Bug 87977 - FILEOPEN: embedded DOCX object in DOCX causing crash when double-clicking on it
Summary: FILEOPEN: embedded DOCX object in DOCX causing crash when double-clicking on it
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version: 4.3.4.1 release
Hardware: x86-64 (AMD64) All
: high major
Assignee: Not Assigned
QA Contact:
URL:
Whiteboard:
Keywords: have-backtrace
Depends on:
Blocks:
 
Reported: 2015-01-02 17:43 UTC by Beluga
Modified: 2015-01-04 15:45 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:


Attachments
DOCX causing crash (confidential contents stripped) (70.35 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document)
2015-01-02 17:43 UTC, Beluga
Details
gdbtrace (5.62 KB, application/gzip)
2015-01-02 18:05 UTC, raal
Details

Description Beluga 2015-01-02 17:43:34 UTC
Created attachment 111665 [details]
DOCX causing crash (confidential contents stripped)

Steps to reproduce:
1. Open attached document.
2. Double-click the lower object, labeled Object 1, which is displaying a plug symbol (in Linux) or a strange violet symbol (on Windows).
3. Observe crash.

In Windows, I get a Fatal Error dialog with 'Access violation - no RTTI data!'.
With version 4.5 on Linux, the document crashed on opening.

Document was confidential, but I managed to bisect its xml and file contents to the bare minimum while retaining the crashy behavior.

I have to say that the original document was "more crashy", it that one did not have to click the plug object. It was enough to simply wait for a bit.

The problem resides inside the embedded .docx, specifically in the footer and header .xmls.
I could not pinpoint the problem to a certain header or footer xml, but had to keep them all.

Originally noticed on 4.3.4. Now tested on:

Win 7 64-bit:

4.3.5.2

and

Version: 4.5.0.0.alpha0+
Build ID: 57626f2132f73e4e42b31e364b25c5867336e718
TinderBox: Win-x86@42, Branch:master, Time: 2014-12-26_09:26:33

Ubuntu 14.10 64-bit:

Version: 4.5.0.0.alpha0+
Build ID: f92183833fa569006602ac7e93c906d2094e0d4d
TinderBox: Linux-rpm_deb-x86_64@46-TDF-dbg, Branch:master, Time: 2014-12-14_00:21:45

and

Version: 4.3.3.2
Build ID: 430m0(Build:2)
Comment 1 raal 2015-01-02 18:04:51 UTC
I can confirm with Version: 4.5.0.0.alpha0+
Build ID: 7f476fea47f06a7f8cc961dd4f6595a524346fa5
TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2014-12-27_23:36:28

The document crashed on opening.
Comment 2 raal 2015-01-02 18:05:10 UTC
Created attachment 111667 [details]
gdbtrace
Comment 3 Robinson Tryon (qubit) 2015-01-02 18:10:39 UTC
(In reply to raal from comment #1)
> I can confirm with Version: 4.5.0.0.alpha0+
> Build ID: 7f476fea47f06a7f8cc961dd4f6595a524346fa5
> TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time:
> 2014-12-27_23:36:28
> 
> The document crashed on opening.

Status -> NEW


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.