Bug 63168

Summary: FILEOPEN: crash when reading a certain docx
Product: LibreOffice Reporter: oliver.sander
Component: WriterAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED WORKSFORME QA Contact:
Severity: major    
Priority: high CC: cedric.bosdonnat.ooo, mst.fdo, oliver.sander, serval2412
Version: 4.0.2.1 rc   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: File that causes the crash
The gdb backtrace
console + bt with symbols on master sources

Description oliver.sander 2013-04-05 13:42:24 UTC 
Created attachment 77485 [details]
File that causes the crash

LibreOffice crashes when opening a certain docx file.

I start LO from the command line with the file as the argument. The splash screen appears briefly, and then the program terminates.

I'll attach the file and a gdb backtrace.

This is with version 4.0.2~rc2-2 from today's Debian experimental.
Comment 1 oliver.sander 2013-04-05 13:42:55 UTC 
Created attachment 77486 [details]
The gdb backtrace
Comment 2 Julien Nabet 2013-04-05 21:52:41 UTC 
Comment on attachment 77485 [details]
File that causes the crash

Mimetype fixed
Comment 3 Julien Nabet 2013-04-05 21:59:18 UTC 
Created attachment 77500 [details]
console + bt with symbols on master sources

On pc Debian (testing updated today) x86-64 with master sources updated today, I reproduced the crash.

I attached the bt (the same as reporter's + few details) + console logs
Comment 4 Julien Nabet 2013-04-05 22:00:22 UTC 
Cédric/Michael: one for you?
Comment 5 Julien Nabet 2013-04-05 22:06:27 UTC 
After having searched in git history of sw/source/core/unocore/unotext.cxx, I found this commit:
d0cde9640b52ccfbb28ed1f65bba0927afd7b69b
(2013/02/20), Cédric definitely for you? :-P
Comment 6 Julien Nabet 2013-04-05 22:13:23 UTC 
Adding some traces, "pEndStartTableNode" is NULL after line 1628

diff --git a/sw/source/core/unocore/unotext.cxx b/sw/source/core/unocore/unotext.cxx
index 8d3b8c9..c3ffd05 100644
--- a/sw/source/core/unocore/unotext.cxx
+++ b/sw/source/core/unocore/unotext.cxx
@@ -1626,7 +1626,7 @@ throw (lang::IllegalArgumentException, uno::RuntimeException)
             SwTableNode * pStartTableNode(pStartStartNode->FindTableNode());
             // Is it the same table start node than the end?
             SwTableNode *const pEndStartTableNode(pEndStartNode->FindTableNode());
-            while (pEndStartTableNode->GetIndex() < pStartTableNode->GetIndex())
+            while (pEndStartTableNode && (pEndStartTableNode->GetIndex() < pStartTableNode->GetIndex()))
             {
                 SwStartNode* pStartStartTableNode = pStartTableNode->StartOfSectionNode();
                 pStartTableNode = pStartStartTableNode->FindTableNode();

prevents from the crash but perhaps it should need more things.
Anyway, if you think I can push this patch on master, just tell me.
Comment 7 Owen Genat 2013-11-09 10:47:10 UTC 
LO v4.1.3.2 Build ID: 70feb7d99726f064edab4605a8ab840c50ec57a under GNU/Linux Crunchbang 11 opens the attachment in the description without crashing.
Comment 8 Julien Nabet 2013-11-09 14:17:55 UTC 
Thank you Owen for your feedback.
On pc Debian x86-64 with 4.1 sources updated 1 week ago, I don't reproduce this anymore.
I put it as WFM.
ssander: if you still reproduce this with 4.1.3 version, don't hesitate to reopen this tracker.
Comment 9 oliver.sander 2013-11-09 20:25:05 UTC 
I confirm that it works now.  Thank you very much!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.