Bug Hunting Session
Bug 48778 - FILEOPEN arbitrary.pptx will CRASH
Summary: FILEOPEN arbitrary.pptx will CRASH
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Impress (show other bugs)
Version:
(earliest affected)
3.5 Daily
Hardware: x86 (IA32) Windows (All)
: high critical
Assignee: Muthu
URL:
Whiteboard: target:3.6.0 target:3.5.4
Keywords: regression
: 47844 (view as bug list)
Depends on:
Blocks: mab3.5
  Show dependency treegraph
 
Reported: 2012-04-16 10:56 UTC by Korrawit Pruegsanusak
Modified: 2012-06-15 22:58 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:


Attachments
MacOS X log file generated on crash when opening file 'arrow regression bug.pptx' (59.59 KB, text/plain)
2012-04-17 02:29 UTC, Roman Eisele
Details
MacOS X log file generated on crash when opening file 'report-1-slide.pptx' (73.83 KB, text/plain)
2012-04-17 02:30 UTC, Roman Eisele
Details
stack trace from blank.pptx (11.66 KB, text/plain)
2012-04-27 04:29 UTC, Korrawit Pruegsanusak
Details
stacktrace from blank.pptx, second round (10.15 KB, text/plain)
2012-05-02 00:54 UTC, Korrawit Pruegsanusak
Details
Patch. (1.00 KB, patch)
2012-05-03 00:34 UTC, Muthu
Details
screenshot of attachment 46857, open in libo patched master vs 3.5.2 (379.83 KB, image/png)
2012-05-03 09:31 UTC, Korrawit Pruegsanusak
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Korrawit Pruegsanusak 2012-04-16 10:56:16 UTC
*libreoffice-3-5 daily build* on Windows XP (will be 3.5.3 this week)
Timestamp 2012-04-12_08.57.37
Build ID: 78c43c0-a73d29c-6845e52-f269e46-186d9ed

Download from http://dev-builds.libreoffice.org/daily/Win-x86@15-Prague_Win32/libreoffice-3-5/2012-04-12_08.57.37/

Steps:
1A. Open attachment 46857 [details]
1B. Open attachment 58591 [details]
2. Crash!

[NOT REPRODUCIBLE], i.e. no crash, with 3.5.2.2 (final) => regression
Comment 1 Korrawit Pruegsanusak 2012-04-16 11:00:20 UTC
No crash with newer daily build [Build ID: 4baeaf5-a73d29c-6845e52-f269e46-186d9ed] on [2012-04-16_08.37.35], but give

"General Error.
General input/output error."

and didn't open the files.
Comment 2 Rainer Bielefeld Retired 2012-04-16 11:19:08 UTC
[Reproducible] with parallel  installation of  Master "LOdev 3.6.0alpha0+  – WIN7 Home Premium (64bit) ENGLISH UI [Build ID: 4495824-6299bf6-ec8645]" (tinderbox: Win-x86@6-fast pull time 2012-04-08 00:03:52) and empty document from <http://www.mediafire.com/?d61e28sm6ozk7d5>

I checked 5 arbitrary other .pptx from downloaded bug attachments, all crashed. So LibO lost ability to open these documents.

@Thorsten:
Please set Status to ASSIGNED and add yourself to "Assigned To" if you accept this Bug
Comment 3 Korrawit Pruegsanusak 2012-04-16 11:42:18 UTC
Thanks Rainer. :)

Even the oldest libreoffice-3-5 daily build which remains in the server [2012-04-02 05.43.51] still CRASH.

core:05d6bb3aed80d0284bdeaf4177c9883aa60ea169
binfilter:a73d29c70cf5cc6ffeddfd5c5dada55a30d55fcc
dictionaries:6845e5260eecb400953442f14170339327af01ee
help:f269e467c4a88d3103224d8941a226e50d504010
translations:186d9edc9ac885dd5dee0ef792895e748b36c49a

http://dev-builds.libreoffice.org/daily/Win-x86@15-Prague_Win32/libreoffice-3-5/2012-04-02_05.43.51/
Comment 4 Julien Nabet 2012-04-16 12:53:11 UTC
Oups, sorry wrong bug updated :-(
Comment 5 Julien Nabet 2012-04-16 13:11:13 UTC
On Pc Debian x86-64, on master updated today, no crash and no errors.
On 3.5 branch with last commit 5e7f26787c6025ec1dffa9eee17405220325f7ae, idem.

It seems to confirm this would be a Windows only bug.
Comment 6 Jean-Baptiste Faure 2012-04-16 22:05:32 UTC
No crash for me on Ubuntu 11.10 x86_64 gnome-shell with LibreOffice 3.5.3rc0+ 
Version ID : 062c8a0-a73d29c-6845e52-f269e46-31eca31 and FR translation.

Best regards. JBF
Comment 7 Rainer Bielefeld Retired 2012-04-17 01:26:35 UTC
Korrawit is right
Also crashes with old Masters 
Build ID: a286353-090bcba-3bf3b94  (2011-12-02_22:36:35)

No Crash with
Server installation of Master "LibO-dev 3.5.0 – WIN7 Home Premium (64bit) English UI [(Build ID:  5d1a991-4cb1bac-ca7e6f5-9125509-ce71330)]" (2011-11-09)
Comment 8 Roman Eisele 2012-04-17 02:22:38 UTC
Not just a Windows bug:

[REPRODUCIBLE] on MacOS X 10.6.8 German with current master: LibreOffice
3.6.0alpha0+, Build ID: 55823d3 (installation file:
master~2012-04-14_05.23.05_LibO-Dev_3.6.0alpha0_MacOS_x86_install_en-US.dmg).

When I try to open the two sample .pptx files mentioned in Description,
LibreOffice master opens the files, shows the contents (first slide) for about
2 seconds and crashes then (without clicking anywhere or pressing any key, it
just crashes!).

I will attach the MacOS X crash log files.
Comment 9 Roman Eisele 2012-04-17 02:29:55 UTC
Created attachment 60152 [details]
MacOS X log file generated on crash when opening file 'arrow regression bug.pptx'
Comment 10 Roman Eisele 2012-04-17 02:30:40 UTC
Created attachment 60153 [details]
MacOS X log file generated on crash when opening file 'report-1-slide.pptx'
Comment 11 Muthu 2012-04-19 01:35:26 UTC
Anybody can confirm this with a newer build, please?
[I am unable to reproduce with my build ~21st March]
Comment 12 Rainer Bielefeld Retired 2012-04-19 01:54:23 UTC
Indeed, I tried to open mentioned samples from LibO File dialog (OS and LibO, does not matter), and 
NOT reproducible with "LOdev 3.6.0alpha0+  English UI/Locale [Build ID: 9518535-d09cf17-8a74106-c695ecd-16afab (libreoffice-3-5-branch-point)]"  {Win-x86@9-Voreppe Win32 pull time 2012-02-29 04:21:51}. OS: German WIN7 Home Premium (64bit)  
NOT reproducible with parallel  installation of  Master "LOdev 3.6.0alpha0+  – WIN7 Home Premium (64bit) ENGLISH UI [Build ID: 8a78020]" (tinderbox: Win-x86@6-fast pull time 2012-04-18 23:51:20)

But Romans's crash with Master 2012-04-14, what is later than my 2012-02-29, makes me doubt that this simply has become WORKSFORME

Currently I odn't have my old Master Build ID: 4495824-6299bf6-ec8645
(tinderbox: Win-x86@6-fast pull time 2012-04-08 00:03:52) (what reproduced the crash) no longer installed, but I can reinstall for further tests if necessary.
Comment 13 Roman Eisele 2012-04-19 02:21:04 UTC
(In reply to comment #12)
> But Romans's crash with Master 2012-04-14, what is later than my 2012-02-29,
> makes me doubt that this simply has become WORKSFORME

Well, if my crash is the only one left with newer builds, it seems possible that the crash I see with Master 2012-04-14 is indeed another, Mac-specific bug. Maybe this present bug has really been fixed in between and we should set the status to WORKSFORME, but that I need to report the crash I see as a separate issue with a separate bug report ;-)

I'd really like to test again with a newer Master build, but at http://dev-builds.libreoffice.org/daily/MacOSX-Intel@1-built_no-moz_on_10.6.8/master/ there is no newer build than 2012-04-14, http://dev-builds.libreoffice.org/daily/MacOSX-Intel@3-OSX_10.6.0-gcc_4.0.1/master/ is empty (!), and http://dev-builds.libreoffice.org/daily/MacOSX-PPC@12-OSX_10.5.0-gcc_4.0.1/master/ is outdated, too.

Any chance that some MacOS specialist (Thorsten?) may take a look at the two log files I have attached to this report? Maybe he could tell if the crash I see is really another issue than the one reported by Korrawit Pruegsanusak ...
Comment 14 Roman Eisele 2012-04-20 06:39:26 UTC
Good news:
Today I saw that there are new MacOS X builds available, and so I tested this issue again with LOdev 3.6.0alpha0+, Build ID: 503c8fd (installation file: master~2012-04-20_00.38.41_LibO-Dev_3.6.0alpha0_MacOS_x86_install_en-US.dmg).

The crash I saw with 3.6.0alpha0+, Build ID: 55823d3 (installation file:
master~2012-04-14_05.23.05_LibO-Dev_3.6.0alpha0_MacOS_x86_install_en-US.dmg), is gone. LOdev opens both .pptx files without problems. Very nice!

Now, if everybody agrees and nobody sees the crash anymore, we can change the status of this bug to WORKSFORME, as considered by Rainer in comment #12 ...
Comment 15 Muthu 2012-04-22 23:06:25 UTC
Resolving this as worksforme as agreed by everyone (?)
Comment 16 Korrawit Pruegsanusak 2012-04-23 10:37:29 UTC
(In reply to comment #15)
> Resolving this as worksforme as agreed by everyone (?)

Sorry, I don't agree. :) so REOPENED
I still can't open the files in *master* daily build dated [2012-04-19 22:36:21] Build ID: 8be33aa at <http://dev-builds.libreoffice.org/daily/Win-x86@6-fast/master/2012-04-19_22.36.21/>

It didn't crash, but can't open the files. It says: "General Error. General input/output error." as same as in comment 1.

I didn't check *libreoffice-3-5* daily build nor with newer versions yet.
Comment 17 Muthu 2012-04-24 08:25:52 UTC
Oh...The same sample file attached here?
Can another person confirm this too, please?
Comment 18 Muthu 2012-04-24 08:27:20 UTC
@Korrawit: Please also confirm that you are not using network drives/shares...for debugging, can you try copying that file to your desktop (or some clean place) and try opening? Thank you!
Comment 19 Korrawit Pruegsanusak 2012-04-25 01:00:48 UTC
(In reply to comment #18)
> @Korrawit: Please also confirm that you are not using network
> drives/shares...for debugging, can you try copying that file to your desktop
> (or some clean place) and try opening? Thank you!

My files are always in a folder in desktop, no network drives/shares. :)

Anyway, still [REPRODUCIBLE] with master build:
tinderbox: buildname: Win-x86@6-fast
tinderbox: tree: MASTER
tinderbox: pull time 2012-04-24 22:15:22
tinderbox: git sha1s
core:52d90ce040234cb35fad03bdd12e201bfa3a8634
binfilter:baa2838ed4a0d1a9dd4b2ff88e5e033a37bf31cd
dictionaries:8f1efc50dcaf2227b0f315d3866283344cb96263
help:a2594545dbf64c4772fc47fa75bf42f1e94daded

The behavior is same as comment 1 -- no crash, but didn't open files.
Tested on Windows XP, with files described in comment 0 and empty document in comment 2.
Comment 20 ape 2012-04-25 03:39:57 UTC
(In reply to comment #19)
> The behavior is same as comment 1 -- no crash, but didn't open files.
> Tested on Windows XP, with files described in comment 0 and empty document in
> comment 2.
1. Similarly: Windows-7sp1(x32) and Windows-XPsp2(x64).
2. Error fixed in LOdev-3.5.4rc0+ (build ID: cfdd2f7-a73d29c-6845e52-f269e46).
Comment 21 Korrawit Pruegsanusak 2012-04-25 05:53:28 UTC
(In reply to comment #20)
> 1. Similarly: Windows-7sp1(x32) and Windows-XPsp2(x64).

Thanks :) Anyway, which version did you tested? and what Build ID?

> 2. Error fixed in LOdev-3.5.4rc0+ (build ID: cfdd2f7-a73d29c-6845e52-f269e46).

Which platform did you tested? And which build? Did you mean MinGW build from <http://dev-builds.libreoffice.org/daily/Win-x86@7-MinGW/libreoffice-3-5/2012-04-23_07.08.07/> ?
Comment 22 Muthu 2012-04-26 22:35:28 UTC
@korrawit: I guess you are confusing me here :(
you report bug 47434 (and also confirmed that it still not fixed), while in this bug you say the same file crashes LO!

I retested this with yesterday's master, the bug is still not reproducible.

Can you:
1. Re-confirm with the *current* master? (3.6?)
2. Re-confirm with *current* 3.5.x build?
3. If its still reproducible, can you get a debug build and get us the
   stack traces and available logs?
4. Unfortunately, I don't have access to mac builds :( So, I guess, you have to help us out here (if its a Mac Only issue).
Comment 23 Muthu 2012-04-26 22:46:42 UTC
[Fyi: That said, I fixed another issue related to this bug:
http://cgit.freedesktop.org/libreoffice/core/commit/?id=7125ba7909a07fb01e11fec0c51465a3ef380efe
]
Comment 24 Rainer Bielefeld Retired 2012-04-27 00:11:15 UTC
No Crash and no error message with " 3.5.4rc0+ [Build ID: 8d9e2d9-a73d29c-6845e52-f269e46] Win-x86@7-MinGW” pull time 2012-04-26 09:53:25  on WIN7 Home Premium (64bit)

A Crash is something very different from an error message.
<https://wiki.documentfoundation.org/BugReport_Details#How_to_reopen_Bugs>
To avoid confusion IMHO we should close this Bug if nobody sees a crash and may be reopen a new bug for the error message.
Comment 25 Korrawit Pruegsanusak 2012-04-27 01:51:27 UTC
(In reply to comment #22)
> @korrawit: I guess you are confusing me here :(

Sorry for the confusion :( I'll try my best to explain.

First, I report this problem for *Windows* platform. And in this comment, if I don't say "in which platform", I mean Windows XP.

Then, Roman Eisele wrote it's also affect Mac, but I don't know whether it has the same cause.
So, Roman, of course I appreciate your contributions, but could you please file another separate bug for Mac? (if it's still crash) We could mark it as duplicate in the future if it has same root cause. Thanks!
And, yes, it doesn't affect Linux.

I've already wrote bug 47844 for *master* daily tinderbox build, the symptom is same as this bug -- it crashed when opening pptx.

When I tested *official* 3.5.x builds, it doesn't crash, but when I tested *libreoffice-3-5* daily tinderbox build after 3.5.2 has released, it also crash (see comment 0). So I wrote this bug.
At that time, I think it's the regression introduced between 3.5.2 and 3.5.3, but now I think the bug is introduced *before* -3-5 branching. Please continue reading to see why I think like that.

> I retested this with yesterday's master, the bug is still not reproducible.

Thanks :) But, on Windows? which tinderbox build? or your own build?

I *think* the reproducibility of this bug is somewhat depends on build configurations, because my own build of 'libreoffice-3.5.2.2' tag on Windows XP still crash, but the official build doesn't.
If my assumption is true, this might explain why your own builds, MinGW builds, and official builds doesn't crash and can open the files; but some other builds crash.

And from
* -3-5 daily builds crash
* master daily builds crash
I *think* the bug is introduced before -3-5 branching.


But, currently, LibO doesn't crash but doesn't open the file, as in comment 1. My own build, master branch, at b2fdaed46509127ec3ac2fb87404bc1b51d77778 (Apr 20, 2012) has same behavior.
Also same behavior with -3-5 daily build from tinderbox.

I assume that the commit that guard against crash is <http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=51c8c95b2864b49e7bcbd824eacedb5778a758c0> on April 14 by Caolán McNamara.
So, in my own master build as stated, I revert this Caolán's commit, and it crashed. Well, my assumption is correct.

tl;dr, on Windows XP *before* Caolán's commit:
* official 3.5.x, NO CRASH, and files open well
* daily build -3-5 from @15-prague tinderbox, CRASH
* daily build master from @6-fast tinderbox, CRASH
* daily build MinGW, seems no one tested (?)

*after* Caolán's commit:
* official 3.5.3 RC1, NO CRASH, and files open well (seems not affected)
* daily build -3-5 from @15-prague tinderbox, NO CRASH, but file NOT open, show error dialog
* daily build master from @6-fast tinderbox, NO CRASH, but file NOT open, show error dialog
* daily build MinGW, NO CRASH, and files open well (seems not affected)

> Can you test: [cut]

Will try that.

I don't know whether we should close this bug because of "NO CRASH", but I don't think so.
NO CRASH is by Caolán's commit, it just hide the crash, but I think it doesn't fix the root of the problem, yet.

Thanks and sorry again :(
Hope this comment will be useful.
Comment 26 Roman Eisele 2012-04-27 02:31:03 UTC
(In reply to comment #25)
> Then, Roman Eisele wrote it's also affect Mac, but I don't know whether it has
> the same cause.
> So, Roman, of course I appreciate your contributions, but could you please file
> another separate bug for Mac? (if it's still crash) We could mark it as
> duplicate in the future if it has same root cause. Thanks!

The crash does not occur anymore on MacOS X, see my comment #14.
Comment 27 Korrawit Pruegsanusak 2012-04-27 04:29:22 UTC
Created attachment 60660 [details]
stack trace from blank.pptx

Roman, great to hear that :) So I mark your crash logs as obsolete.

Anyway, CRASH with 3.5.2 RC1 debug build from <http://dev-builds.libreoffice.org/win32-debug/libreoffice-3-5/>, and I did "!analyze -v" in WinDbg => log attached

NO CRASH with 3.5.3 RC1 debug build from the same URL, but of course, it says "general error ..."
Comment 28 Muthu 2012-04-29 22:01:27 UTC
@Korrawit: Thank you for your detailed explanations!

If I understand you correct, you do have the capability to build on windows, right? If so:
1. Can you revert only the first hunk from:
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=51c8c95b2864b49e7bcbd824eacedb5778a758c0
and try?
2. (In the build which crashes) Can you build with 'make -sr debug=true'
   the modules sfx2, oox and sd and tell me what is the exception and 
   the trace, please?
   That way, we can get better stack traces. Please note that after building 
   with debug symbols, you may have to manually replace the dll files
   (from your build to your installation)
3. Can you apply http://cgit.freedesktop.org/libreoffice/core/commit/?id=7125ba7909a07fb01e11fec0c51465a3ef380efe and check as well?

Thank you so much!
Comment 29 Korrawit Pruegsanusak 2012-05-02 00:54:42 UTC
Created attachment 60880 [details]
stacktrace from blank.pptx, second round

(In reply to comment #28)
> 1. Can you revert only the first hunk from:
> http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=51c8c95b2864b49e7bcbd824eacedb5778a758c0

With my own build, master branch, at b2fdaed46509127ec3ac2fb87404bc1b51d77778 (Apr 20, 2012), and reverting only first hunk, it crashed opening a blank pptx file from comment 2.

> 2. (In the build which crashes) Can you build with 'make -sr debug=true'
>    the modules sfx2, oox and sd and tell me what is the exception and 
>    the trace, please?

Please see attachment. Hope I've done it correct :)
Get it from the build in number 1. (Partially reverted first hunk)
Anyway, it seems that it crashed at different function from comment 27.

> 3. Can you apply
> http://cgit.freedesktop.org/libreoffice/core/commit/?id=7125ba7909a07fb01e11fec0c51465a3ef380efe
> and check as well?

Applying on top of number 1., it doesn't help. It crashed opening same pptx.
Comment 30 Muthu 2012-05-03 00:34:51 UTC
Created attachment 60947 [details]
Patch.

@korrawit: One more help: Can you try this patch, please? Hope it solves the crash.

[Also, please try once by removing your .libreoffice config files]
Comment 31 Korrawit Pruegsanusak 2012-05-03 09:31:37 UTC
Created attachment 60977 [details]
screenshot of attachment 46857 [details], open in libo patched master vs 3.5.2

(In reply to comment #30)
> @korrawit: One more help: Can you try this patch, please?

With my own Windows build, master branch:
* at b2fdaed46509127ec3ac2fb87404bc1b51d77778 (Apr 20, 2012)
* reverting only first hunk of http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=51c8c95b2864b49e7bcbd824eacedb5778a758c0
* and your patch on top

Yes! :) It can open the following files without crash:
* attachment 46857 [details]
* attachment 58591 [details]
* empty document from <http://www.mediafire.com/?d61e28sm6ozk7d5>

But, the first file (46857) background looks incorrect, please see screenshot. From my little knowledge, your patch seems to touch FillProperties, which I don't know whether it's relating to the incorrect background rendered here ... I don't think it's good idea to push a patch which create new regression which is seen even before pushing (if my thought is right)

So, I think I will try to build on ubuntu, with and without your patch, to see whether it really cause incorrect background; OR it's unrelated at all, we should push your patch, mark this bug as fixed, and open new bug regarding incorrect background ?

I would like to here from you before I start spending ~days building on ubuntu.

Again, it's weird that the crash depends on build configuration (if my thought is right) ...

Thanks again :)
Comment 32 Korrawit Pruegsanusak 2012-05-03 09:46:40 UTC
A bit more testing result:
* master branch, same commit as before
* WITHOUT reverting the first hunk of Caolán commit
* your patch on top

Also works :) Same result as previous comment. Can open the files, and the background problem still a problem.
Comment 33 Muthu 2012-05-04 23:55:13 UTC
@Korrawit: I guess you forgot to attach the screenshot?
No, I didn't change the import as such. Btw, did you try clearing your libreoffice config files in your User's directory?

So, if this solves the crash problem for you, we should close this bug. If you have background formatting problem, you should open a new one. This bug is already tracking too many things and its not a good idea.
Comment 34 Not Assigned 2012-05-05 00:04:01 UTC
Muthu Subramanian committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=11713989b1580799635fff997b920d9bd4bf619f

fdo#48778: PPTX import crashes.
Comment 35 Korrawit Pruegsanusak 2012-05-05 00:28:11 UTC
(In reply to comment #33)
> @Korrawit: I guess you forgot to attach the screenshot?

I have attached the screenshot, please see comment 31, attachment 60977 [details].

> No, I didn't change the import as such. Btw, did you try clearing your
> libreoffice config files in your User's directory?

Yes, I did delete config files, but the result is same (still have a background problem)

> So, if this solves the crash problem for you, we should close this bug.

Thanks, mark as fixed :)
Lastly, will it be cherry-picked to -3-5 branch?
Comment 36 Not Assigned 2012-05-07 05:32:03 UTC
Muthu Subramanian committed a patch related to this issue.
It has been pushed to "libreoffice-3-5":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=009776a16410024a9437847af065d2160b434f30&g=libreoffice-3-5

fdo#48778: PPTX import crashes.


It will be available in LibreOffice 3.5.4.
Comment 37 Korrawit Pruegsanusak 2012-05-09 03:23:07 UTC
*** Bug 47844 has been marked as a duplicate of this bug. ***
Comment 38 Korrawit Pruegsanusak 2012-06-15 22:58:36 UTC
For a record: The root cause of this problem is fixed in bug 49806.