Created attachment 64024 [details] Crash document I can not open this RTF document. I tested it on: 1 - openSUSE 12.1 LibreOffice 3.5:build-392 - Crash when open 2 - Windows 7 - LibreOffice 3.5.4 - I\O error when open 3 - Windows XP - LibreOffice 3.6 Beta2 - I\O error when open
Created attachment 64049 [details] bt + console msgs on master On pc Debian x86-64, with master sources updated today, I reproduced the problem. See attached bt + console logs.
Also REPRODUCIBLE with LibreOffice 3.6.0.1 (Build ID: 73f9fb6), German langpack installed, on MacOS X 10.6.8 (Intel). Will attach MacOS X log file created for the crash. Change version according to original description (Version should always contain the FIRST version in which the bug is known to exist). Increase severity at least a bit, even if the Importance picker is more or less ignored. Adjusted summary. @Miklós: This is another interesting RTF import bug. I don't know if the problem is limited to the sample file, but the sample file is at least not completely corrupt -- Apple's TextEdit (a simple RTF editor) can open the file without problems, so we should be able to handle it, too. Therefore, please have a look at this issue. Thank you very much in advance!
Created attachment 64357 [details] MacOS X log file for crash with bug 51916
Taking a look at the console messages in Julien Nabet's bt + console logs, it seems probable that there is a problem with the tables and border lines in this file (almost all of the document consists of tables). Therefore I add "TABLES" to the summary. Here is a translation of the German sentences in the console messages (hope it helps the people who do not speak German ;-): * "Boxen der Line zu klein/gross" = "Line's Boxes are too small or too large" * "in welcher Tabelle steht denn die Box?" = "In which table is the box?" @Michael Stahl: I add you address to the CC list of this bug report, because AFAIK you are our border and lines expert for Writer, and the messages in the console log attached to this bug report seem to indicate that there is a problem with table borders and lines ... Please take a look at this issue. Thank you very much in advance!
Created attachment 65256 [details] bt + console msgs on master On pc Debian x86-64, with master sources updated today, I reproduced the problem. Now the problem is in a different place. Code is quite strange here: 3392 // extract name 3393 int nLength = aStr.toChar(); 3394 aStr = aStr.copy(1); 3395 OString aName = aStr.copy(0, nLength); 3396 aStr = aStr.copy(nLength+1); // zero-terminated string 3397 // extract default text 3398 nLength = aStr.toChar(); 3399 aStr = aStr.copy(1); 3400 OString aDefaultText = aStr.copy(0, nLength); + "decode hex dump" part just before
There are two different issues where, first the bugdoc is a bit more complex document with nested tables, something that isn't handled properly by the importer. I'm afraid I have no easy fix for that till table import is reworked to avoid using buffers, which will take time. A quick fix is to not support nested tables when table styles are involved. The \datafield issue is independent, the case when the length is negative is not handled, should be easy to fix. I'll came up with a patch for both in a bit.
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=7a7d77f97b61ae7f602ed403ecfbbcdb03a06c00 fdo#51916 don't try to support nested tables having table styles for now The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=7006ef460bb68d27a74381fab7b8826b786b31c6 fdo#51916 testcase The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=008275d56f9ac5248f0e94f606671b4c1993ca20 fdo#51916 out of bounds substring access The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
4-0 review: https://gerrit.libreoffice.org/3199
Miklos Vajna committed a patch related to this issue. It has been pushed to "libreoffice-4-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=dea93b72779747f7a10ecd9681232eb0f0de5d03&h=libreoffice-4-0 fdo#51916 don't try to support nested tables having table styles for now It will be available in LibreOffice 4.0.3. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.