Created attachment 110274 [details] .doc file that makes writer hang when opening it Hello, libreoffice writer hangs forever at 100% CPU trying to open the .doc file attached to this bug report. This is reproduced every time on my libreoffice 1:4.3.3-1 on Debian Testing, and by a number of friends with unspecified operating systems and versions of libreoffice. Regards, Enrico
that .doc file freezes LibO 4.5.0.0 alpha and 4.3.3.2 as well however it freezes MS Word Viewer too. so the question is, are you sure that it's a valid document? does MS Word open it with no problems?
I have no access to any version of Microsoft Word; I used http://convertonlinefree.com/ to convert it to PDF and it worked. Regardless of what Microsoft Word does, I would wish LibreOffice not to freeze on it, but either to open it or to declare it an invalid or corrupted document.
I converted it to pdf aswell but all I see in the output is a bunch of xxxx xxxx xxx xxx xxx (was that an anonymized content file?) what we need is a screenshot of that .doc file how it should really look if opened correctly by any software
Created attachment 110284 [details] PDF output from online .doc to .pdf converter please compare your output with mine and tell if you see the same things
Created attachment 110286 [details] MS word issuing a warning before opening the file The translation is: Security alert - Validation of Office file Warning: Office file validation found a problem while trying to open the file. This operation may put your computer at risk and allow a malicious user to take control of your computer. - Ask the sender to save and send the file again, and make sure, in person or over the phone, that they actually performed those operations. [further actions] - Protect your computer using these tools. [safer options]
Created attachment 110287 [details] MS Word opening the file after a while After issuing the warning, MS Word actually managed to open the file, although I'm told "it took a long time". This is the screnshot that came out.
Created attachment 110288 [details] Word complaining that the document grew too much The file once opened in MS Word shows the xxx anonymized text and some blank pages. The total page count increases as the document is scrolled down through an infinite sequence of blank pages. At some point Word gives up and shows this error message: "Exceeded the maximum number of pages supported by Microsoft Office Word"
I confirm that the PDF that I got has the same content. The content is full of 'x' after I used a hex editor to overwrite all the text I could find with 'x'. In the meantime, I managed to find a friend with MS Word who took a few screenshots: I've attached them, with comments and translation of the Italian messages.
ok, thanks. it seems a "problematic" file even in MS Word. do you know eho created such a file and with which program? anyway status --> NEW let's see what a Writed expert developer thinks about it.
Unfortunately I don't know the person who created it; the friend who received it understood that it has been created with MS Word, somehow copypasting some powerpoint slides into it. > let's see what a Writed expert developer thinks about it. Thanks!
I'm not sure whether this bug should stay open. DOC is not valid, it hangs Office 2010. Still LO should not hang. SYMBOL_NAME: swlo!std::_Move<SwTextAttr * &>+6 FOLLOWUP_NAME: MachineOwner MODULE_NAME: swlo IMAGE_NAME: swlo.dll DEBUG_FLR_IMAGE_TIMESTAMP: 56f69ed9 STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~0s; .ecxr ; kb FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_swlo.dll!std::_Move_SwTextAttr_*___ BUCKET_ID: APPLICATION_FAULT_STATUS_BREAKPOINT_swlo!std::_Move_SwTextAttr_*___+6 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_swlo.dll!std::_move_swtextattr_*___ FAILURE_ID_HASH: {de62de0d-0802-0c61-1bb9-c58b8651555b}
** Please read this message in its entirety before responding ** To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
still repro with Version: 6.0.0.0.beta2 (x64) Build ID: 13edaaa12f25de343fce136064e27da66c1c4fa4 CPU threads: 2; OS: Windows 6.1; UI render: default; Locale: ru-RU (ru_RU); Calc: group threaded
Hello. I tried to open the document with libreoffice-writer 1:6.1.3-1 from Debian Buster by just running 'lowriter crash.doc', and it still hangs on startup. I am not a libreoffice developer, and I'm not able to do more than that. Any libreoffice developer can do that in seconds on their system, by the way. I am quite miffed that this bug is still open, that it is still a bug, that 4 years later I am still asked to try and reproduce it, that there was even argument on whether this was a valid bug. To summarise the current situation, here's a document, found in the wild, that reproducibly hangs on startup any version of libreoffice writer from the last 4 years. Enrico
On pc Debian x86-64 with master sources updated some days ago, there's a nonending loop here: #13 0x00007fffda16dc79 in SwWW8ImplReader::ReadChar(long, long) (this=0x55555ac8d980, nPosCp=3370, nCpOfs=0) at /home/julien/lo/libreoffice/sw/source/filter/ww8/ww8par.cxx:3558 #14 0x00007fffda16d772 in SwWW8ImplReader::ReadChars(int&, int, long, long) (this=0x55555ac8d980, rPos=@0x7ffffffef3c0: 3370, nNextAttr=123763, nTextEnd=124060, nCpOfs=0) at /home/julien/lo/libreoffice/sw/source/filter/ww8/ww8par.cxx:3475
The pb is here precisely https://opengrok.libreoffice.org/xref/core/sw/source/filter/ww8/ww8par.cxx?r=30c0134c#3102 3101 sal_Int32 nL2; 3102 for (nL2 = 0; nL2 < nStrLen; ++nL2) 3103 { ... 3118 3119 if ((32 > nUCode) || (0xa0 == nUCode)) 3120 { 3121 m_pStrm->SeekRel( m_bIsUnicode ? -2 : -1 ); 3122 break; // Special character < 32, == 0xa0 found 3123 } 3124 We enter at nL2 = 0, we enter in "if" condition because of something wrong in the file. So we go backward in the file with call to m_pStrm->SeekRel with negative value.
I submitted a patch to review here: https://gerrit.libreoffice.org/#/c/67794/ Hope it's ok, at least, I could open the doc.
MSO 2016 opens in Protected View because it detected problem but also hangs on editing.
The patch makes the QA tests fail and I don’t know why. I gave up the patch
Dear Enrico Zini, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Dear Enrico Zini, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
I can still reproduce the issue with the version of Libreoffice in Debian Bookworm, and I have no access to newer versions: Version: 7.4.7.2 / LibreOffice Community Build ID: 40(Build:2) CPU threads: 4; OS: Linux 6.1; UI render: default; VCL: gtk3 Locale: en-IE (en_IE.UTF-8); UI: en-US Debian package version: 4:7.4.7-1+deb12u4 Calc: threaded Reproducing this issue is trivial: run lowriter crash.doc Even if the .doc file is invalid, libreoffice should refuse to open it instead of entering an infinite busy-loop. This could potentially be remotely exploited for DoS attacks for sites that use libreoffice as a backend for conversion of user-provided documents, as it can be reproduced with: loffice --headless --convert-to txt:Text crash.doc I am not however knowledgeable enough of the triaging process to make this an issue of major importance. It's becoming rather frustrating to revalidate this issue, trivially reproducible after 10 years, while the bot regularly attempts to close it.