https://bugs.freedesktop.org/show_bug.cgi?id=79139
Priority: medium
Bug ID: 79139
Assignee: [email protected]
Summary: Crash in SwDropCapCache::CalcFontSize
Severity: critical
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: Other
Status: UNCONFIRMED
Version: 4.3.0.0.beta1
Component: Libreoffice
Product: LibreOffice
Created attachment 99662
--> https://bugs.freedesktop.org/attachment.cgi?id=99662&action=edit
Repro file
When opening a mutated DOCX file, an ASan build of LO 4.4.0.0 alpha0 will
crash:
Program received signal SIGFPE, Arithmetic exception.
0x00007fffa9746e9b in SwDropCapCache::CalcFontSize (this=<optimized out>,
pDrop=<optimized out>, rInf=...) at
/home/moggi/devel/libo7/sw/source/core/text/txtdrop.cxx:717
rax 0xbd740 776000
rbx 0xf200f2f2f200f201 -1008539191274835455
rcx 0x7ffffffe2280 140737488233088
rdx 0x0 0
rsi 0x10007fff4308 17594333479688
rdi 0x7ffffffe1860 140737488230496
rbp 0x7ffffffe2670 0x7ffffffe2670
rsp 0x7ffffffe18c0 0x7ffffffe18c0
0x00007fffa9746e93 <SwDropCapCache::CalcFontSize(SwDropPortion*,
SwTxtFormatInfo&)+6451>: mov 0x710(%rsp),%rcx
=> 0x00007fffa9746e9b <SwDropCapCache::CalcFontSize(SwDropPortion*,
SwTxtFormatInfo&)+6459>: idivq (%rcx)
0x00007fffa9746e9e <SwDropCapCache::CalcFontSize(SwDropPortion*,
SwTxtFormatInfo&)+6462>: mov 0x738(%rsp),%rdx
Original OO file: www.asep.org%2Fasep%2Fasep%2FEvery_Day_Is_Another_Day.docx
Mutated OO file (repro file): crash-30894.docx
Modified XML file: word/styles.xml
Modifications:
- in tag "w:rFonts", attribute "w:eastAsiaTheme" was switched from "minorHAnsi"
to "%s%n%s%n%s%n%s%n%s%n"
- in tag "w:sz", attribute "w:val" was switched from "22" to
"PPPPPPPPPPPPPPPPPPPPPPPPPPPPPP..."
- in tag "w:lsdException", attribute "w:qFormat" was switched from "1" to "0"
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
