86008 – FILEOPEN: Writer crash when try open attached .doc file

Bug 86008 - FILEOPEN: Writer crash when try open attached .doc file

Summary: FILEOPEN: Writer crash when try open attached .doc file

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	4.3.3.1 rc
Hardware:	All Linux (All)

Importance:	high major
Assignee:	Julien Nabet

URL:
Whiteboard:	target:4.4.0 target:4.3.5
Keywords:	haveBacktrace

Depends on:
Blocks:

Reported:	2014-11-07 15:33 UTC by Alexander
Modified:	2014-11-11 16:55 UTC (History)
CC List:	4 users (show)

See Also:
Crash report or crash signature:

Attachments
crash file (517.00 KB, application/msword) 2014-11-07 15:33 UTC, Alexander	Details
segfault back trace SWW8Implreader::StopApo (10.63 KB, text/plain) 2014-11-07 17:29 UTC, V Stuart Foote	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander 2014-11-07 15:33:50 UTC

Created attachment 109092 [details]
crash file

When try open attached file Writer crash. My OS: Debian GNU/Linux Sid.

Comment 1 V Stuart Foote 2014-11-07 17:29:22 UTC

Created attachment 109096 [details]
segfault back trace SWW8Implreader::StopApo

Confirmed, setting NEW.

Crashing in W8 filter with SIGSEGV, Segmentation fault.

0x00007f9f1d1e559a in SwWW8ImplReader::StopApo (this=0x2921f20)
    at /home/buildslave/source/libo-core/sw/source/filter/ww8/ww8par6.cxx:2513
2513	/home/buildslave/source/libo-core/sw/source/filter/ww8/ww8par6.cxx: No such file or directory.

BT attached.

Comment 2 V Stuart Foote 2014-11-07 17:37:40 UTC

@Lubos, Miklos one for you guys?

A 7 page Word document with several illustrations and a couple of tables.

Comment 3 Julien Nabet 2014-11-07 22:02:13 UTC

I could reproduce the crash with master sources updated today.

With this patch, no crash:
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 4ecf0d5..6f99566 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -2505,7 +2505,7 @@ void SwWW8ImplReader::StopApo()
         // function, the extension of the SW-fly has to be set
         // manually as the SW fly has no auto function to adjust the
         // frame´s size.
-        if( pSFlyPara->nNewNetWidth > MINFLY )    // BoxUpWidth ?
+        if( pSFlyPara->nNewNetWidth > MINFLY && pSFlyPara->pFlyFmt )    // BoxUpWidth ?
         {
             long nW = pSFlyPara->nNewNetWidth;
             nW += pSFlyPara->nWidth - pSFlyPara->nNetWidth;   // Rand dazu

Miklos: is it ok or am I just hiding the root cause of this crash?

Comment 4 Julien Nabet 2014-11-07 22:02:48 UTC

increase a bit the importance since there's a crash.

Comment 5 Commit Notification 2014-11-10 21:50:29 UTC

Julien Nabet committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=dd8f3000f00c360ef3553ace6dc58b036e775e0d

Resolves fdo#86008: fix a crash when open doc file

It will be available in 4.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.

Comment 6 Julien Nabet 2014-11-10 21:54:41 UTC

I pushed the patch because, as I indicated in the comment of the patch, I realized that the other blocks in this part of code, were doing the check I quoted in my previous comment.

Comment 7 Julien Nabet 2014-11-10 22:06:01 UTC

gerrit for 4.3: https://gerrit.libreoffice.org/12356

Comment 8 Julien Nabet 2014-11-11 16:55:05 UTC

The patch has been pushed for 4.3 branch (too late however for 4.3.4 but will be ok for 4.3.5).
Let's put this one to FIXED.