, long int): Assertion `nMapNum >= 0' failed.

Version: 5.4.2.2.0+
Build ID: 31423b7d44216606cac52ebaf4eab02f469c478f
CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk3; 
Locale: en-GB (en_GB.utf8); Calc: group

Comment 5 sam tygier 2017-11-15 08:00:14 UTC

I can also reproduce in 

Version: 5.2.0.1.0+
Build ID: 8851333f8aafe84ca9479faf24d9164035aff520
CPU threads: 4; OS: Linux 4.13; UI render: default; 
Locale: en-GB (en_GB.utf8)

Comment 6 Julien Nabet 2018-06-24 09:57:28 UTC

Created attachment 143070 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today, I could reproduce this.
I had to scroll several slides to have it.

Comment 7 QA Administrators 2019-06-25 02:42:42 UTC Comment hidden (obsolete)

Dear sam tygier,

To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.

There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present.

If you have time, please do the following:

Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.

If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.

Please DO NOT

Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not
appropriate in this case)

If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword

Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-UntouchedBug

Comment 8 Julien Nabet 2020-06-20 16:05:26 UTC

Created attachment 162229 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today, I could still reproduce this.
Here's an updated bt.

Comment 9 Xisco Faulí 2022-04-19 09:36:48 UTC

No crash in 

Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: 49ee1c889665c3539fa9a1c99a865a42fc08ee97
CPU threads: 8; OS: Linux 5.10; UI render: default; VCL: gtk3
Locale: es-ES (es_ES.UTF-8); UI: en-US
Calc: threaded

Could someelse confirm ?

Comment 10 Julien Nabet 2022-04-19 10:08:52 UTC

On pc Debian x86-64 with master sources updated today, I don't reproduce this.
Also, no crash with LO Debian package 7.3.1

Comment 11 Xisco Faulí 2022-04-19 10:41:46 UTC

(In reply to Julien Nabet from comment #10)
> On pc Debian x86-64 with master sources updated today, I don't reproduce
> this.
> Also, no crash with LO Debian package 7.3.1

Hi Julien,
Thanks for checking. Let's close it then