Bug 92993 - FILEOPEN: access violation on particular .docx
Summary: FILEOPEN: access violation on particular .docx
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
4.5.0.0.alpha0+ Master
Hardware: x86-64 (AMD64) Windows (All)
: medium normal
Assignee: Caolán McNamara
URL:
Whiteboard: target:5.1.0 target:5.0.4
Keywords: bibisectRequest, regression
: 94809 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-07-29 04:30 UTC by Kirill
Modified: 2016-10-25 19:20 UTC (History)
8 users (show)

See Also:
Crash report or crash signature:

Attachments
File (656.07 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document)
2015-07-29 04:30 UTC, Kirill 		Details
windbg log file (11.11 KB, text/plain)
2015-08-01 15:48 UTC, Terrence Enger 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kirill 2015-07-29 04:30:56 UTC 
Created attachment 117510 [details]
File

LibreOffice_5.0.0.4_Win_x86 RU
Crash when open file
MS Word 2007-2013 - all ok
If ReSave in MS Word - all ok
PS Sorry for my English
Comment 1 tommy27 2015-07-29 05:34:33 UTC 
tested under Win8.1 x64
no crash with LibO 4.4.5.1
crash with LibO 5.0.0.4 RC and 5.1.0.0.alpha1+
Build ID: 8cfdd81b70ef37927b40497ffd10034f28335034
TinderBox: Win-x86@39, Branch:master, Time: 2015-07-24_02:47:18

status NEW. regression.
Comment 2 MM 2015-07-30 21:31:13 UTC 
No crash with v5.0.0.4 under mint 17.2 x64. Windows only ?
Comment 3 Kirill 2015-07-31 11:54:27 UTC 
LO 5.0.0.4 ID cf112dc905650fb985306a7a03d2fe3fcc6c978f ru_RU
Win7, Win8.1, Win10 (all x64, all Ru)
Crash when open file
Comment 4 Terrence Enger 2015-08-01 15:48:07 UTC 
Created attachment 117582 [details]
windbg log file

Access violation is at line 94.

LibreOffice is
    Version: 5.1.0.0.alpha1+
    Build ID: 902255645328efde34ddf62227c8278e8dd61ff0
    TinderBox: Win-x86@39, Branch:master, Time: 2015-07-30_03:52:07
    Locale: en-CA (en_CA)
Comment 5 Terrence Enger 2015-08-01 15:49:30 UTC 
Changing summary from 
    FILEOPEN: LibO crashes loading .docx
to
    FILEOPEN: access violation on particular .docx

Within bibisect-win32-5.0 repository, both oldest and latest versions
terminate with message
    Unknown SEH Exception
I conclude that bibisect will have to wait for an extension of the
Windows bibisect repository.
Comment 6 Julien Nabet 2015-08-02 10:26:19 UTC 
Just for the record, on pc Debian x86-64 with master sources updated yesterday, I don't reproduce this.
So it seems indeed Windows only.
Comment 7 Kirill 2015-08-03 07:19:26 UTC 
5.0.0.5 ID 1b1a90865e348b492231e1c451437d7a15bb262b ru_RU
W8.1 x64 - Crash
Comment 8 tommy27 2015-08-10 13:18:40 UTC 
thanks for update of the bug status on the latest release, however I have to tell you that you should not change the "version" field to the latest release you see the bug but you have always to indicate the earliest release you saw it for the first time.

so reverting it.
Comment 9 Kirill 2015-08-13 11:02:56 UTC 
5.0.1.1 ID 13f702ca819ea5b9f8605782c852d5bb513b3891 ru_RU Win8.1 Crash
Comment 10 Julien Nabet 2015-08-13 11:10:24 UTC 
perhaps a code pointer according to the Terrence's bt:
http://opengrok.libreoffice.org/xref/core/vcl/source/gdi/sallayout.cxx#1688

Caolan: thought you might be interested in this one since it's vcl part + this docx could be in crash test (I don't know if crash tests are also runned on Win envs)
Comment 11 raal 2015-09-23 09:29:13 UTC 
bibisect-win32-5.0, oldest version in this crashes too, so bug is younger
git checkout oldest: Version: 4.5.0.0.alpha0+
Build ID: 57d6b92b69a31260dea0d84fcd1fc5866ada7adb
Comment 12 Caolán McNamara 2015-09-28 11:56:54 UTC 
The document is crashing on glyph fallback. The exact route taken for glyph fallback depends on the fonts installed. So this is probably more "depends on the exact fonts installed" than "windows only".

We can tell from the bt that the value of "nActiveCharPos - mnMinCharPos" appears to be out of bounds for vRtl but we don't have the values of those to know why its out of bounds.

There's enough information there though to bodge a fix, at least for the immediate crashing line, to bounds check the input to vRtl though.
Comment 13 Commit Notification 2015-10-02 10:39:40 UTC 
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ae850353151cd6a79f7b4a012d0a411013c841a4

Resolves: tdf#92993 access violation on particular .docx on glyph layout

It will be available in 5.1.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 14 Caolán McNamara 2015-10-02 10:43:38 UTC 
https://gerrit.libreoffice.org/#/c/19095/ 5-0-X backport for review
Comment 15 Commit Notification 2015-10-08 07:33:20 UTC 
Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-5-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=92eed31707e655e484e263fee2b0c0ae93d73748&h=libreoffice-5-0

Resolves: tdf#92993 access violation on particular .docx on glyph layout

It will be available in 5.0.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 16 Caolán McNamara 2015-10-08 14:41:38 UTC 
*** Bug 94809 has been marked as a duplicate of this bug. ***
Comment 17 Robinson Tryon (qubit) 2015-12-17 10:29:50 UTC Comment hidden (obsolete)