Issue 105457

Summary: Segmentation Fault opening graphics placeholder
Product: Writer Reporter: kevinoid <kevin>
Component: editingAssignee: eric.savary
Status: CLOSED FIXED QA Contact: issues@sw <issues>
Severity: Trivial    
Priority: P2 CC: eric.savary, issues
Version: OOo 3.1.1   
Target Milestone: ---   
Hardware: All   
OS: All   
Issue Type: DEFECT Latest Confirmation in: ---
Developer Difficulty: ---
Issue Depends on:    
Issue Blocks: 99999    
Attachments:
Description Flags
Crash Backtrace (From Debian packages version 1:3.1.1-2)
none
Document which causes crash none

Description kevinoid 2009-09-29 17:08:36 UTC 
After opening the attached document, clicking on the Logo graphics placeholder
in the top-left corner of the first page causes the file selection dialog box to
open and the program to immediately crash due to a Segmentation Fault.

I first encountered this problem using the Debian OpenOffice.org packages and
generated a backtrace from version 1:3.1.1-2 of those packages (since they
include the debugging symbols in a package it made the process much easier for
me).  I have also confirmed that the crash occurs using the 3.1.1 Linux 32-bit
DEB packages downloaded directly from openoffice.org, but since those packages
don't appear to contain debug symbols the backtrace was less useful and so I
have not included it (if it would be really useful I can try to compile the
source with debug symbols and get a backtrace).

Interestingly, if I edit the file at all before opening the graphics
placeholder, the problem does not appear.  Perhaps this is an indication that
the file is somehow broken?  I believe that the file was created on one of the
later OO.o 2 versions on a Windows machine, but I am not sure.
Comment 1 kevinoid 2009-09-29 17:09:56 UTC 
Created attachment 65039 [details]
Crash Backtrace (From Debian packages version 1:3.1.1-2)
Comment 2 kevinoid 2009-09-29 17:11:01 UTC 
Created attachment 65040 [details]
Document which causes crash
Comment 3 eric.savary 2009-09-30 00:32:48 UTC 
@OD: I could reproduce this since 3.1 (tested: 2.4, 3.0, 3.0.1, 3.1, 3.1.1 and
m59) on Vista (so this is not platform dependent).

My "nose" tells me "a very bad one" because OOo just simply disappears... Thus
-> 3.2. Feel free to retarget in case this is would only be caused by a very
special document... :)
Comment 4 Oliver-Rainer Wittmann 2009-09-30 10:24:03 UTC 
The root cause of the crash is access violation in the status update code for
the toolbar list box for the undo.

This crash can be very easily reproduced:
- new text document
- insert placeholder field for a graphic
- save and close the text document
- open the create text document
- click on placeholder field
--> crash

OD->ES: I agree to You that this should be a show stopper for OOo 3.2. Please
submit the corresponding request, while I am correcting the code.
Comment 5 Oliver-Rainer Wittmann 2009-10-01 09:11:54 UTC 
fixed in cws sw32bf05 - changed file:
/sw/source/core/undo/docundo.cxx, rev. 276577
Comment 6 Oliver-Rainer Wittmann 2009-10-05 16:37:39 UTC 
OD->ES: Checked in internal installation set of cws sw32bf05 - please verify.
Comment 7 eric.savary 2009-10-06 14:43:33 UTC 
Verified in CWS sw32bf05.