[Libreoffice-bugs] [Bug 99994] New: Crash on insert SVG file svgio::svgreader::SvgCharacterNode::createSimpleTextPrimitive

Sun, 22 May 2016 11:30:07 -0700 

https://bugs.documentfoundation.org/show_bug.cgi?id=99994

            Bug ID: 99994
           Summary: Crash on insert SVG file
                    svgio::svgreader::SvgCharacterNode::createSimpleTextPr
                    imitive
           Product: LibreOffice
           Version: 5.0.6.2 release
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: filters and storage
          Assignee: libreoffice-bugs@lists.freedesktop.org
          Reporter: samtyg...@yahoo.co.uk

Created attachment 125233
  --> https://bugs.documentfoundation.org/attachment.cgi?id=125233&action=edit
test.svg

On inserting the attached svg file Libreoffice crashes. Happens with 5.0, 5.1
and 5.2dev (not test with any earlier versions). Happens in impress and writer.

The original SVG came from matplotlib, with edits in inkscape. I cut it down to
something fairly minimal.

Steps:
1) New impress or writer document
2) Drag test.svg into the page
3) Crash

Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault.
Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x0: 
0x00007fffc3f89f82 in rtl::OUString::OUString (this=0x7fffffff3280, 
    str=<error reading variable: Cannot access memory at address 0x0>)
    at /usr/local/src/libreoffice/include/rtl/ustring.hxx:129
129             pData = str.pData;


Backtrace:

#0  0x00007fffc3f89f82 in rtl::OUString::OUString (this=0x7fffffff3280, 
    str=<error reading variable: Cannot access memory at address 0x0>)
    at /usr/local/src/libreoffice/include/rtl/ustring.hxx:129
#1  0x00007fffc3f8856d in
svgio::svgreader::SvgCharacterNode::createSimpleTextPrimitive (this=0x2a4b250, 
    rSvgTextPosition=..., rSvgStyleAttributes=...)
    at
/usr/local/src/libreoffice/svgio/source/svgreader/svgcharacternode.cxx:241
#2  0x00007fffc3f893a1 in
svgio::svgreader::SvgCharacterNode::decomposeTextWithStyle (this=0x2a4b250,
rTarget=..., 
    rSvgTextPosition=..., rSvgStyleAttributes=...)
    at
/usr/local/src/libreoffice/svgio/source/svgreader/svgcharacternode.cxx:507
#3  0x00007fffc3f8974b in svgio::svgreader::SvgCharacterNode::decomposeText
(this=0x2a4b250, rTarget=..., 
    rSvgTextPosition=...) at
/usr/local/src/libreoffice/svgio/source/svgreader/svgcharacternode.cxx:575
#4  0x00007fffc3fbc175 in svgio::svgreader::SvgTextNode::DecomposeChild
(this=0x2a4b410, rCandidate=..., rTarget=..., 
    rSvgTextPosition=...) at
/usr/local/src/libreoffice/svgio/source/svgreader/svgtextnode.cxx:120
#5  0x00007fffc3fbc40d in svgio::svgreader::SvgTextNode::DecomposeChild
(this=0x2a4b410, rCandidate=..., rTarget=..., 
    rSvgTextPosition=...) at
/usr/local/src/libreoffice/svgio/source/svgreader/svgtextnode.cxx:173
#6  0x00007fffc3fbc87a in svgio::svgreader::SvgTextNode::decomposeSvgNode
(this=0x2a4b410, rTarget=...)
    at /usr/local/src/libreoffice/svgio/source/svgreader/svgtextnode.cxx:245
#7  0x00007fffc3fa45c5 in svgio::svgreader::SvgNode::decomposeSvgNode
(this=0x2a4ae10, rTarget=..., bReferenced=false)
    at /usr/local/src/libreoffice/svgio/source/svgreader/svgnode.cxx:540
#8  0x00007fffc3f9a352 in svgio::svgreader::SvgGNode::decomposeSvgNode
(this=0x2a4ae10, rTarget=..., bReferenced=false)
    at /usr/local/src/libreoffice/svgio/source/svgreader/svggnode.cxx:112
#9  0x00007fffc3fa45c5 in svgio::svgreader::SvgNode::decomposeSvgNode
(this=0x2a49870, rTarget=..., bReferenced=false)
    at /usr/local/src/libreoffice/svgio/source/svgreader/svgnode.cxx:540
#10 0x00007fffc3fb8da4 in svgio::svgreader::SvgSvgNode::decomposeSvgNode
(this=0x2a49870, rTarget=..., bReferenced=false)
    at /usr/local/src/libreoffice/svgio/source/svgreader/svgsvgnode.cxx:307
#11 0x00007fffc3fd3bfe in svgio::svgreader::XSvgParser::getDecomposition
(this=0x2220e10, 
    xSVGStream=uno::Reference to (comphelper::SequenceInputStream *) 0x201f428, 
    aAbsolutePath="file:///home/sam/bugs/libreoffice/svg_crash/test3.svg")
    at /usr/local/src/libreoffice/svgio/source/svguno/xsvgparser.cxx:160
#12 0x00007ffff00cf299 in SvgData::ensureSequenceAndRange (this=0x2a3ea40)
    at /usr/local/src/libreoffice/vcl/source/gdi/svgdata.cxx:120
#13 0x00007ffff00cf8ec in SvgData::getRange (this=0x2a3ea40) at
/usr/local/src/libreoffice/vcl/source/gdi/svgdata.cxx:189
#14 0x00007fffeffb2911 in ImpGraphic::ImplGetPrefSize (this=0x2a40e60)
    at /usr/local/src/libreoffice/vcl/source/gdi/impgraph.cxx:662
#15 0x00007fffeffa9824 in Graphic::GetPrefSize (this=0x7fffffff4900)
    at /usr/local/src/libreoffice/vcl/source/gdi/graph.cxx:390
#16 0x00007fffccf4635a in sd::View::InsertGraphic (this=0x1bec4e0,
rGraphic=..., rAction=@0x7fffffff4980: 2 '\002', 
    rPos=Point = {...}, pObj=0x0, pImageMap=0x0) at
/usr/local/src/libreoffice/sd/source/ui/view/sdview4.cxx:190
#17 0x00007fffccf47b16 in sd::View::DropInsertFileHdl (this=0x1bec4e0)
    at /usr/local/src/libreoffice/sd/source/ui/view/sdview4.cxx:429
#18 0x00007fffccf47733 in sd::View::LinkStubDropInsertFileHdl
(instance=0x1bec4e0, data=0x1becc38)
    at /usr/local/src/libreoffice/sd/source/ui/view/sdview4.cxx:394
#19 0x00007fffefc6df81 in Link<Idle*, void>::Call (this=0x1becc58,
data=0x1becc38)
    at /usr/local/src/libreoffice/include/tools/link.hxx:84
#20 0x00007ffff01131bd in Idle::Invoke (this=0x1becc38) at
/usr/local/src/libreoffice/vcl/source/app/idle.cxx:25
#21 0x00007ffff0116b12 in ImplSchedulerData::Invoke (this=0x24d5470)
    at /usr/local/src/libreoffice/vcl/source/app/scheduler.cxx:45
#22 0x00007ffff0116f6d in Scheduler::ProcessTaskScheduling (bTimerOnly=false)
    at /usr/local/src/libreoffice/vcl/source/app/scheduler.cxx:177
#23 0x00007ffff0136cae in ImplYield (i_bWait=false, i_bAllEvents=false,
nReleased=0)
    at /usr/local/src/libreoffice/vcl/source/app/svapp.cxx:523
#24 0x00007ffff0132df6 in Application::Yield () at
/usr/local/src/libreoffice/vcl/source/app/svapp.cxx:556
#25 0x00007ffff0132c70 in Application::Execute () at
/usr/local/src/libreoffice/vcl/source/app/svapp.cxx:473
#26 0x00007ffff7811251 in desktop::Desktop::DoExecute () at
/usr/local/src/libreoffice/desktop/source/app/app.cxx:1320
#27 0x00007ffff78122f9 in desktop::Desktop::Main (this=0x7fffffff5470)
    at /usr/local/src/libreoffice/desktop/source/app/app.cxx:1645
#28 0x00007ffff013be7a in ImplSVMain () at
/usr/local/src/libreoffice/vcl/source/app/svmain.cxx:170
#29 0x00007ffff013bfbc in SVMain () at
/usr/local/src/libreoffice/vcl/source/app/svmain.cxx:208
#30 0x00007ffff7856b8e in soffice_main () at
/usr/local/src/libreoffice/desktop/source/app/sofficemain.cxx:135
#31 0x0000000000400815 in sal_main () at
/usr/local/src/libreoffice/desktop/source/app/main.c:48
#32 0x00000000004007fb in main (argc=2, argv=0x7fffffff57a8) at
/usr/local/src/libreoffice/desktop/source/app/main.c:47

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

Reply via email to