Opening a .odg file, launches draw, i see the image for a moment and then it crashes. The file is from 2012 I can send the file, dont want to publish it in public. LibreOffice Version: 5.0.3.2 Build ID: 1:5.0.3~rc2-0ubuntu1~trusty
send it to me (barta@quipo.it) did it ever worked with previous LibO releases? which is your exact Linux distro?
I opend the document from the command line , got a "Application crashed" then opend it with the flag --norestore Got the traceback below. $ /usr/bin/libreoffice --norestore CloverNexus-20121126-Diagram.odg Application Error Fatal exception: Signal 6 Stack: /usr/lib/libreoffice/program/libuno_sal.so.3(+0x37bcd)[0x7f750dcd2bcd] /usr/lib/libreoffice/program/libuno_sal.so.3(+0x37f17)[0x7f750dcd2f17] /usr/lib/libreoffice/program/libuno_sal.so.3(+0x38008)[0x7f750dcd3008] /lib/x86_64-linux-gnu/libc.so.6(+0x36d40)[0x7f750d90cd40] /lib/x86_64-linux-gnu/libc.so.6(gsignal+0x39)[0x7f750d90ccc9] /lib/x86_64-linux-gnu/libc.so.6(abort+0x148)[0x7f750d9100d8] /usr/lib/libreoffice/program/libmergedlo.so(+0x2a8cd3f)[0x7f751097cd3f] /usr/lib/libreoffice/program/libmergedlo.so(_ZN11Application5AbortERKN3rtl8OUStringE+0x8a)[0x7f75108d880a] /usr/lib/libreoffice/program/libmergedlo.so(+0x1b6da5c)[0x7f750fa5da5c] /usr/lib/libreoffice/program/libmergedlo.so(+0x29ecde7)[0x7f75108dcde7] /usr/lib/libreoffice/program/libuno_sal.so.3(+0x37fb2)[0x7f750dcd2fb2] /lib/x86_64-linux-gnu/libc.so.6(+0x36d40)[0x7f750d90cd40] /usr/lib/libreoffice/program/libmergedlo.so(+0x2896d95)[0x7f7510786d95] /usr/lib/libreoffice/program/libmergedlo.so(+0x2897418)[0x7f7510787418] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12OutputDevice16DrawDeviceBitmapERK5PointRK4SizeS2_S5_R8BitmapEx+0x2c7)[0x7f75107880e7] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12OutputDevice12DrawBitmapExERK5PointRK4SizeS2_S5_RK8BitmapEx14MetaActionType+0x241)[0x7f7510787881] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12OutputDevice12DrawBitmapExERK5PointRK4SizeRK8BitmapEx+0x93)[0x7f7510787ca3] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12OutputDevice23DrawTransformedBitmapExERKN7basegfx12B2DHomMatrixERK8BitmapEx+0x6f9)[0x7f7510788b99] /usr/lib/libreoffice/program/libmergedlo.so(+0x1272832)[0x7f750f162832] /usr/lib/libreoffice/program/libmergedlo.so(+0x1270e7b)[0x7f750f160e7b] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor2d15BaseProcessor2D7processERKN3com3sun4star3uno8SequenceINS5_9ReferenceINS4_7graphic12XPrimitive2DEEEEE+0x83)[0x7f750f152023] /usr/lib/libreoffice/program/libmergedlo.so(+0x127149b)[0x7f750f16149b] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor2d15BaseProcessor2D7processERKN3com3sun4star3uno8SequenceINS5_9ReferenceINS4_7graphic12XPrimitive2DEEEEE+0x83)[0x7f750f152023] /usr/lib/libreoffice/program/libmergedlo.so(+0x127149b)[0x7f750f16149b] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12drawinglayer11processor2d15BaseProcessor2D7processERKN3com3sun4star3uno8SequenceINS5_9ReferenceINS4_7graphic12XPrimitive2DEEEEE+0x83)[0x7f750f152023] /usr/lib/libreoffice/program/libmergedlo.so(+0x207192b)[0x7f750ff6192b] /usr/lib/libreoffice/program/libmergedlo.so(+0x20727b0)[0x7f750ff627b0] /usr/lib/libreoffice/program/libmergedlo.so(_ZN13SdrPageWindow9RedrawAllEPN3sdr7contact27ViewObjectContactRedirectorE+0x11f)[0x7f750ff9297f] /usr/lib/libreoffice/program/libmergedlo.so(_ZN12SdrPaintView14CompleteRedrawEP12OutputDeviceRKN3vcl6RegionEPN3sdr7contact27ViewObjectContactRedirectorE+0x59)[0x7f7510077129] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x4f4531)[0x7f74d7451531] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x4a3411)[0x7f74d7400411] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x40abb0)[0x7f74d7367bb0] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x40b65f)[0x7f74d736865f] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x3adb05)[0x7f74d730ab05] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x3b86a7)[0x7f74d73156a7] /usr/lib/libreoffice/program/../program/libsdlo.so(+0x3b8852)[0x7f74d7315852] /usr/lib/libreoffice/program/libmergedlo.so(+0x29dc31f)[0x7f75108cc31f] /usr/lib/libreoffice/program/libmergedlo.so(_ZN9Scheduler21ProcessTaskSchedulingEb+0x3f)[0x7f75108cc48f] /usr/lib/libreoffice/program/libmergedlo.so(_ZN11Application5YieldEv+0x10)[0x7f75108d9060] /usr/lib/libreoffice/program/libmergedlo.so(_ZN11Application7ExecuteEv+0x25)[0x7f75108d9115] /usr/lib/libreoffice/program/libmergedlo.so(+0x1b734a3)[0x7f750fa634a3] /usr/lib/libreoffice/program/libmergedlo.so(+0x29ee0e9)[0x7f75108de0e9] /usr/lib/libreoffice/program/libmergedlo.so(_Z6SVMainv+0x12)[0x7f75108de122] /usr/lib/libreoffice/program/libmergedlo.so(soffice_main+0x8f)[0x7f750fa80f8f] /usr/lib/libreoffice/program/soffice.bin[0x4006fb] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f750d8f7ec5] /usr/lib/libreoffice/program/soffice.bin[0x40072f] pes@pieter-ThinkPad:~$ pes@pieter-ThinkPad:~$ /usr/bin/libreoffice --version LibreOffice 5.0.3.2 00m0(Build:2)
I can give it a try if you send me the file (+ retrieve a backtrace with debug symbols if I reproduce the crash)
Please add the file
Created attachment 120296 [details] Old 2012 odg that crashes Draw The file crashes libreoffice Using Ubuntu 15.04 Libreoffice Version: 5.0.3.2 Build ID: 1:5.0.3~rc2-0ubuntu1~trusty2 Locale: en-ZA (en_ZA.UTF-8)
(In reply to tommy27 from comment #1) > send it to me (barta@quipo.it) > > did it ever worked with previous LibO releases? > > which is your exact Linux distro? It was created in 2012, possibly openoffice ? Currently using Ubuntu 15.04 Libreoffice Version: 5.0.3.2 Build ID: 1:5.0.3~rc2-0ubuntu1~trusty2 Locale: en-ZA (en_ZA.UTF-8)
Created attachment 120305 [details] console logs + bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this with SAL_USE_VCLPLUGIN=gen, not with by default value (in my case gtk3).
Pieter: you sent me the file in a private email but you also attached the file here: https://bugs.documentfoundation.org/attachment.cgi?id=120296
Just to complete info: (gdb) p nY $1 = 1 (gdb) p *mpBuffer $2 = {mnFormat = 128, mnWidth = 4, mnHeight = 1, mnScanlineSize = 12, mnBitCount = 24, maColorMask = {maR = {mnMask = 0, mnShift = 0, mnOrShift = 0, mnOr = 0 '\000'}, maG = { mnMask = 0, mnShift = 0, mnOrShift = 0, mnOr = 0 '\000'}, maB = {mnMask = 0, mnShift = 0, mnOrShift = 0, mnOr = 0 '\000'}, mnAlphaChannel = 0}, maPalette = { mpBitmapColor = 0x0, mnCount = 0}, mpBits = 0x746ede0 '\377' <repeats 12 times>, "g"}
Is a bit slow, but loads fine on Win7 in LO 5.1.0.0.alpha1+
Another data point: opens fine on OS X 10.11.1, LO 5.1 nightly from today.
No crash here. Win 7 Pro 64-bit Version: 5.1.0.0.alpha1+ Build ID: 6da681442b17c723f9408a806e8d2367441ad65a TinderBox: Win-x86@62-merge-TDF, Branch:MASTER, Time: 2015-11-07_23:13:46 Locale: fi-FI (fi_FI) Ubuntu 15.10 64-bit Version: 5.1.0.0.alpha1+ Build ID: a148fe149c7af1995fd2aaab0a6e52242509b993 TinderBox: Linux-rpm_deb-x86_64@70-TDF-dbg, Branch:master, Time: 2015-11-08_23:54:51 Locale: en-US (en_US.UTF-8)
Reproduced on linux. Reason is that LinearScaleContext::blendBitmap24 causes out-of-bound accesses to BitmapReadAccess/BitmapWriteAccess for extreme cases. It starts with OutputDevice::DrawDeviceAlphaBitmap which on linux may use OutputDevice::DrawDeviceAlphaBitmapSlowPath (on win and mac not used, so no crash there). blendBitmap24 in the case of a one pixel source use the correct index, but always uses tne next scanline to blend with it (pLine1). In case of a one pixel bitmap that does not exist. To avoid that a lot of strategies may be used e.g. to not mix with the next line at all or setup one more index in all cases or similar. Since it is a corner case (not often, fast) I opt for just using the initial scanline twice when there is no second, this will do no harm to blending, too. Tried that, works as expected. Doing more experiments how this coud be solved better
Armin Le Grand committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=99e3ab6effa9356a1a444160e60ed8df099b15a3 tdf#95481 catch out-of-range access in vcl bitmap It will be available in 5.1.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Okay, done.
Armin Le Grand committed a patch related to this issue. It has been pushed to "libreoffice-5-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=5a86268e5dabaa5c02cf912e3793ce0f44c03a0b&h=libreoffice-5-0 tdf#95481 catch out-of-range access in vcl bitmap It will be available in 5.0.4. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.