https://bugs.documentfoundation.org/show_bug.cgi?id=171474
Julien Nabet <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |haveBacktrace Status|UNCONFIRMED |NEW CC| |[email protected] Ever confirmed|0 |1 --- Comment #3 from Julien Nabet <[email protected]> --- On pc Debian x86-64 with master sources updated today, I could reproduce this. With this patch: diff --git a/hwpfilter/source/hstyle.cxx b/hwpfilter/source/hstyle.cxx index 581c5320acd3..78141883ff11 100644 --- a/hwpfilter/source/hstyle.cxx +++ b/hwpfilter/source/hstyle.cxx @@ -123,6 +123,8 @@ void HWPStyle::Read(HWPFile& hwpf) ParaShape pshape; hwpf.Read2b(&nstyles, 1); + if (nstyles <= 0) + return; style = new (std::nothrow) hwpfilter::StyleData[nstyles]; if (!style) return; it crashes but at another location: #0 0x00007f43242bb861 in __cxa_throw () at /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #1 0x00007f4290a1caf4 in OStorage::openStorageElement2 (this=0x564dbac229f0, aStorName="Basic", nStorageMode=1) at /home/julien/lo/libreoffice/package/source/xstor/xstorage.cxx:2339 #2 0x00007f4290a1c2a7 in OStorage::openStorageElement (this=0x564dbac229f0, aStorName="Basic", nStorageMode=1) at /home/julien/lo/libreoffice/package/source/xstor/xstorage.cxx:2299 #3 0x00007f4290a1e5d2 in non-virtual thunk to OStorage::openStorageElement(rtl::OUString const&, int) () at /home/julien/lo/libreoffice/package/source/xstor/xstorage.cxx:2428 #4 0x00007f43212d1a13 in basic::SfxLibraryContainer::init_Impl (this=0x564dbd9b3070, rInitialDocumentURL="", rxInitialStorage=uno::Reference to (OStorage *) 0x564dbac229f8, guard=...) at /home/julien/lo/libreoffice/basic/source/uno/namecont.cxx:654 #5 0x00007f43212d0fe5 in basic::SfxLibraryContainer::init (this=0x564dbd9b3070, rInitialDocumentURL="", rxInitialStorage=uno::Reference to (OStorage *) 0x564dbac229f8, guard=...) at /home/julien/lo/libreoffice/basic/source/uno/namecont.cxx:554 #6 0x00007f43212e0a55 in basic::SfxLibraryContainer::initializeFromDocument (this=0x564dbd9b3070, _rxDocument=uno::Reference to (SwXTextDocument *) 0x564dbade86b8, guard=...) at /home/julien/lo/libreoffice/basic/source/uno/namecont.cxx:2617 #7 0x00007f43212e0531 in basic::SfxLibraryContainer::initialize (this=0x564dbd9b3070, _rArguments=uno::Sequence of length 1 = {...}) at /home/julien/lo/libreoffice/basic/source/uno/namecont.cxx:2586 #8 0x00007f4322793b15 in cppuhelper::ServiceManager::Data::Implementation::doCreateInstanceWithArguments (this=0x564db8b1a6f0, context=uno::Reference to (cppu::(anonymous namespace)::ComponentContext *) 0x564db8c00ba8, arguments=uno::Sequence of length 1 = {...}) at /home/julien/lo/libreoffice/cppuhelper/source/servicemanager.cxx:728 #9 0x00007f432279399a in cppuhelper::ServiceManager::Data::Implementation::createInstanceWithArguments (this=0x564db8b1a6f0, context=uno::Reference to (cppu::(anonymous namespace)::ComponentContext *) 0x564db8c00ba8, singletonRequest=false, arguments=uno::Sequence of length 1 = {...}) at /home/julien/lo/libreoffice/cppuhelper/source/servicemanager.cxx:690 #10 0x00007f4322799598 in cppuhelper::ServiceManager::createInstanceWithArgumentsAndContext (this=0x564db8addba0, ServiceSpecifier="com.sun.star.script.DocumentScriptLibraryContainer", Arguments=uno::Sequence of length 1 = {...}, Context=uno::Reference to (cppu::(anonymous namespace)::ComponentContext *) 0x564db8c00ba8) at /home/julien/lo/libreoffice/cppuhelper/source/servicemanager.cxx:1015 #11 0x00007f432279963c in non-virtual thunk to cppuhelper::ServiceManager::createInstanceWithArgumentsAndContext(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&) () at /home/julien/lo/libreoffice/cppuhelper/source/servicemanager.cxx:1016 #12 0x00007f4320be2f85 in com::sun::star::script::DocumentScriptLibraryContainer::create (the_context=uno::Reference to (cppu::(anonymous namespace)::ComponentContext *) 0x564db8c00ba8, Document=uno::Reference to (SwXTextDocument *) 0x564dbade86b8) at workdir/UnoApiHeadersTarget/offapi/normal/com/sun/star/script/DocumentScriptLibraryContainer.hpp:49 #13 0x00007f4320bd9b4c in (anonymous namespace)::lcl_getOrCreateLibraryContainer (_bScript=true, _rxContainer=empty uno::Reference, _rxDocument=uno::Reference to (SwXTextDocument *) 0x564dbade8660) at /home/julien/lo/libreoffice/sfx2/source/doc/objxtor.cxx:737 #14 0x00007f4320bd9dc2 in SfxObjectShell::GetBasicContainer (this=0x564dba6aaa70) at /home/julien/lo/libreoffice/sfx2/source/doc/objxtor.cxx:782 #15 0x00007f4320c2b2c6 in SfxBaseModel::getBasicLibraries (this=0x564dbade85d0) at /home/julien/lo/libreoffice/sfx2/source/doc/sfxbasemodel.cxx:2469 #16 0x00007f4320c2b3b4 in non-virtual thunk to SfxBaseModel::getBasicLibraries() () at /home/julien/lo/libreoffice/instdir/program/libsfxlo.so #17 0x00007f4320b08c1d in sfx2::DocumentMacroMode::hasMacroLibrary (this=0x564dbadd5c38) at /home/julien/lo/libreoffice/sfx2/source/doc/docmacromode.cxx:409 #18 0x00007f4320b09037 in sfx2::DocumentMacroMode::hasMacros (this=0x564dbadd5c38) at /home/julien/lo/libreoffice/sfx2/source/doc/docmacromode.cxx:459 #19 0x00007f4320b7c74d in SfxObjectShell::CheckSecurityOnLoading_Impl (this=0x564dba6aaa70) at /home/julien/lo/libreoffice/sfx2/source/doc/objmisc.cxx:992 #20 0x00007f4320b7ddb0 in SfxObjectShell::FinishedLoading (this=0x564dba6aaa70, nFlags=SfxLoadedFlags::ALL) at /home/julien/lo/libreoffice/sfx2/source/doc/objmisc.cxx:1162 #21 0x00007f4320bab020 in SfxObjectShell::DoLoad (this=0x564dba6aaa70, pMed=0x564dbd906860) at /home/julien/lo/libreoffice/sfx2/source/doc/objstor.cxx:776 #22 0x00007f4320c27027 in SfxBaseModel::load (this=0x564dbade85d0, seqArguments=uno::Sequence of length 15 = {...}) at /home/julien/lo/libreoffice/sfx2/source/doc/sfxbasemodel.cxx:1983 #23 0x00007f4320dbfed3 in (anonymous namespace)::SfxFrameLoader_Impl::load (this=0x564dba775a40, rArgs=uno::Sequence of length 12 = {...}, _rTargetFrame=uno::Reference to ((anonymous namespace)::XFrameImpl *) 0x564dba508530) at /home/julien/lo/libreoffice/sfx2/source/view/frmload.cxx:775 #24 0x00007f43219bad34 in framework::LoadEnv::impl_loadContent (this=0x564dba9e57c8) at /home/julien/lo/libreoffice/framework/source/loadenv/loadenv.cxx:1180 #25 0x00007f43219b7eb5 in framework::LoadEnv::start (this=0x564dba9e57c8) at /home/julien/lo/libreoffice/framework/source/loadenv/loadenv.cxx:416 #26 0x00007f43219b5bb2 in framework::LoadEnv::startLoading (this=0x564dba9e57c8, sURL="file:///home/julien/T%C3%A9l%C3%A9chargements/hwp_bad_alloc.hwp", lMediaDescriptor=uno::Sequence of length 4 = {...}, xBaseFrame=uno::Reference to (framework::Desktop *) 0x564dba514fc8, sTarget="_default", nSearchFlags=0, eFeature=(LoadEnvFeatures::WorkWithUI | LoadEnvFeatures::AllowContentHandler)) at /home/julien/lo/libreoffice/framework/source/loadenv/loadenv.cxx:312 -- You are receiving this mail because: You are the assignee for the bug.
