Bug 69394 - FILEOPEN CRASH: Segmentation fault & crash when opening pptx file
Summary: FILEOPEN CRASH: Segmentation fault & crash when opening pptx file
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Impress (show other bugs)
Version:
(earliest affected)
4.1.1.2 release
Hardware: Other All
: high major
Assignee: Katarina Behrens
URL:
Whiteboard: target:4.1.2
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-15 23:03 UTC by bugzilla
Modified: 2013-10-31 09:14 UTC (History)
0 users

See Also:
Crash report or crash signature:

Attachments
.pptx file that generates segmentation fault (1.51 MB, application/vnd.openxmlformats-officedocument.presentationml.presentation)
2013-09-15 23:03 UTC, bugzilla 		Details
gdb --backtrace log file (15.65 KB, text/plain)
2013-09-15 23:04 UTC, bugzilla 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description bugzilla 2013-09-15 23:03:47 UTC 
Created attachment 85881 [details]
.pptx file that generates segmentation fault

Problem description: 
When I open the attached file, Libreoffice (on 64-bit Arch Linux) crashes without error message. I used libreoffice --backtrace to create a log file:

warning: Currently logging to gdbtrace.log.  Turn the logging off and on to make the new setting effective.
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffe7d5a700 (LWP 12855)]
[New Thread 0x7fffe09d6700 (LWP 12856)]
[Thread 0x7fffe09d6700 (LWP 12856) exited]
[Thread 0x7fffe7d5a700 (LWP 12855) exited]
[Inferior 1 (process 12851) exited normally]
/usr/lib/libreoffice/program/gdbtrace:9: Error in sourced command file:
No stack.
Quit
quit
warning: Currently logging to gdbtrace.log.  Turn the logging off and on to make the new setting effective.
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffe7d5a700 (LWP 12883)]
[New Thread 0x7fffe09d6700 (LWP 12884)]
[New Thread 0x7fffdbfff700 (LWP 12885)]
[New Thread 0x7fffd887f700 (LWP 12886)]
[New Thread 0x7fffd3bb3700 (LWP 12887)]
[New Thread 0x7fffd3193700 (LWP 12890)]
[Thread 0x7fffd3193700 (LWP 12890) exited]
[Thread 0x7fffe09d6700 (LWP 12884) exited]
[New Thread 0x7fffe09d6700 (LWP 12892)]
[New Thread 0x7fffd3193700 (LWP 12893)]
[New Thread 0x7fffc49d6700 (LWP 12894)]
[Thread 0x7fffd3193700 (LWP 12893) exited]
[New Thread 0x7fffd3193700 (LWP 12895)]
[New Thread 0x7fffbbdd5700 (LWP 12896)]

Program received signal SIGSEGV, Segmentation fault.
0x00007fffc79db659 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#0  0x00007fffc79db659 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#1  0x00007fffc79de965 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#2  0x00007fffc5ae4db7 in ?? () from /usr/lib/libreoffice/program/../program/libfastsaxlo.so
#3  0x00007fffc77ce6ec in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#4  0x00007fffc77ce7f0 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#5  0x00007fffc77e841b in oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> const&) () from /usr/lib/libreoffice/program/../program/libooxlo.so
#6  0x00007fffc79cfe0a in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#7  0x00007fffc77d55f7 in oox::core::FilterBase::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib/libreoffice/program/../program/libooxlo.so
#8  0x00007fffc79d0dd9 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#9  0x00007ffff54025ba in SfxObjectShell::ImportFrom(SfxMedium&, bool) () from /usr/lib/libreoffice/program/libsfxlo.so
#10 0x00007fffc54daa06 in sd::DrawDocShell::ImportFrom(SfxMedium&, bool) () from /usr/lib/libreoffice/program/../program/libsdlo.so
#11 0x00007ffff540f8eb in SfxObjectShell::DoLoad(SfxMedium*) () from /usr/lib/libreoffice/program/libsfxlo.so
#12 0x00007ffff5436ac4 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib/libreoffice/program/libsfxlo.so
#13 0x00007ffff54bdb5d in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#14 0x00007fffda1ac22e in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#15 0x00007fffda1acb98 in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#16 0x00007fffda125eec in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#17 0x00007fffda126518 in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#18 0x00007ffff6493876 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib/libreoffice/program/libcomphelper.so
#19 0x00007ffff522963a in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#20 0x00007ffff54fb0e4 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#21 0x00007ffff54f46fe in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#22 0x00007ffff54f62d0 in SfxDispatcher::_Execute(SfxShell&, SfxSlot const&, SfxRequest&, unsigned short) () from /usr/lib/libreoffice/program/libsfxlo.so
#23 0x00007ffff54f6c37 in SfxDispatcher::Execute(unsigned short, unsigned short, unsigned short, SfxItemSet const&) () from /usr/lib/libreoffice/program/libsfxlo.so
#24 0x00007ffff54f6aa2 in SfxDispatcher::Execute(unsigned short, unsigned short, SfxItemSet const&) () from /usr/lib/libreoffice/program/libsfxlo.so
#25 0x00007ffff5228502 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#26 0x00007ffff54fb0e4 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#27 0x00007ffff54f46fe in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#28 0x00007ffff54f708d in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#29 0x00007ffff54f6f83 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#30 0x00007ffff546dd8a in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#31 0x00007ffff3690d6a in ?? () from /usr/lib/libreoffice/program/libvcllo.so
#32 0x00007ffff3697398 in SalGenericDisplay::DispatchInternalEvent() () from /usr/lib/libreoffice/program/libvcllo.so
#33 0x00007fffe70bd615 in SalX11Display::Yield() () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#34 0x00007fffe70bd435 in ?? () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#35 0x00007fffe70bcbf2 in SalXLib::Yield(bool, bool) () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#36 0x00007ffff33c34c4 in Application::Yield(bool) () from /usr/lib/libreoffice/program/libvcllo.so
#37 0x00007ffff33c3567 in Application::Execute() () from /usr/lib/libreoffice/program/libvcllo.so
#38 0x00007ffff793211c in ?? () from /usr/lib/libreoffice/program/libsofficeapp.so
#39 0x00007ffff33cb2d1 in ?? () from /usr/lib/libreoffice/program/libvcllo.so
#40 0x00007ffff33cb2f2 in SVMain() () from /usr/lib/libreoffice/program/libvcllo.so
#41 0x00007ffff795a955 in soffice_main () from /usr/lib/libreoffice/program/libsofficeapp.so
#42 0x000000000040073b in ?? ()
#43 0x00007ffff7585bc5 in __libc_start_main () from /usr/lib/libc.so.6
#44 0x0000000000400771 in ?? ()

Thread 12 (Thread 0x7fffbbdd5700 (LWP 12896)):
#0  0x00007ffff73523e8 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007ffff7bbbc6e in osl_waitCondition () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#2  0x00007fffda154808 in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#3  0x00007fffda13ef0a in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#4  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#5  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#6  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 11 (Thread 0x7fffd3193700 (LWP 12895)):
#0  0x00007ffff7649943 in recvfrom () from /usr/lib/libc.so.6
#1  0x00007fffc5722858 in ?? () from /usr/lib/libreoffice/program/../program/libsdlo.so
#2  0x00007fffc572255a in ?? () from /usr/lib/libreoffice/program/../program/libsdlo.so
#3  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#4  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 10 (Thread 0x7fffc49d6700 (LWP 12894)):
#0  0x00007ffff763ff5d in poll () from /usr/lib/libc.so.6
#1  0x00007fffeed9d084 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007fffeed9d18c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007fffc573156b in ?? () from /usr/lib/libreoffice/program/../program/libsdlo.so
#4  0x00007fffc572255a in ?? () from /usr/lib/libreoffice/program/../program/libsdlo.so
#5  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#6  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#7  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 8 (Thread 0x7fffe09d6700 (LWP 12892)):
#0  0x00007ffff73523e8 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007ffff7bbbc6e in osl_waitCondition () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#2  0x00007fffe0c16114 in ?? () from /usr/lib/libreoffice/program/../program/libconfigmgrlo.so
#3  0x00007ffff57ffe96 in salhelper::Thread::run() () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3
#4  0x00007ffff580006a in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3
#5  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#6  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#7  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 6 (Thread 0x7fffd3bb3700 (LWP 12887)):
#0  0x00007ffff763ff5d in poll () from /usr/lib/libc.so.6
#1  0x00007fffe70c6178 in ?? () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#2  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#3  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 5 (Thread 0x7fffd887f700 (LWP 12886)):
#0  0x00007ffff763ff5d in poll () from /usr/lib/libc.so.6
#1  0x00007fffe70e2299 in ?? () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#2  0x00007fffe70e24e6 in ?? () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#3  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#4  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 4 (Thread 0x7fffdbfff700 (LWP 12885)):
#0  0x00007ffff76496dd in accept () from /usr/lib/libc.so.6
#1  0x00007ffff7b98000 in osl_acceptPipe () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#2  0x00007ffff7957113 in ?? () from /usr/lib/libreoffice/program/libsofficeapp.so
#3  0x00007ffff57ffe96 in salhelper::Thread::run() () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3
#4  0x00007ffff580006a in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_salhelpergcc3.so.3
#5  0x00007ffff7b9d5a7 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#6  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#7  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 2 (Thread 0x7fffe7d5a700 (LWP 12883)):
#0  0x00007ffff73523e8 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007ffff7ba3f98 in ?? () from /usr/lib/libreoffice/program/../ure-link/lib/libuno_sal.so.3
#2  0x00007ffff734e0a2 in start_thread () from /usr/lib/libpthread.so.0
#3  0x00007ffff7648a2d in clone () from /usr/lib/libc.so.6

Thread 1 (Thread 0x7ffff7fa8740 (LWP 12879)):
#0  0x00007fffc79db659 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#1  0x00007fffc79de965 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#2  0x00007fffc5ae4db7 in ?? () from /usr/lib/libreoffice/program/../program/libfastsaxlo.so
#3  0x00007fffc77ce6ec in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#4  0x00007fffc77ce7f0 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#5  0x00007fffc77e841b in oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> const&) () from /usr/lib/libreoffice/program/../program/libooxlo.so
#6  0x00007fffc79cfe0a in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#7  0x00007fffc77d55f7 in oox::core::FilterBase::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib/libreoffice/program/../program/libooxlo.so
#8  0x00007fffc79d0dd9 in ?? () from /usr/lib/libreoffice/program/../program/libooxlo.so
#9  0x00007ffff54025ba in SfxObjectShell::ImportFrom(SfxMedium&, bool) () from /usr/lib/libreoffice/program/libsfxlo.so
#10 0x00007fffc54daa06 in sd::DrawDocShell::ImportFrom(SfxMedium&, bool) () from /usr/lib/libreoffice/program/../program/libsdlo.so
#11 0x00007ffff540f8eb in SfxObjectShell::DoLoad(SfxMedium*) () from /usr/lib/libreoffice/program/libsfxlo.so
#12 0x00007ffff5436ac4 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib/libreoffice/program/libsfxlo.so
#13 0x00007ffff54bdb5d in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#14 0x00007fffda1ac22e in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#15 0x00007fffda1acb98 in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#16 0x00007fffda125eec in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#17 0x00007fffda126518 in ?? () from /usr/lib/libreoffice/program/../program/libfwklo.so
#18 0x00007ffff6493876 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib/libreoffice/program/libcomphelper.so
#19 0x00007ffff522963a in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#20 0x00007ffff54fb0e4 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#21 0x00007ffff54f46fe in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#22 0x00007ffff54f62d0 in SfxDispatcher::_Execute(SfxShell&, SfxSlot const&, SfxRequest&, unsigned short) () from /usr/lib/libreoffice/program/libsfxlo.so
#23 0x00007ffff54f6c37 in SfxDispatcher::Execute(unsigned short, unsigned short, unsigned short, SfxItemSet const&) () from /usr/lib/libreoffice/program/libsfxlo.so
#24 0x00007ffff54f6aa2 in SfxDispatcher::Execute(unsigned short, unsigned short, SfxItemSet const&) () from /usr/lib/libreoffice/program/libsfxlo.so
#25 0x00007ffff5228502 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#26 0x00007ffff54fb0e4 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#27 0x00007ffff54f46fe in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#28 0x00007ffff54f708d in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#29 0x00007ffff54f6f83 in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#30 0x00007ffff546dd8a in ?? () from /usr/lib/libreoffice/program/libsfxlo.so
#31 0x00007ffff3690d6a in ?? () from /usr/lib/libreoffice/program/libvcllo.so
#32 0x00007ffff3697398 in SalGenericDisplay::DispatchInternalEvent() () from /usr/lib/libreoffice/program/libvcllo.so
#33 0x00007fffe70bd615 in SalX11Display::Yield() () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#34 0x00007fffe70bd435 in ?? () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#35 0x00007fffe70bcbf2 in SalXLib::Yield(bool, bool) () from /usr/lib/libreoffice/program/libvclplug_genlo.so
#36 0x00007ffff33c34c4 in Application::Yield(bool) () from /usr/lib/libreoffice/program/libvcllo.so
#37 0x00007ffff33c3567 in Application::Execute() () from /usr/lib/libreoffice/program/libvcllo.so
#38 0x00007ffff793211c in ?? () from /usr/lib/libreoffice/program/libsofficeapp.so
#39 0x00007ffff33cb2d1 in ?? () from /usr/lib/libreoffice/program/libvcllo.so
#40 0x00007ffff33cb2f2 in SVMain() () from /usr/lib/libreoffice/program/libvcllo.so
#41 0x00007ffff795a955 in soffice_main () from /usr/lib/libreoffice/program/libsofficeapp.so
#42 0x000000000040073b in ?? ()
#43 0x00007ffff7585bc5 in __libc_start_main () from /usr/lib/libc.so.6
#44 0x0000000000400771 in ?? ()
A debugging session is active.

	Inferior 1 [process 12879] will be killed.

Quit anyway? (y or n) [answered Y; input not from terminal]

Operating System: Linux (Other)
Version: 4.1.1.2 release
Comment 1 bugzilla 2013-09-15 23:04:33 UTC 
Created attachment 85882 [details]
gdb --backtrace log file