Bug 84686 - FILEOPEN: Can't Open .xls File. Fatal Error. Bad Allocation
Summary: FILEOPEN: Can't Open .xls File. Fatal Error. Bad Allocation
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
4.3.0.0.alpha0+ Master
Hardware: All All
: medium normal
Assignee: Andras Timar
URL:
Whiteboard: noRepro:4.2.6.3:windows7 confirmed:4....
Keywords: bibisected, regression
Depends on:
Blocks:
 
Reported: 2014-10-05 12:09 UTC by tommy27
Modified: 2015-12-17 08:36 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:

Attachments
valgrind log (3.96 KB, application/gzip)
2014-10-05 19:30 UTC, raal 		Details
Stack during bad allocation (4.89 KB, text/plain)
2014-10-05 22:39 UTC, V Stuart Foote 		Details
Stack during bad allocation, 2014-04-16 build (1.67 KB, text/plain)
2014-10-06 14:58 UTC, V Stuart Foote 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tommy27 2014-10-05 12:09:17 UTC 
found this bug loading attachment 107279 [details] from Bug 84640

tested under Win7x64 with LibO 4.3.0.4 and above including 4.4.0.0.alpha0+
Build ID: 268b9c10c9ff27c74678ace99762f28d58d33012
TinderBox: Win-x86@42, Branch:master, Time: 2014-10-02_23:35:24

in my computer LibO 4.2.6.2 and older release can open the file with no "bad allocation fatal error"

I add regression to keywords and set status to NEW since  another user reproduced it with Linux 4.3.3.0+ and 4.4.0.0.alpha0+

see comment here: https://bugs.freedesktop.org/show_bug.cgi?id=84640#c1
Comment 1 tommy27 2014-10-05 12:11:57 UTC 
@raal 
please retest with LibO 4.2.6.2 under Linux and tell me if the bug affects 4.2.x on Linux as well as in 4.3.x and 4.4.x

in my Win7x64 computer the 4.2.x branch is unaffected.
Comment 2 Markus Mohrhard 2014-10-05 12:20:43 UTC 
Bad alloc means out of memory.
Comment 3 tommy27 2014-10-05 13:01:20 UTC 
@Markus
can you open that file on your computer?
Comment 4 Markus Mohrhard 2014-10-05 13:02:53 UTC 
(In reply to tommy27 from comment #3)
> @Markus
> can you open that file on your computer?

I'm still on vacation until October, 20th and have no access to a computer before that point. I'm just commenting from a smartphone based on the error message.
Comment 5 MM 2014-10-05 14:42:42 UTC 
Doesn't work under linux, mint 16/17 x64 & ubuntu 14.04 x64 with v4.2.6.3 too.
Still std::bad alloc

When opening it with LO 3.3.4 and saving it to xls again, there's no problem with opening it with newer versions.

So for now, setting it to v4.2.6.3
Should we set the importance to critical or even blocker ?
Comment 6 raal 2014-10-05 19:30:37 UTC 
Created attachment 107376 [details]
valgrind log

Crash with LO 4.3.3, 4.4
Comment 7 V Stuart Foote 2014-10-05 19:40:07 UTC 
Bibisect results from windows installers on-hand. Setting version accordingly.

But, there are about 1500 commits in the range between 2014-03-24 and 2014-04-09 when the regression in import filter handling of XLS files occurs.

see cgit range 

http://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=aeab0183e86fe011d32058864c02b2de4da32dc9..20fb1bfc72e626251b435bcff2339e1e425c7130

If someone would care to refine it please do. Working on a back trace.

bibisect
-=OK=-these builds of LibreOffice master 4.3.0.0alpha0+ open the .XLS

Version: 4.3.0.0.alpha0+ (11/23/2013)
Build ID: e3b7e62b0dc34787f66c504230252b2c5edd18c3
TinderBox: Win-x86@39, Branch:master, Time: 2013-11-23_14:43:54

Version: 4.3.0.0.alpha0+
Build ID: d84ccb39b744457cd47125beb4291c84223d5219
TinderBox: Win-x86@39, Branch:master, Time: 2014-02-22_10:05:06

Version: 4.3.0.0.alpha0+
Build ID: aeab0183e86fe011d32058864c02b2de4da32dc9
TinderBox: Win-x86@39, Branch:master, Time: 2014-03-24_05:49:26


-=BAD=- the .XLS does not open --> fatal error bad_alloc=-

Version: 4.3.0.0.alpha0+
Build ID: 20fb1bfc72e626251b435bcff2339e1e425c7130
TinderBox: Win-x86@47-TDF, Branch:MASTER, Time: 2014-04-09_12:09:54

Version: 4.3.0.0.alpha1 (4/21/2014)
Build ID: 46cfcd5a05aa1d13fecd73f5a25b64b8d8dd6781

Version: 4.3.0.4 (7/26/2014)
Build ID: 62ad5818884a2fc2e5780dd45466868d41009ec0
Comment 8 V Stuart Foote 2014-10-05 22:39:35 UTC 
Created attachment 107383 [details]
Stack during bad allocation

Stack (ProcessMonitor on Windows 7 sp1, 64-bit) of LODev 4.3.0.0alpha0+ 2014-04-09 during bad allocation
Comment 9 tommy27 2014-10-06 05:17:11 UTC 
since Markus is on vacation I put Eike on CC list.
maybe he can take a look at this.
Comment 10 V Stuart Foote 2014-10-06 14:58:22 UTC 
Created attachment 107433 [details]
Stack during bad allocation, 2014-04-16 build

I've been unable to get a clean WinDbg stack trace.

But, here is another Stack (ProcessMonitor on Windows 7 sp1, 64-bit) for
Version: 4.3.0.0.alpha0+
Build ID: 087a79db1272858f107656c5ca3c6efb45680986
TinderBox: Win-x86@39, Branch:master, Time: 2014-04-16_01:43:37

Interesting item in the msfilterlo.dll!?GetDrawingGroupContainerData and its memory allocation

Continue to see the same memory allocation error through current buildss of master (4.4.0.0alpha0+).

Might the issue be work on msdffimp.hxx and/or msdffimp.cxx?
Comment 11 Andras Timar 2014-11-27 09:48:47 UTC 
The issue (bad allocation exception) is reproducible on 32-bit Linux, too.

In filter/source/msfilter/msdffimp.cxx in SvxMSDffManager::GetDrawingGroupContainerData() function the value of nLength becomes unrealistically high: 4066730684, and it is not possible to seek to this position in the stream. On 64-bit it is not fatal.

In older versions of LibreOffice the exception does not occur, but the pictures on sheet 2 are not loaded. So it would be better to fix parsing of OfficeArtDggContainer. Even xls-dump.py from mso-dumper cannot parse this part of the file, it says:

Error: reading 1063605644 bytes from position 116 would exceed the current size of 502937

Excel 2010 has no problem with the file, so I suspect that we need to fix LibreOffice and mso-dumper.
Comment 12 Commit Notification 2014-11-27 22:09:12 UTC 
Andras Timar committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=6945971c79d70d77c5c8bb6593b3f25ef46b0887

fdo#84686 prevent std::bad_alloc exception by stricter input check

It will be available in 4.5.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 13 Commit Notification 2014-11-27 22:39:42 UTC 
Andras Timar committed a patch related to this issue.
It has been pushed to "libreoffice-4-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=544ad733b8a97b62a68c7d0f60f13c8f699407dd&h=libreoffice-4-4

fdo#84686 prevent std::bad_alloc exception by stricter input check

It will be available in 4.4.0.0.beta2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 14 Commit Notification 2014-11-28 11:17:48 UTC 
Andras Timar committed a patch related to this issue.
It has been pushed to "libreoffice-4-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=a88078f6574057b7b54c25a8b0fc65bdb88dd2b1&h=libreoffice-4-3

fdo#84686 prevent std::bad_alloc exception by stricter input check

It will be available in 4.3.6.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 15 Robinson Tryon (qubit) 2015-12-17 08:36:56 UTC 
Migrating Whiteboard tags to Keywords: (bibisected)
[NinjaEdit]