Issue 104155 - Some docx documents crash on load
Summary: Some docx documents crash on load
Status: CLOSED FIXED
Alias: None
Product: xml
Classification: Code
Component: code (show other issues)
Version: DEV300m54
Hardware: All Linux, all
: P2 Trivial (vote)
Target Milestone: OOo 3.2
Assignee: Oliver Specht
QA Contact: issues@xml
URL:
Keywords: regression
: 105035 (view as issue list)
Depends on:
Blocks: 99999
  Show dependency tree
 
Reported: 2009-08-11 13:40 UTC by kendy
Modified: 2011-02-11 14:40 UTC (History)
5 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
The file causing the crash. (23.51 KB, application/msword)
2009-08-11 13:46 UTC, kendy 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description kendy 2009-08-11 13:40:43 UTC 
The backtrace leads to oox:

Program received signal SIGSEGV, Segmentation fault.
0x00007fffd78dcc5f in oox::StorageBase::getSubStorage(rtl::OUString const&, 
bool) ()
   
from /local/inst/dev300-m54/openoffice.org3/program/../basis-link/program/libooxlx.so
#1  0x00007fffd78dd1c7 in oox::StorageBase::openInputStream(rtl::OUString 
const&) ()
   
from /local/inst/dev300-m54/openoffice.org3/program/../basis-link/program/libooxlx.so
#2  0x00007fffd78e3641 in oox::core::FilterBase::openInputStream(rtl::OUString 
const&) const ()
   
from /local/inst/dev300-m54/openoffice.org3/program/../basis-link/program/libooxlx.so
#3  0x00007fffd78ee0ea in ?? () 
from /local/inst/dev300-m54/openoffice.org3/program/../basis-link/program/libooxlx.so
#4  0x00007fffd78f4e77 in 
oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> 
const&) ()
   
from /local/inst/dev300-m54/openoffice.org3/program/../basis-link/program/libooxlx.so
#5  0x00007fffd78f6317 in 
oox::core::XmlFilterBase::importRelations(rtl::OUString const&) ()
   
from /local/inst/dev300-m54/openoffice.org3/program/../basis-link/program/libooxlx.so

Let me attach the test document.
Comment 1 kendy 2009-08-11 13:46:01 UTC 
Created attachment 64066 [details]
The file causing the crash.
Comment 2 kendy 2009-08-11 13:47:17 UTC 
Just a note, the file loaded just OK with m49, and does not work in m54.
Comment 3 daniel.rentz 2009-08-11 14:02:00 UTC 
started
Comment 4 daniel.rentz 2009-08-11 14:02:45 UTC 
target
Comment 5 daniel.rentz 2009-08-26 09:45:49 UTC 
dr->hbrinkm:
Seems that oox::shape::ShapeContextHandler is using an uninitialized (or at
least partly initialized) XmlFilterBase object. The members mxImpl->maFileUrl
and mxImpl->mxStorage are empty. The latter causes the crash while calling
FilterBase::openInputStream( "word/_rels/document.xml.rels" ) to read a
relations stream.

The mentioned members are inizialized while setting the media descriptor which
is a must to use the FilterBase class correclty. This is usually done directly
from the filter() API call that provides the filter descriptor as sequence of
PropertyValues.

P2 as it seems to crash with any DOCX containing shapes.
Comment 6 Oliver Specht 2009-09-07 12:13:19 UTC 
Fixed in cws writerfilter32bugfixes01 in 
oox/source/core/filterbase.cxx

->cedricbosdo: Please add this issue to the cws and add me as member of that cws
Comment 7 Oliver Specht 2009-09-07 12:13:56 UTC 
Set to fixed
Comment 8 cedric.bosdonnat.ooo 2009-09-07 13:53:50 UTC 
cedricbosd->os: the EIS informations are updated.
Comment 9 openoffice 2009-09-21 10:09:11 UTC 
*** Issue 105035 has been marked as a duplicate of this issue. ***
Comment 10 stefan.baltzer 2009-09-22 13:12:43 UTC 
According to comment from kendy ("broken after m49"), I set keyword "regression".
Comment 11 openoffice 2010-07-30 10:16:59 UTC 
wrong resolution
Comment 12 openoffice 2010-07-30 10:19:16 UTC 
Resetting resolution.
Got played on by IssueZilla.
Comment 13 Mathias_Bauer 2011-02-09 12:24:41 UTC 
Please update the status of this issue: can we close it?
Comment 14 Oliver Specht 2011-02-11 14:39:58 UTC 
set to verified
This issue has not been added to the cws but the fix was included.
Comment 15 Oliver Specht 2011-02-11 14:40:19 UTC 
closing