Bug 47727 - FILEOPEN Valgrind error during Word file loading
Summary: FILEOPEN Valgrind error during Word file loading
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
Master old -3.6
Hardware: x86-64 (AMD64) Linux (All)
: medium minor
Assignee: Arnaud Versini
URL: http://www.microsoft.com/download/en/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-22 09:10 UTC by Arnaud Versini
Modified: 2012-11-02 13:24 UTC (History)
0 users

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arnaud Versini 2012-03-22 09:10:17 UTC
There is a memory error on the Word filter in LibreOffice 

Procedure to reproduce :

- Run LibreOffice with valgrind --tool=memcheck
- Open the RTF specification from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=10725 in doc format
- There is a message like this on the console reported by valgrind :

==24771==    at 0x24ACD4AC: SVBT16ToShort(unsigned char const*) (solar.h:88)
==24771==    by 0x24B77419: SwWW8ImplReader::Read_UL(unsigned short, unsigned char const*, short) (ww8par6.cxx:4180)
==24771==    by 0x24B79DBD: SwWW8ImplReader::ImportSprm(unsigned char const*, unsigned short) (ww8par6.cxx:6140)
==24771==    by 0x24B2A807: WW8RStyle::ImportSprms(unsigned char*, short, bool) (ww8par2.cxx:3640)
==24771==    by 0x24B2A8B6: WW8RStyle::ImportSprms(unsigned long, short, bool) (ww8par2.cxx:3657)
==24771==    by 0x24B2AA8A: WW8RStyle::ImportUPX(short, bool, bool) (ww8par2.cxx:3714)
==24771==    by 0x24B2AB7C: WW8RStyle::ImportGrupx(short, bool, bool) (ww8par2.cxx:3736)
==24771==    by 0x24B2B89A: WW8RStyle::Import1Style(unsigned short) (ww8par2.cxx:3944)
==24771==    by 0x24B2D54F: WW8RStyle::ImportNewFormatStyles() (ww8par2.cxx:4455)
==24771==    by 0x24B2D5B0: WW8RStyle::ImportStyles() (ww8par2.cxx:4463)
==24771==    by 0x24B2D64C: WW8RStyle::Import() (ww8par2.cxx:4475)
==24771==    by 0x24AFC18E: SwWW8ImplReader::CoreLoad(WW8Glossary*, SwPosition const&) (ww8par.cxx:4474)
==24771==    by 0x24AFF623: SwWW8ImplReader::LoadThroughDecryption(SwPaM&, WW8Glossary*) (ww8par.cxx:5144)
==24771==    by 0x24B00960: SwWW8ImplReader::LoadDoc(SwPaM&, WW8Glossary*) (ww8par.cxx:5452)
==24771==    by 0x24B00D89: WW8Reader::Read(SwDoc&, String const&, SwPaM&, String const&) (ww8par.cxx:5541)
==24771==    by 0x21D8245A: SwReader::Read(Reader const&) (shellio.cxx:183)
==24771==    by 0x21EC275F: SwDocShell::ConvertFrom(SfxMedium&) (docsh.cxx:256)
==24771==    by 0x67507AB: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:746)
==24771==    by 0x679BF19: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1904)
==24771==    by 0x67E840C: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611)
==24771==    by 0x1AAADA2B: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1158)
==24771==    by 0x1AAAA49E: framework::LoadEnv::startLoading() (loadenv.cxx:420)
==24771==    by 0x1AA304EA: framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) (loaddispatcher.cxx:168)
==24771==    by 0x1AA30179: framework::LoadDispatcher::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (loaddispatcher.cxx:95)
==24771==    by 0x1AADE9A8: implDispatchDelayed(void*, void*) (backingwindow.cxx:956)
==24771==    by 0x8363C11: Link::Call(void*) const (link.hxx:143)
==24771==    by 0x8819BFC: ImplHandleUserEvent(ImplSVEvent*) (winproc.cxx:1991)
==24771==    by 0x881AEB1: ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void const*) (winproc.cxx:2563)
==24771==    by 0x882C8BC: SalFrame::CallCallback(unsigned short, void const*) const (in /media/Medias/core/solver/unxlngx6/lib/libvcllo.so)
==24771==    by 0x882C32F: SalGenericDisplay::DispatchInternalEvent() (gendisp.cxx:102)
==24771==    by 0x10053C2C: GtkData::userEventFn(void*) (gtkdata.cxx:942)
==24771==    by 0x10053C83: call_userEventFn (gtkdata.cxx:952)
==24771==    by 0x12FA9A5C: g_main_context_dispatch (gmain.c:2441)
==24771==    by 0x12FAA257: g_main_context_iterate.isra.21 (gmain.c:3089)
==24771==    by 0x12FAA428: g_main_context_iteration (gmain.c:3152)
==24771==    by 0x10052BE3: GtkData::Yield(bool, bool) (gtkdata.cxx:581)
==24771==    by 0x10056797: GtkInstance::Yield(bool, bool) (gtkinst.cxx:606)
==24771==    by 0x837B69E: ImplYield(bool, bool) (svapp.cxx:451)
==24771==    by 0x8377AD8: Application::Yield(bool) (svapp.cxx:485)
==24771==    by 0x8377A79: Application::Execute() (svapp.cxx:430)
==24771==    by 0x411C263: desktop::Desktop::Main() (app.cxx:1808)
==24771==    by 0x8383E11: ImplSVMain() (svmain.cxx:178)
==24771==    by 0x8383F57: SVMain() (svmain.cxx:215)
==24771==    by 0x4156C81: soffice_main (sofficemain.cxx:79)
==24771==    by 0x400743: sal_main (main.c:34)
==24771==    by 0x400728: main (main.c:33)
==24771==  Address 0x1c851e17 is 0 bytes after a block of size 7 alloc'd
==24771==    at 0x4C2864B: operator new[](unsigned long) (vg_replace_malloc.c:305)
==24771==    by 0x24B2A87A: WW8RStyle::ImportSprms(unsigned long, short, bool) (ww8par2.cxx:3655)
==24771==    by 0x24B2AA8A: WW8RStyle::ImportUPX(short, bool, bool) (ww8par2.cxx:3714)
==24771==    by 0x24B2AB7C: WW8RStyle::ImportGrupx(short, bool, bool) (ww8par2.cxx:3736)
==24771==    by 0x24B2B89A: WW8RStyle::Import1Style(unsigned short) (ww8par2.cxx:3944)
==24771==    by 0x24B2D54F: WW8RStyle::ImportNewFormatStyles() (ww8par2.cxx:4455)
==24771==    by 0x24B2D5B0: WW8RStyle::ImportStyles() (ww8par2.cxx:4463)
==24771==    by 0x24B2D64C: WW8RStyle::Import() (ww8par2.cxx:4475)
==24771==    by 0x24AFC18E: SwWW8ImplReader::CoreLoad(WW8Glossary*, SwPosition const&) (ww8par.cxx:4474)
==24771==    by 0x24AFF623: SwWW8ImplReader::LoadThroughDecryption(SwPaM&, WW8Glossary*) (ww8par.cxx:5144)
==24771==    by 0x24B00960: SwWW8ImplReader::LoadDoc(SwPaM&, WW8Glossary*) (ww8par.cxx:5452)
==24771==    by 0x24B00D89: WW8Reader::Read(SwDoc&, String const&, SwPaM&, String const&) (ww8par.cxx:5541)
==24771==    by 0x21D8245A: SwReader::Read(Reader const&) (shellio.cxx:183)
==24771==    by 0x21EC275F: SwDocShell::ConvertFrom(SfxMedium&) (docsh.cxx:256)
==24771==    by 0x67507AB: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:746)
==24771==    by 0x679BF19: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1904)
==24771==    by 0x67E840C: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611)
==24771==    by 0x1AAADA2B: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1158)
==24771==    by 0x1AAAA49E: framework::LoadEnv::startLoading() (loadenv.cxx:420)
==24771==    by 0x1AA304EA: framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) (loaddispatcher.cxx:168)
==24771==    by 0x1AA30179: framework::LoadDispatcher::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (loaddispatcher.cxx:95)
==24771==    by 0x1AADE9A8: implDispatchDelayed(void*, void*) (backingwindow.cxx:956)
==24771==    by 0x8363C11: Link::Call(void*) const (link.hxx:143)
==24771==    by 0x8819BFC: ImplHandleUserEvent(ImplSVEvent*) (winproc.cxx:1991)
==24771==    by 0x881AEB1: ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void const*) (winproc.cxx:2563)
==24771==    by 0x882C8BC: SalFrame::CallCallback(unsigned short, void const*) const (in /media/Medias/core/solver/unxlngx6/lib/libvcllo.so)
==24771==    by 0x882C32F: SalGenericDisplay::DispatchInternalEvent() (gendisp.cxx:102)
==24771==    by 0x10053C2C: GtkData::userEventFn(void*) (gtkdata.cxx:942)
==24771==    by 0x10053C83: call_userEventFn (gtkdata.cxx:952)
==24771==    by 0x12FA9A5C: g_main_context_dispatch (gmain.c:2441)
==24771==    by 0x12FAA257: g_main_context_iterate.isra.21 (gmain.c:3089)
==24771==    by 0x12FAA428: g_main_context_iteration (gmain.c:3152)
==24771==    by 0x10052BE3: GtkData::Yield(bool, bool) (gtkdata.cxx:581)
==24771==    by 0x10056797: GtkInstance::Yield(bool, bool) (gtkinst.cxx:606)
==24771==    by 0x837B69E: ImplYield(bool, bool) (svapp.cxx:451)
==24771==    by 0x8377AD8: Application::Yield(bool) (svapp.cxx:485)
==24771==    by 0x8377A79: Application::Execute() (svapp.cxx:430)
==24771==    by 0x411C263: desktop::Desktop::Main() (app.cxx:1808)
==24771==    by 0x8383E11: ImplSVMain() (svmain.cxx:178)
==24771==    by 0x8383F57: SVMain() (svmain.cxx:215)
==24771==    by 0x4156C81: soffice_main (sofficemain.cxx:79)
==24771==    by 0x400743: sal_main (main.c:34)
==24771==    by 0x400728: main (main.c:33)


Ps don't try to wait the end of opening it takes hours
Comment 1 Christopher Yeleighton 2012-03-25 11:03:54 UTC
Please provide the exact URL of the document in question.  The one you have provided returns an index page.
Comment 2 Arnaud Versini 2012-03-25 11:25:29 UTC
The exact URL is http://download.microsoft.com/download/2/f/5/2f599e18-07ee-4ec5-a1e7-f4e6a9423592/Word2007RTFSpec9.doc

But for the page number I've no idea how to know that, I think styles are not in pages.
Comment 3 Arnaud Versini 2012-03-29 13:45:54 UTC
Also on Ubuntu x86, patch on the way