Bug 87977

Summary: FILEOPEN: embedded DOCX object in DOCX causing crash when double-clicking on it
Product: LibreOffice Reporter: Beluga <todventtu>
Component: WriterAssignee: Not Assigned <libreoffice-bugs>
Status: NEW --- QA Contact:
Severity: major    
Priority: high CC: qubit, raal, todventtu
Version: 4.3.4.1 releaseKeywords: have-backtrace
Hardware: x86-64 (AMD64)   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: DOCX causing crash (confidential contents stripped)
gdbtrace

Description Beluga 2015-01-02 17:43:34 UTC
Created attachment 111665 [details]
DOCX causing crash (confidential contents stripped)

Steps to reproduce:
1. Open attached document.
2. Double-click the lower object, labeled Object 1, which is displaying a plug symbol (in Linux) or a strange violet symbol (on Windows).
3. Observe crash.

In Windows, I get a Fatal Error dialog with 'Access violation - no RTTI data!'.
With version 4.5 on Linux, the document crashed on opening.

Document was confidential, but I managed to bisect its xml and file contents to the bare minimum while retaining the crashy behavior.

I have to say that the original document was "more crashy", it that one did not have to click the plug object. It was enough to simply wait for a bit.

The problem resides inside the embedded .docx, specifically in the footer and header .xmls.
I could not pinpoint the problem to a certain header or footer xml, but had to keep them all.

Originally noticed on 4.3.4. Now tested on:

Win 7 64-bit:

4.3.5.2

and

Version: 4.5.0.0.alpha0+
Build ID: 57626f2132f73e4e42b31e364b25c5867336e718
TinderBox: Win-x86@42, Branch:master, Time: 2014-12-26_09:26:33

Ubuntu 14.10 64-bit:

Version: 4.5.0.0.alpha0+
Build ID: f92183833fa569006602ac7e93c906d2094e0d4d
TinderBox: Linux-rpm_deb-x86_64@46-TDF-dbg, Branch:master, Time: 2014-12-14_00:21:45

and

Version: 4.3.3.2
Build ID: 430m0(Build:2)
Comment 1 raal 2015-01-02 18:04:51 UTC
I can confirm with Version: 4.5.0.0.alpha0+
Build ID: 7f476fea47f06a7f8cc961dd4f6595a524346fa5
TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time: 2014-12-27_23:36:28

The document crashed on opening.
Comment 2 raal 2015-01-02 18:05:10 UTC
Created attachment 111667 [details]
gdbtrace
Comment 3 Robinson Tryon (qubit) 2015-01-02 18:10:39 UTC
(In reply to raal from comment #1)
> I can confirm with Version: 4.5.0.0.alpha0+
> Build ID: 7f476fea47f06a7f8cc961dd4f6595a524346fa5
> TinderBox: Linux-rpm_deb-x86_64@46-TDF, Branch:master, Time:
> 2014-12-27_23:36:28
> 
> The document crashed on opening.

Status -> NEW

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.