[Libreoffice-bugs] [Bug 70483] FILEOPEN: Aborts when opening malformed DOC files

2013-10-18 Thread bugzilla-daemon 
https://bugs.freedesktop.org/show_bug.cgi?id=70483

Caolán McNamara caol...@redhat.com changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED
   Assignee|libreoffice-b...@lists.free |caol...@redhat.com
   |desktop.org |

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 70483] FILEOPEN: Aborts when opening malformed DOC files

2013-10-16 Thread bugzilla-daemon 
https://bugs.freedesktop.org/show_bug.cgi?id=70483

--- Comment #1 from Miklos Vajna vmik...@collabora.co.uk ---
Backtrace for sf_6ea3a0f683768c3ccc999a674acfd1ac-89918.doc:

#1  0x7fffef39e4be in
__gnu_debug::_Safe_iterator__gnu_cxx::__normal_iteratorrtl::ReferenceStgPage*,
std::__cxx1998::vectorrtl::ReferenceStgPage,
std::allocatorrtl::ReferenceStgPage   ,
std::__debug::vectorrtl::ReferenceStgPage,
std::allocatorrtl::ReferenceStgPage   ::_M_is_end (this=0x7fff7fe0)
at /usr/include/c++/4.7/debug/safe_iterator.h:463
#2  0x7fffef39cfbb in
__gnu_debug::_Safe_iterator__gnu_cxx::__normal_iteratorrtl::ReferenceStgPage*,
std::__cxx1998::vectorrtl::ReferenceStgPage,
std::allocatorrtl::ReferenceStgPage   ,
std::__debug::vectorrtl::ReferenceStgPage,
std::allocatorrtl::ReferenceStgPage   ::_M_dereferenceable
(this=0x7fff7fe0)
at /usr/include/c++/4.7/debug/safe_iterator.h:420
#3  0x7fffef39bec3 in
__gnu_debug::_Safe_iterator__gnu_cxx::__normal_iteratorrtl::ReferenceStgPage*,
std::__cxx1998::vectorrtl::ReferenceStgPage,
std::allocatorrtl::ReferenceStgPage   ,
std::__debug::vectorrtl::ReferenceStgPage,
std::allocatorrtl::ReferenceStgPage   ::operator- (this=0x7fff7fe0)
at /usr/include/c++/4.7/debug/safe_iterator.h:276
#4  0x7fffef39a347 in StgCache::Find (this=0x1612290, nPage=321) at
/master/sot/source/sdstor/stgcache.cxx:161
#5  0x7fffef39a51f in StgCache::Get (this=0x1612290, nPage=321,
bForce=true) at /master/sot/source/sdstor/stgcache.cxx:173
#6  0x7fffef3ad017 in StgFAT::GetPhysPage (this=0x15feee0, nByteOff=1304)
at /master/sot/source/sdstor/stgstrms.cxx:62
#7  0x7fffef3ad0a9 in StgFAT::GetNextPage (this=0x15feee0, nPg=326) at
/master/sot/source/sdstor/stgstrms.cxx:73
#8  0x7fffef3adf72 in StgStrm::scanBuildPageChainCache (this=0x161de40,
pOptionalCalcSize=0x161de64) at /master/sot/source/sdstor/stgstrms.cxx:349
#9  0x7fffef3afd1f in StgDataStrm::Init (this=0x161de40, nBgn=322, nLen=-1)
at /master/sot/source/sdstor/stgstrms.cxx:824
#10 0x7fffef3afb66 in StgDataStrm::StgDataStrm (this=0x161de40, r=...,
nBgn=322, nLen=-1) at /master/sot/source/sdstor/stgstrms.cxx:799
#11 0x7fffef3a7db6 in StgDirStrm::StgDirStrm (this=0x161de40, r=...) at
/master/sot/source/sdstor/stgdir.cxx:780
#12 0x7fffef3ab0bf in StgIo::SetupStreams (this=0x1612290) at
/master/sot/source/sdstor/stgio.cxx:91
#13 0x7fffef3aaeca in StgIo::Load (this=0x1612290) at
/master/sot/source/sdstor/stgio.cxx:59
#14 0x7fffef3959ad in Storage::Init (this=0x156b400, bCreate=false) at
/master/sot/source/sdstor/stg.cxx:482
#15 0x7fffef395594 in Storage::Storage (this=0x156b400, r=...,
bDirect=false) at /master/sot/source/sdstor/stg.cxx:411
#16 0x7fffef3b6b11 in SotStorage::SotStorage (this=0x1606a40,
pStm=0x15fedb0, bDelete=false, __in_chrg=optimized out, __vtt_parm=optimized
out)
at /master/sot/source/sdstor/storage.cxx:535
#17 0x7fffd8be6e00 in SwIoSystem::IsFileFilter (rMedium=...,
rFmtName=CWW8) at /master/sw/source/filter/basflt/iodetect.cxx:213
#18 0x7fffd8be9ca9 in SwFilterDetect::DetectFilter (rMedium=...,
ppFilter=0x7fff9778) at /master/sw/source/ui/uno/swdet2.cxx:55
#19 0x7fffd8beb010 in SwFilterDetect::detect (this=0x15fd380,
lDescriptor=uno::Sequence of length 9 = {...}) at
/master/sw/source/ui/uno/swdetect.cxx:332
#20 0x7fffda69e127 in filter::config::TypeDetection::impl_askDetectService
(this=0x158dbe0, sDetectService=com.sun.star.text.FormatDetector,
rDescriptor=...)
at /master/filter/source/config/cache/typedetection.cxx:1039

Looks like WW8 type detection goes mad and at the end eats all the available
memory.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 70483] FILEOPEN: Aborts when opening malformed DOC files

2013-10-16 Thread bugzilla-daemon 
https://bugs.freedesktop.org/show_bug.cgi?id=70483

--- Comment #2 from Michael Meeks michael.me...@collabora.com ---
I just ported and cleaned up this commit:

http://cgit.freedesktop.org/libreoffice/core/commit/?id=dfa1afd0e8b7ae9c706c4a3171a04752e24230b0

Which would fix this issue. Anyone wanting to review / cherry-pick it to -4-1 
4-0- it would be appreciated :-)

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 70483] FILEOPEN: Aborts when opening malformed DOC files

2013-10-15 Thread bugzilla-daemon 
https://bugs.freedesktop.org/show_bug.cgi?id=70483

Urmas davian...@gmail.com changed:

   What|Removed |Added

 OS|Linux (All) |All
 Status|UNCONFIRMED |NEW
Summary|FILEOPEN: SIGABRT when  |FILEOPEN: Aborts when
   |supplying malformed input   |opening malformed DOC files
   |files to Writer |
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs