113871 – writer crashes when scrolling Doc file

Bug 113871 - writer crashes when scrolling Doc file

Summary: writer crashes when scrolling Doc file

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	5.4.3.2 release
Hardware:	All All

Importance:	medium normal
Assignee:	Caolán McNamara

URL:
Whiteboard:	target:6.0.0
Keywords:	haveBacktrace

Depends on:
Blocks:

Reported:	2017-11-16 06:22 UTC by Fahad Al-Saidi
Modified:	2017-11-17 09:15 UTC (History)
CC List:	3 users (show)

See Also:
Crash report or crash signature:	["ucrtbase.dll"]

Attachments
the problematic file (216.00 KB, application/msword) 2017-11-16 06:23 UTC, Fahad Al-Saidi	Details
gdb backtrace (36.82 KB, text/plain) 2017-11-16 11:16 UTC, Xisco Faulí	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fahad Al-Saidi 2017-11-16 06:22:53 UTC

Description:
I have doc file, when I try to open it and just scrolling down writer crash !! The file attached.

Actual Results:  
Writer crashes

Expected Results:
should be open the file without crash.


Reproducible: Always


User Profile Reset: Yes



Additional Info:


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Comment 1 Fahad Al-Saidi 2017-11-16 06:23:36 UTC

Created attachment 137799 [details]
the problematic file

Comment 2 Dieter 2017-11-16 07:51:42 UTC

Not reproducible for me with Windows 10. Perhaps it's only a Linux problem.

Version: 5.4.3.2 (x64)
Build-ID: 92a7159f7e4af62137622921e809f8546db437e5
CPU-Threads: 4; Betriebssystem:Windows 6.19; UI-Render: Standard; 
Gebietsschema: de-DE (de_DE); Calc: group

Comment 3 Aschalew 2017-11-16 08:31:48 UTC

Can not reproduce!
it works fine!

Windows 10

Version: 5.4.3.2 (x64)
Build ID: 92a7159f7e4af62137622921e809f8546db437e5
CPU threads: 8; OS: Windows 6.19; UI render: default; 
Locale: en-US (en_US); Calc: group

Comment 4 Fahad Al-Saidi 2017-11-16 08:32:55 UTC

please make sure to scroll down till the end of the doc.

Comment 5 Xisco Faulí 2017-11-16 09:30:05 UTC

Yep, it crashes for me when I scroll down from page 1 to page 10

Version: 6.0.0.0.alpha1+
Build ID: a5550289a37950195b7a7e5b22cba79ce5b5a673
CPU threads: 4; OS: Linux 4.10; UI render: default; VCL: gtk3; 
Locale: th-TH (ca_ES.UTF-8); Calc: group

Comment 6 Xisco Faulí 2017-11-16 09:41:37 UTC

Also reproduced in

Versión: 5.4.3.2
Id. de compilación: 92a7159f7e4af62137622921e809f8546db437e5
Subprocs. CPU: 1; SO: Windows 6.1; Repres. IU: predet.; 
Configuración regional: es-ES (es_ES); Calc: group

Comment 7 Xisco Faulí 2017-11-16 10:10:54 UTC

Surprisingly, I can't reproduce it with any bibisect repository...

Comment 8 Xisco Faulí 2017-11-16 11:16:02 UTC

Created attachment 137806 [details]
gdb backtrace

Using a debug build, I can reproduce the crash if I scroll the document using the scrollbar

Comment 9 Xisco Faulí 2017-11-16 11:17:37 UTC

@Caolán, Michael, one for you?

Comment 10 Caolán McNamara 2017-11-16 14:23:39 UTC

I have a plausible fix at https://gerrit.libreoffice.org/#/c/44831/ based on the same logic the code following the crash uses to restrict the kashida index to a valid range

Comment 11 Commit Notification 2017-11-17 09:10:24 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=6e686439291b4047a8c522ebf78d25632d349f62

Resolves: tdf#113871 bounds check kashida pos

It will be available in 6.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 12 Fahad Al-Saidi 2017-11-17 09:15:09 UTC

@Caolán can you backport it to 5.4?