Description: Opening attached file freezes recent releases of LO: crashreport.libreoffice.org/stats/crash_details/14da8387-a874-4356-a5ae-b6a0bcd40500 I got this crash report when I opened attached DOCX. It's 12 KB and just contains “1.“. Disclosure: I made it by poking around with TextMaker 2016. Win: Freezing: Version: 6.1.0.3 (x64) Build ID: efb621ed25068d70781dc026f7e9c5187a4decd1 CPU threads: 4; OS: Windows 6.1; UI render: default; Locale: de-DE (de_DE); Calc: group threaded Version: 6.1.0.2 (x64) Build ID: b3972dcf1284967612d5ee04fea9d15bcf0cc106 CPU threads: 4; OS: Windows 10.0; UI render: default; Locale: de-DE (de_DE); Calc: group threaded Opening: Version: 6.0.5.2 Build ID: 54c8cbb85f300ac59db32fe8a675ff7683cd5a16 CPU threads: 4; OS: Windows 10.0; UI render: GL; Locale: de-DE (de_DE); Calc: CL Ubuntu: Freezing: Version: 6.1.0.3 Build ID: efb621ed25068d70781dc026f7e9c5187a4decd1 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk2; Locale: en-US (en_US.UTF-8); Calc: group threaded Opening: Version: 6.2.0.0.alpha0+ Build ID: 8e9d43546c8e46ea635472ddf07f5c183dc13360 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk2; TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2018-07-12_01:06:03 Locale: en-US (en_US.UTF-8); Calc: group threaded Steps to Reproduce: 1. Open attached file Actual Results: Writer freezes Expected Results: Writer opens file Reproducible: Always User Profile Reset: No Additional Info: Safe mode affected
Created attachment 144006 [details] DOCX - freezes 6.1RC2
I reproduce open with 6.0 and freeze with 6.2+ in Windows so I confirm. But I don't get crash report and the one you wrote starts already in 5.4.0.3: http://crashreport.libreoffice.org/stats/signature/SfxApplication::GetAppDispatcher_Impl%28%29 Are you sure that's the report you get with this document? I just get dump with procdump: FOLLOWUP_IP: writerfilterlo!writerfilter::dmapper::splitFieldCommand+47f21 5090a0a1 8b00 mov eax,dword ptr [eax]
Well, at my test I had to kill the task, when LO froze. But one time it got that crash report, so I thought that it had to be connected I did now test it with Version: 5.4.2.2 Build ID: 22b09f6418e8c2d508a9eaf86b2399209b0990f4 CPU threads: 4; OS: Windows 6.2; UI render: GL; Locale: de-DE (de_DE); Calc: group and it did not freeze. I'm not a coder – maybe it's just a coincidence?
I mean 'tests' - not 'test', as I wrote. [LO always froze and I had to kill the task.]
Regression introduced by: https://cgit.freedesktop.org/libreoffice/core/commit/?id=bc67bda7363df48f1983513a8e969b61738139f5 author Justin Luth <justin_luth@sil.org> 2018-07-09 18:30:52 +0300 committer Miklos Vajna <vmiklos@collabora.co.uk> 2018-07-13 10:21:36 +0200 commit bc67bda7363df48f1983513a8e969b61738139f5 (patch) tree b04cafdd4a6a1b3abd08e84ad0e4aa016d923b8d parent 23793a08b75757c1fe764e3e03e09fe08b72413d (diff) related tdf#106174 writerfilter: replace broken FindParentStyleSheet Bisected with: bibisect-linux64-6.2 Adding Cc: to Justin Luth
Hmm, a style with a blank name. <w:style w:type="character" w:styleId="" w:customStyle="1"> <w:name w:val="Нижний колонтитул Знак"/> <w:basedOn w:val="Absatz-Standardschriftart"/> </w:style> And of course every "parent" style defaults to a blank string, so that actually matches a real, live style in this case. Surprisingly, this is not illegal... "If this attribute is not specified, then a style ID can be assigned in any manner desired." But leaving it as a blank seems like a really bad idea, and has exposed an existing vulnerabilty in GetPropertyFromStyleSheet().
Justin Luth committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=b9a739e0d3909e0fa4b76d5c0087d92a505e95fa tdf#119136 GetPropertyFromStyleSheet infinite loop It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Looks fixed.
Justin Luth committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=a0bf275c37e9ac40597cc09fde8dc1fe3a04c858&h=libreoffice-6-1 tdf#119136 GetPropertyFromStyleSheet infinite loop It will be available in 6.1.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.