[Libreoffice-bugs] [Bug 121647] font list box preview certain malformed TTF fonts crash LO

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Fri Nov 23 01:32:32 UTC 2018 

https://bugs.documentfoundation.org/show_bug.cgi?id=121647

V Stuart Foote <vstuart.foote at utsa.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |haveBacktrace

--- Comment #3 from V Stuart Foote <vstuart.foote at utsa.edu> ---
Here is a WinDbg stacktrace of 6.1.3.2 run against the Character dialog
scrolling onto the dfmw5.ttf font...


0:017> g
ModLoad: 00007ffd`30fd0000 00007ffd`31201000   C:\Program
Files\LibreOffice\program\dict_zh.dll
ModLoad: 00007ffd`39ae0000 00007ffd`39c7c000   C:\Program
Files\LibreOffice\program\localedata_others.dll
ModLoad: 00007ffd`58dd0000 00007ffd`58f5b000   C:\Program
Files\LibreOffice\program\sal_textenclo.dll
(2a24.20f0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll!RtlpLowFragHeapAllocFromContext+0x5e9:
00007ffd`72383419 410fb781ae000000 movzx   eax,word ptr [r9+0AEh]
ds:00009e94`00009f3f=????
0:000> g
(2a24.20f0): Access violation - code c0000005 (!!! second chance !!!)
ntdll!RtlpLowFragHeapAllocFromContext+0x5e9:
00007ffd`72383419 410fb781ae000000 movzx   eax,word ptr [r9+0AEh]
ds:00009e94`00009f3f=????
0:000> ~* kp

.  0  Id: 2a24.20f0 Suspend: 1 Teb: 000000a7`99e31000 Unfrozen
 # Child-SP          RetAddr           Call Site
00 000000a7`9a98d7f0 00007ffd`7238265b
ntdll!RtlpLowFragHeapAllocFromContext+0x5e9
01 000000a7`9a98d8d0 00007ffd`6f29a506 ntdll!RtlpAllocateHeapInternal+0xeb
02 000000a7`9a98d9b0 00007ffd`65400c40 ucrtbase!_malloc_base+0x36
03 (Inline Function) --------`-------- sal3!rtl_allocateMemory_SYSTEM+0x6
[c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\alloc_global.cxx @ 232] 
04 000000a7`9a98d9e0 00007ffd`6541949d sal3!rtl_allocateMemory(unsigned int64 n
= <Value unavailable error>)+0x40
[c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\alloc_global.cxx @ 259] 
05 000000a7`9a98da20 00007ffd`6541a65a sal3!rtl_uString_ImplAlloc(long nLen =
0n28)+0x2d [c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\strtmpl.cxx @
1155] 
06 000000a7`9a98da50 00007ffd`3bf8dc9f
sal3!rtl_uString_newFromStr_WithLength(struct _rtl_uString ** ppThis =
0x000000a7`9a98dac8, char16_t * pCharStr = 0x000001f8`aa96a6ea
"org.openoffice.Office.Common/Misc/FontsUseWinMetrics", long nLen = 0n28)+0x3a
[c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\strtmpl.cxx @ 1374] 
07 000000a7`9a98da80 00007ffd`3c19e2ce mergedlo!rtl::OUString::copy(long
beginIndex = <Value unavailable error>, long count = <Value unavailable
error>)+0x2f
[c:\cygwin64\home\buildslave\source\libo-core\include\rtl\ustring.hxx @ 2215] 
08 000000a7`9a98dac0 00007ffd`3c176742
mergedlo!configmgr::Data::parseSegment(class rtl::OUString * path =
0x000000a7`9a98dd10 "/org.openoffice.Office.Common/Misc/FontsUseWinMetrics",
long index = <Value unavailable error>, class rtl::OUString * name =
0x000000a7`9a98db38 empty, bool * setElement = 0x000000a7`9a98dbd0, class
rtl::OUString * templateName = 0x000000a7`9a98dbd8 empty)+0x16e
[c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\data.cxx @ 124] 
09 000000a7`9a98db00 00007ffd`3c173d3b
mergedlo!configmgr::Access::getSubChild(class rtl::OUString * path =
0x000000a7`9a98dd10
"/org.openoffice.Office.Common/Misc/FontsUseWinMetrics")+0x372
[c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\access.cxx @
2001] 
0a 000000a7`9a98dbc0 00007ffd`3c1a58d1
mergedlo!configmgr::Access::getByHierarchicalName(class rtl::OUString * aName =
0x000000a7`9a98dd10
"/org.openoffice.Office.Common/Misc/FontsUseWinMetrics")+0x6b
[c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\access.cxx @
436] 
0b 000000a7`9a98dc30 00007ffd`3c0b7714
mergedlo!configmgr::read_write_access::`anonymous
namespace'::Service::getByHierarchicalName(class rtl::OUString * aName =
0x000000a7`9a98dd10
"/org.openoffice.Office.Common/Misc/FontsUseWinMetrics")+0x51
[c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\readwriteaccess.cxx
@ 76] 
0c 000000a7`9a98dc70 00007ffd`3ddf94fb
mergedlo!comphelper::detail::ConfigurationWrapper::getPropertyValue(class
rtl::OUString * path = <Value unavailable error>)+0x24
[c:\cygwin64\home\buildslave\source\libo-core\comphelper\source\misc\configuration.cxx
@ 140] 
0d 000000a7`9a98dcb0 00007ffd`3ddf8ffb
mergedlo!comphelper::ConfigurationProperty<officecfg::Office::Common::Misc::FontsUseWinMetrics,com::sun::star::uno::Sequence<rtl::OUString>
>::get(class
com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> *
context = 0x000000a7`9a98dd78 {{...}})+0x5b
[c:\cygwin64\home\buildslave\source\libo-core\include\comphelper\configuration.hxx
@ 210] 
0e 000000a7`9a98dd10 00007ffd`3ddf85b5
mergedlo!ImplFontMetricData::ShouldUseWinMetrics(struct vcl::TTGlobalFontInfo *
rInfo = <Value unavailable error>)+0x23b
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\font\fontmetric.cxx @
412] 
0f 000000a7`9a98de70 00007ffd`3de7bbb5
mergedlo!ImplFontMetricData::ImplCalcLineSpacing(class std::vector<unsigned
char,std::allocator<unsigned char> > * rHheaData = 0x000000a7`9a98dfe0 {
size=36 }, class std::vector<unsigned char,std::allocator<unsigned char> > *
rOS2Data = 0x000000a7`9a98dfc8 { size=86 }, int nUPEM = <Value unavailable
error>)+0x135
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\font\fontmetric.cxx @
467] 
10 000000a7`9a98dfa0 00007ffd`3dbad305
mergedlo!WinSalGraphics::GetFontMetric(class tools::SvRef<ImplFontMetricData> *
rxFontMetric = 0x000001f8`bc24aeb8, int nFallbackLevel = <Value unavailable
error>)+0x275
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\gdi\salfont.cxx @ 1053] 
11 000000a7`9a98e260 00007ffd`3dbab62c
mergedlo!OutputDevice::ImplNewFont(void)+0x1e5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\outdev\font.cxx @
1068] 
12 000000a7`9a98e2d0 00007ffd`3dbabe27
mergedlo!OutputDevice::GetFontCharMap(class tools::SvRef<FontCharMap> *
rxFontCharMap = 0x000000a7`9a98e330)+0x4c
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\outdev\font.cxx @ 233] 
13 000000a7`9a98e310 00007ffd`3d0511da mergedlo!OutputDevice::HasGlyphs(class
vcl::Font * rTempFont = 0x000001f8`bb75f4a0, class rtl::OUString * rStr =
0x000000a7`9a98e570 "人之初 性本善", long nIndex = <Value unavailable error>, long
nLen = 0n-1)+0xc7
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\outdev\font.cxx @
1475] 
14 000000a7`9a98e3a0 00007ffd`3d17f753
mergedlo!makeRepresentativeTextForFont(short nScriptType = 0n2, class vcl::Font
* rFont = 0x000001f8`bb75f4a0)+0xca
[c:\cygwin64\home\buildslave\source\libo-core\svtools\source\misc\sampletext.cxx
@ 1618] 
15 000000a7`9a98e460 00007ffd`3d9f92ae mergedlo!SvxFontPrevWindow::Paint(class
OutputDevice * rRenderContext = 0x000001f8`bb75e0f0, class tools::Rectangle *
__formal = 0x000001f8`bbb610b0 1807172015)+0x263
[c:\cygwin64\home\buildslave\source\libo-core\svx\source\dialog\fntctrl.cxx @
674] 
16 000000a7`9a98e570 00007ffd`3d9f9e2f mergedlo!PaintHelper::DoPaint(class
vcl::Region * pRegion = <Value unavailable error>)+0x23e
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
307] 
17 000000a7`9a98e620 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = 0n26 (No matching
enumerant))+0x17f
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
605] 
18 000000a7`9a98e6d0 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
19 000000a7`9a98e780 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
1a 000000a7`9a98e830 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
1b 000000a7`9a98e8e0 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
1c 000000a7`9a98e990 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
1d 000000a7`9a98ea40 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
1e 000000a7`9a98eaf0 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
1f 000000a7`9a98eba0 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
20 000000a7`9a98ec50 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
21 000000a7`9a98ed00 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
22 000000a7`9a98edb0 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
23 000000a7`9a98ee60 00007ffd`3d9f8d00
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
24 000000a7`9a98ef10 00007ffd`3d9f9e55
mergedlo!PaintHelper::~PaintHelper(void)+0x90
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
540] 
25 000000a7`9a98efc0 00007ffd`3d9f9f46
mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion =
0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
610] 
26 (Inline Function) --------`--------
mergedlo!vcl::Window::ImplCallOverlapPaint+0x52
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
628] 
27 000000a7`9a98f070 00007ffd`3dd85bda
mergedlo!vcl::Window::ImplHandlePaintHdl(class Timer * __formal =
0x00000000`00000000)+0xc6
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @
649] 
28 000000a7`9a98f0a0 00007ffd`3de69940
mergedlo!Scheduler::ProcessTaskScheduling(void)+0x26a
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\scheduler.cxx @
448] 
29 (Inline Function) --------`-------- mergedlo!SalTimer::CallCallback+0xb
[c:\cygwin64\home\buildslave\source\libo-core\vcl\inc\saltimer.hxx @ 55] 
2a 000000a7`9a98f150 00007ffd`3de6627a
mergedlo!WinSalTimer::ImplHandleElapsedTimer(void)+0x30
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\saltimer.cxx @ 159] 
2b 000000a7`9a98f180 00007ffd`3de65d0b mergedlo!ImplSalYield(bool bWait = true,
bool bHandleAllCurrentEvents = false)+0x17a
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 514] 
2c 000000a7`9a98f210 00007ffd`3dd97cd1 mergedlo!WinSalInstance::DoYield(bool
bWait = true, bool bHandleAllCurrentEvents = false)+0x9b
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 560] 
2d (Inline Function) --------`-------- mergedlo!ImplYield+0x2a
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 470] 
2e (Inline Function) --------`-------- mergedlo!Application::Yield+0x2a
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 535] 
2f 000000a7`9a98f250 00007ffd`3cd866c4
mergedlo!Application::Execute(void)+0x161
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 450] 
30 000000a7`9a98f2b0 00007ffd`3dda026e
mergedlo!desktop::Desktop::Main(void)+0x1084
[c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx @
1634] 
31 000000a7`9a98f4d0 00007ffd`3dda0752 mergedlo!ImplSVMain(void)+0x6e
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 200] 
32 000000a7`9a98f510 00007ffd`3cda4147 mergedlo!SVMain(void)+0x32
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 239] 
33 000000a7`9a98f540 00007ff7`48c4102e mergedlo!soffice_main(void)+0x127
[c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\sofficemain.cxx
@ 170] 
34 000000a7`9a98f7a0 00007ff7`48c41317 soffice+0x102e
35 000000a7`9a98f7d0 00007ffd`70713034 soffice!main+0x2d7
36 000000a7`9a98f810 00007ffd`723e1471 KERNEL32!BaseThreadInitThunk+0x14
37 000000a7`9a98f840 00000000`00000000 ntdll!RtlUserThreadStart+0x21

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20181123/ef4f8356/attachment-0001.html>

More information about the Libreoffice-bugs mailing list