Bug 61000 - FILEOPEN: Incorrect argument to UNO call at NumberingManager.cxx:650 result in crash due to negative tab stop position
Summary: FILEOPEN: Incorrect argument to UNO call at NumberingManager.cxx:650 result i...
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
4.1.0.0.alpha0+ Master
Hardware: Other Linux (All)
: medium critical
Assignee: Michael Stahl (allotropia)
URL:
Whiteboard: BSA target:4.1.0 target:3.6.6 target:...
Keywords: regression
Depends on:
Blocks: 60789
  Show dependency treegraph
 
Reported: 2013-02-17 12:28 UTC by Jorendc
Modified: 2013-11-19 11:25 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:


Attachments
Terminal output (25.78 KB, text/plain)
2013-02-17 12:28 UTC, Jorendc
Details
backtrace log (31.34 KB, text/plain)
2013-02-17 12:32 UTC, Jorendc
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jorendc 2013-02-17 12:28:55 UTC
Created attachment 74976 [details]
Terminal output

Problem description: Opening the attachment of Bug 60789 result in following warning message:

soffice.bin: /home/joren/core/writerfilter/source/dmapper/NumberingManager.cxx:650: void writerfilter::dmapper::ListDef::CreateNumberingRules(writerfilter::dmapper::DomainMapper&, com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>): Assertion `!"Incorrect argument to UNO call"' failed.
Exited with code '134'

Steps to reproduce:
1. Download  Attachment 74750 [details] of Bug 60789
2. Open it from start center

Current behavior: 

soffice.bin: /home/joren/core/writerfilter/source/dmapper/NumberingManager.cxx:650: void writerfilter::dmapper::ListDef::CreateNumberingRules(writerfilter::dmapper::DomainMapper&, com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>): Assertion `!"Incorrect argument to UNO call"' failed.
Exited with code '134'

Expected behavior: opens file

              
Operating System: Linux (Other)
Version: 4.1.0.0.alpha0+ Master
Last worked in: 4.0.0.3 release
Comment 1 Jorendc 2013-02-17 12:32:18 UTC
Created attachment 74978 [details]
backtrace log
Comment 2 Jorendc 2013-02-17 12:34:08 UTC
Oh yes, forgot to say:

Reported with Linux Mint 14 x64 using LibreOffice Version 4.1.0.0.alpha0+ (Build ID: c16e9f4ed97f65357e9986f46ad88ee9f223799)
Comment 3 Arnaud Versini 2013-02-17 12:34:38 UTC
Confirmed on Ubuntu 13.04 with master
Comment 4 Jorendc 2013-02-17 12:36:55 UTC
@Stephan, Noel: Am I right this bug is introduced by one of the UNO convertions to the new style (Bug 46808)?

Kind regards,
Joren
Comment 5 Jorendc 2013-02-17 12:40:23 UTC
Following [1] I mark my own bug as 'Medium Critical'

[1] https://wiki.documentfoundation.org/images/0/06/Prioritizing_Bugs_Flowchart.jpg
Comment 6 Julien Nabet 2013-02-17 20:06:00 UTC
On pc Debian x86-64 with master sources updated today, I reproduced the problem with exactly the same error.

I'll just add these kinds of log before the error:
warn:legacy.osl:22259:1:oox/source/docprop/docprophandler.cxx:319: For now unexpected tags are ignored!
warn:writerfilter:22259:1:writerfilter/source/dmapper/DomainMapper_Impl.cxx:435: no context of type 1 available
Comment 7 Noel Grandin 2013-02-19 08:33:24 UTC
The (cleaned up) stacktrace for the exception looks like this:

#0  IllegalArgumentException::IllegalArgumentException at solver/unxlngx6/inc/udkapi/com/sun/star/lang/IllegalArgumentException.hpp:19
#1  SwXNumberingRules::SetNumberingRuleByIndex at sw/source/core/unocore/unosett.cxx:2137
#2  SwXNumberingRules::replaceByIndex at /home/noel/libo/sw/source/core/unocore/unosett.cxx:1244
#3  writerfilter::dmapper::ListDef::CreateNumberingRules at writerfilter/source/dmapper/NumberingManager.cxx:624
#4  writerfilter::dmapper::ListsManager::CreateNumberingRules at writerfilter/source/dmapper/NumberingManager.cxx:1039
#5  writerfilter::dmapper::DomainMapper::lcl_table at writerfilter/source/dmapper/DomainMapper.cxx:3662
#6  writerfilter::LoggedStream::table at writerfilter/source/resourcemodel/LoggedResources.cxx:225
#7  writerfilter::ooxml::OOXMLFastContextHandlerPropertyTable::lcl_endFastElement at writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:1544
#8  writerfilter::ooxml::OOXMLFastContextHandler::endFastElement at writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:221

It appears that the error condition comes from line 1878 in unosett.cxx 
i.e. the UNO_NAME_LISTTAB_STOP_POSITION case in the switch statement
where nValue == -540

That 540 number makes me think this has something to do with recent commits I've seen fiddling with twips stuff.

Unfortunately this is unrelated to my UNO conversion stuff, so I'm clueless.
Comment 8 Not Assigned 2013-02-28 13:11:04 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=dbb74ee9950dc706ea4fde3397a4c1d19b172fa9

fdo#61000: writerfilter: filter out unsupported list tab stops



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 9 Michael Stahl (allotropia) 2013-02-28 13:28:14 UTC
the document contains a negative list tab stop position "-540":

        <w:tabs>
          <w:tab w:val="num" w:pos="-540"/>
        </w:tabs>

but apparently Writer only supports non-negative tab stop positions.

fixed on master.
Comment 10 Not Assigned 2013-02-28 13:44:31 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-3-6":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d9fb9481994a9251ce714bfaa266072c654f646c&h=libreoffice-3-6

fdo#61000: writerfilter: filter out unsupported list tab stops


It will be available in LibreOffice 3.6.6.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 11 Not Assigned 2013-02-28 17:26:52 UTC
Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-4-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=0d6df6312d84e1ae2680af78538de94938f94605&h=libreoffice-4-0

fdo#61000: writerfilter: filter out unsupported list tab stops


It will be available in LibreOffice 4.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.