63168 – FILEOPEN: crash when reading a certain docx

Bug 63168 - FILEOPEN: crash when reading a certain docx

Summary: FILEOPEN: crash when reading a certain docx

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	4.0.2.1 rc
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	high major
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-05 13:42 UTC by sander
Modified:	2013-11-09 20:25 UTC (History)
CC List:	4 users (show)

See Also:
Crash report or crash signature:

Attachments
File that causes the crash (21.51 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document) 2013-04-05 13:42 UTC, sander	Details
The gdb backtrace (21.98 KB, text/x-log) 2013-04-05 13:42 UTC, sander	Details
console + bt with symbols on master sources (21.18 KB, text/plain) 2013-04-05 21:59 UTC, Julien Nabet	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description sander 2013-04-05 13:42:24 UTC

Created attachment 77485 [details]
File that causes the crash

LibreOffice crashes when opening a certain docx file.

I start LO from the command line with the file as the argument. The splash screen appears briefly, and then the program terminates.

I'll attach the file and a gdb backtrace.

This is with version 4.0.2~rc2-2 from today's Debian experimental.

Comment 1 sander 2013-04-05 13:42:55 UTC

Created attachment 77486 [details]
The gdb backtrace

Comment 2 Julien Nabet 2013-04-05 21:52:41 UTC

Comment on attachment 77485 [details]
File that causes the crash

Mimetype fixed

Comment 3 Julien Nabet 2013-04-05 21:59:18 UTC

Created attachment 77500 [details]
console + bt with symbols on master sources

On pc Debian (testing updated today) x86-64 with master sources updated today, I reproduced the crash.

I attached the bt (the same as reporter's + few details) + console logs

Comment 4 Julien Nabet 2013-04-05 22:00:22 UTC

Cédric/Michael: one for you?

Comment 5 Julien Nabet 2013-04-05 22:06:27 UTC

After having searched in git history of sw/source/core/unocore/unotext.cxx, I found this commit: d0cde9640b52ccfbb28ed1f65bba0927afd7b69b
(2013/02/20), Cédric definitely for you? :-P

Comment 6 Julien Nabet 2013-04-05 22:13:23 UTC

Adding some traces, "pEndStartTableNode" is NULL after line 1628

diff --git a/sw/source/core/unocore/unotext.cxx b/sw/source/core/unocore/unotext.cxx
index 8d3b8c9..c3ffd05 100644
--- a/sw/source/core/unocore/unotext.cxx
+++ b/sw/source/core/unocore/unotext.cxx
@@ -1626,7 +1626,7 @@ throw (lang::IllegalArgumentException, uno::RuntimeException)
             SwTableNode * pStartTableNode(pStartStartNode->FindTableNode());
             // Is it the same table start node than the end?
             SwTableNode *const pEndStartTableNode(pEndStartNode->FindTableNode());
-            while (pEndStartTableNode->GetIndex() < pStartTableNode->GetIndex())
+            while (pEndStartTableNode && (pEndStartTableNode->GetIndex() < pStartTableNode->GetIndex()))
             {
                 SwStartNode* pStartStartTableNode = pStartTableNode->StartOfSectionNode();
                 pStartTableNode = pStartStartTableNode->FindTableNode();

prevents from the crash but perhaps it should need more things.
Anyway, if you think I can push this patch on master, just tell me.

Comment 7 Owen Genat (retired) 2013-11-09 10:47:10 UTC

LO v4.1.3.2 Build ID: 70feb7d99726f064edab4605a8ab840c50ec57a under GNU/Linux Crunchbang 11 opens the attachment in the description without crashing.

Comment 8 Julien Nabet 2013-11-09 14:17:55 UTC

Thank you Owen for your feedback.
On pc Debian x86-64 with 4.1 sources updated 1 week ago, I don't reproduce this anymore.
I put it as WFM.
ssander: if you still reproduce this with 4.1.3 version, don't hesitate to reopen this tracker.

Comment 9 sander 2013-11-09 20:25:05 UTC

I confirm that it works now.  Thank you very much!