| Summary: | Crash in SwDropCapCache::CalcFontSize | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | nicolas.gregoire |
| Component: | Libreoffice | Assignee: | Julien Nabet <serval2412> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | medium | ||
| Version: | 4.3.0.0.beta1 | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | target:4.4.0 target:4.2.5 target:4.3.0.0.beta2 | ||
| i915 platform: | i915 features: | ||
| Attachments: |
Repro file
Original file |
||
Created attachment 99663 [details]
Original file
Julien Nabet committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=06afd4067f7bc321d7dd0a4e8c235b0b21e3d49a Resolves: fdo#79139 Crash in SwDropCapCache::CalcFontSize The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. for 4.3: https://gerrit.libreoffice.org/#/c/9457/ for 4.2: https://gerrit.libreoffice.org/9458 Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=9732b4a0045c1e72493f16d03f60a048d5fbfa9d&h=libreoffice-4-2 Resolves: fdo#79139 Crash in SwDropCapCache::CalcFontSize It will be available in LibreOffice 4.2.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-4-3": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c172eb71bbd725d6ddca9255a288c47534bb9113&h=libreoffice-4-3 Resolves: fdo#79139 Crash in SwDropCapCache::CalcFontSize It will be available in LibreOffice 4.3. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Thanks to Caolan review for 4.2 and 4.3, we can put this as FIXED now. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 99662 [details] Repro file When opening a mutated DOCX file, an ASan build of LO 4.4.0.0 alpha0 will crash: Program received signal SIGFPE, Arithmetic exception. 0x00007fffa9746e9b in SwDropCapCache::CalcFontSize (this=<optimized out>, pDrop=<optimized out>, rInf=...) at /home/moggi/devel/libo7/sw/source/core/text/txtdrop.cxx:717 rax 0xbd740 776000 rbx 0xf200f2f2f200f201 -1008539191274835455 rcx 0x7ffffffe2280 140737488233088 rdx 0x0 0 rsi 0x10007fff4308 17594333479688 rdi 0x7ffffffe1860 140737488230496 rbp 0x7ffffffe2670 0x7ffffffe2670 rsp 0x7ffffffe18c0 0x7ffffffe18c0 0x00007fffa9746e93 <SwDropCapCache::CalcFontSize(SwDropPortion*, SwTxtFormatInfo&)+6451>: mov 0x710(%rsp),%rcx => 0x00007fffa9746e9b <SwDropCapCache::CalcFontSize(SwDropPortion*, SwTxtFormatInfo&)+6459>: idivq (%rcx) 0x00007fffa9746e9e <SwDropCapCache::CalcFontSize(SwDropPortion*, SwTxtFormatInfo&)+6462>: mov 0x738(%rsp),%rdx Original OO file: www.asep.org%2Fasep%2Fasep%2FEvery_Day_Is_Another_Day.docx Mutated OO file (repro file): crash-30894.docx Modified XML file: word/styles.xml Modifications: - in tag "w:rFonts", attribute "w:eastAsiaTheme" was switched from "minorHAnsi" to "%s%n%s%n%s%n%s%n%s%n" - in tag "w:sz", attribute "w:val" was switched from "22" to "PPPPPPPPPPPPPPPPPPPPPPPPPPPPPP..." - in tag "w:lsdException", attribute "w:qFormat" was switched from "1" to "0"