Created attachment 78374 [details] broken xml file for reproduce Version: 4.1.0.0.alpha0+ Build ID: 6536d0eb4f56e64c9b74b358642e3ee1e39353e TinderBox: Win-x86@6, Branch:master, Time: 2013-04-23_04:48:50 Steps to Reproduce: 1. Open new Spreadsheet 2. Data -> XML Source... 3. appear XML Source dialog 4. click a icon in Source file 5. appear OpenFile Dialog 6. Chose "crash.xml" and open Actual Results: Crash a LibreOffice(soffice.bin) Expected Results: No Crash.
Created attachment 78375 [details] crash dialog
"crash.xml" is attached "broken xml file for reproduce"
*** This bug has been marked as a duplicate of bug 61820 ***
It isn't a dup. It happens on master branch and bug 61820 ( https://bugs.freedesktop.org/show_bug.cgi?id=61820 ) is already fixed there.
I reproduced it on Ubunt Linux 12.10 32bit Version: 4.1.0.0.alpha0+ Build ID: 24500d6798007d84521eb24a81c121ebe69d3bf Error message: % ./solver/unxlngi6.pro/installation/opt/program/soffice soffice.bin: ../../include/orcus/sax_parser.hpp:288: void orcus::sax_parser<_Handler>::element_open(const char*) [with _Handler = orcus::sax_ns_parser<orcus::{anonymous}::xml_sax_handler>::handler_wrapper]: Assertion `is_alpha(cur_char())' failed. Stacktrace: Program received signal SIGABRT, Aborted. 0xb7fdd424 in __kernel_vsyscall () (gdb) bt #0 0xb7fdd424 in __kernel_vsyscall () #1 0xb7c751df in raise () from /lib/i386-linux-gnu/libc.so.6 #2 0xb7c78825 in abort () from /lib/i386-linux-gnu/libc.so.6 #3 0xb7c6e085 in ?? () from /lib/i386-linux-gnu/libc.so.6 #4 0xb7c6e137 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6 #5 0xa46ba911 in orcus::xml_structure_tree::parse(char const*, unsigned int) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/lib/libscfiltlo.so #6 0xa46a5feb in ScOrcusXMLContextImpl::loadXMLStructure(SvTreeListBox&, ScOrcusXMLTreeParam&) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/lib/libscfiltlo.so #7 0xab7ac608 in ScXMLSourceDlg::LoadSourceFileStructure(rtl::OUString const&) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/../program/libsclo.so #8 0xab7ac904 in ScXMLSourceDlg::SelectSourceFile() () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/../program/libsclo.so #9 0xab7ad719 in ScXMLSourceDlg::BtnPressedHdl(Button*) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/../program/libsclo.so #10 0xb6b980bc in Control::ImplCallEventListenersAndHandler(unsigned long, Link const&, void*) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #11 0xb6b88f7c in Button::Click() () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #12 0xb6b8d1bb in PushButton::Tracking(TrackingEvent const&) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #13 0xb6d8a46a in Window::EndTracking(unsigned short) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #14 0xb6da5c4a in ImplHandleMouseEvent(Window*, unsigned short, unsigned char, long, long, unsigned long, unsigned short, unsigned short) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #15 0xb6da76e1 in ImplHandleSalMouseButtonUp(Window*, SalMouseEvent*) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #16 0xb6da63a9 in ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void const*) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #17 0xb3680110 in SalFrame::CallCallback(unsigned short, void const*) const () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/lib/libvclplug_gtklo.so #18 0xb367c28e in GtkSalFrame::signalButton(_GtkWidget*, _GdkEventButton*, void*) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/lib/libvclplug_gtklo.so ---Type <return> to continue, or q <return> to quit--- #19 0xb32f9182 in ?? () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0 #20 0xb60a2826 in g_closure_invoke () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0 #21 0xb60b461f in ?? () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0 #22 0xb60bc473 in g_signal_emit_valist () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0 #23 0xb60bc8b3 in g_signal_emit () from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0 #24 0xb343193b in ?? () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0 #25 0xb32f7294 in gtk_propagate_event () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0 #26 0xb32f7628 in gtk_main_do_event () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0 #27 0xb316abe8 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0 #28 0xb5fdf9e3 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 #29 0xb5fdfd80 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #30 0xb5fdfe61 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0 #31 0xb366a5c4 in GtkData::Yield(bool, bool) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/lib/libvclplug_gtklo.so #32 0xb366ab43 in GtkInstance::Yield(bool, bool) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/lib/libvclplug_gtklo.so #33 0xb6b7e900 in ImplYield(bool, bool) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #34 0xb6b7c6ae in Application::Yield(bool) () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #35 0xb6b7c6df in Application::Execute() () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #36 0xb7f50abf in desktop::Desktop::Main() () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libsofficeapp.so #37 0xb6b8286f in ImplSVMain() () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #38 0xb6b8293a in SVMain() () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libvcllo.so #39 0xb7f6cd21 in soffice_main () from /home/i_mogi/tmp/libo/src/solver/unxlngi6.pro/installation/opt/program/libsofficeapp.so #40 0x080485dc in main ()
Oh, I see. My bad. I was a bit to fast over there! I can reproduce this crash using Linux Mint 14 x64 with LibreOffice Version: 4.1.0.0.alpha0+ Build ID: a5f675c3d3254f03da8fbf42028a9c6b048df63 Last commit included: commit a5f675c3d3254f03da8fbf42028a9c6b048df635 Date: Tue Apr 23 17:57:24 2013 +0200 Kind regards, Joren
Created attachment 78417 [details] Backtrace
I can reproduce this crash on Linux Mint 14 x64 with LibreOffice Version 4.0.2.2 (Build id: 4c82dcdd6efcd48b1d8bba66bfe1989deee49c3) too.
Created attachment 78619 [details] bt with symbols on master sources On pc Debian x86-64 with master sources updated today, I reproduced the crash. I attached bt which is different from the one already present.
Kohei/Markus/Eike: one for you?
Fixed upstream with http://gitorious.org/orcus/orcus/commit/ba43e43600660681c072941d9af350f7fe3c636b and will patch the internal orcus for 4-1 and 4-0.
Still reproducable on Libreoffice 4.1.2.3 ...but at least it was the first xml file I tried, that made xml source to react somehow.
Markus Mohrhard committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ece94ab98fd8564a5419ea370c0d1f0e6afe188a handle invalid xml files in orcus, fdo#63844 The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Markus Mohrhard committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=86815707be317b8b874b0c595bb586b15f7196d4&h=libreoffice-4-2 handle invalid xml files in orcus, fdo#63844 It will be available in LibreOffice 4.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Markus Mohrhard committed a patch related to this issue. It has been pushed to "libreoffice-4-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=cc6ce861fe67be93cb14c6c142fabeeffd1fdcd9&h=libreoffice-4-1 handle invalid xml files in orcus, fdo#63844 It will be available in LibreOffice 4.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Backported to 4.2 and 4.1. Let's call it fixed.