Start of the SOffice is possible, when you start Draw/Impress in the one situation the Main-Windows appears and close immediately, or the application is not show.
Hello Juergen, Thank you for submitting the bug. Can you please confirm that the bug is available in one of the currently supported version (4.3.7 or 4.4.2).
Found the problem is in the master, and i fixed only in the master The problem is in http://opengrok.libreoffice.org/xref/core/sd/source/ui/remotecontrol/BluetoothServer.cxx#1347 SOCKADDR aName; -> that has a size of 0x10 int aNameSize = sizeof(aAddr); -> that has a size of 0x1e getsockname( aSocket, &aName, &aNameSize ); -> use the buffer with sizeof 0x10 The size of aAddr is 0x0E graeter then of aName, and that leads to stack-overflow.
We got this crash with the munich's custom build LibreOffice 4.1.6 only on some particular notebooks: Lenovo Thinkpad T540p and on one Fujitsu Notebook. Jürgen already discovered, that if the release version is compiled with MSVC option /GS (Buffer security check) - which is usually the case -, the stack is checked regularly by a method _EH_epilog3_GS and this method raises an Exception if the stack is corrupt. The crash does not occur with the dgbutil-version - we assume that in this case the orders of variables on the stack is just slighly different, so that there is still something wrong, but not detected by the above check. From my POV the current code is obviously wrong and this is also the case for the current libreoffice master. We already tried a current master nightly build version (http://dev-builds.libreoffice.org/daily/master/Win-x86@39/2015-04-28_00.20.10/master~2015-04-28_00.20.10_LibreOfficeDev_5.0.0.0.alpha1_Win_x86.msi) but could not reproduce the crash on the above mentioned Lenovo Thinkpad T540p. We assume that it works just by incident.
The same code is used in 4.3.7 and 4.4.3, so the fix should be backported to these versions from my pov.
Juergen Funk committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=84c73c983577e33dda266bbfcdd89b9e1202906b Fix tdf#90911 wrong parameter size on getsockname It will be available in 5.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
This cant be backported to 4.3 as it is EOL.
Cherry-picked the patch in libreoffice-4-4
Juergen Funk committed a patch related to this issue. It has been pushed to "libreoffice-4-4": http://cgit.freedesktop.org/libreoffice/core/commit/?id=e88dde1f6e9198d4ed4b62f80c27bdc8b7ab88dd&h=libreoffice-4-4 Fix tdf#90911 wrong parameter size on getsockname It will be available in 4.4.4. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.