Crash test update
Jean-Tiare LE BIGOT
admin at jtlebi.fr
Mon Nov 14 08:07:17 UTC 2016
OK, this is the same pattern as the case handled in:
git show 4bcf1872 oox/source/drawingml/chart/typegroupconverter.cxx
There might similar bugs hanging around. In a nutshell, some fallback
code in the importer forgot to init some part of the structure. This was
fine until we moved from relying on the element count to relying on the
last element index.
Here is a tentative fix: https://gerrit.libreoffice.org/30838
Le 11/11/2016 à 17:20, Caolán McNamara a écrit :
> On Thu, 2016-11-10 at 21:38 +0100, Jean-Tiare LE BIGOT wrote:
>> Thanks for the explanations ! Unfortunately, I can't access
>> https://bugzilla.novell.com/show_bug.cgi?id=403458.
>>
>> Can someone grant access to 'yadutaf' / admin at jtlebi.fr or send me
>> privately a copy of this file to troubleshoot ?
>>
>> I tried to reproduce the crashes with some of the files I have access
>> to:
>>
>> - fdo58197-1.pptx
>
> fdo58197-1.pptx will do fine to reproduce it, they're all the same
> issue.
>
>> They all seem to crash somewhere in libxmlreaderlo.so. It seems
>> unlikely to be related to commit
>> 4bcf1872bbe9db1388769485a7e4c0cbcce3d53c
>
> It crashes in libxmlreaderlo.so because an unexpected std::length_error
> exception is thrown and it dies through std::terminate. My commit
> "fixes" this by making those methods allow std::exception derived
> exceptions to be thrown through them, so it doesn't crash.
>
> if you...
>
> gdb --args ./instdir/program/soffice.bin --headless --convert-to pdf
> fdo58197-1.pptx
> (gdb) catch throw std::length_error
> (gdb) run
> (gdb) up... a bunch of times until you get to chartconverter.cxx
>
> you'll see that chartconverter.cxx:136 is
> Matrix< Any > aMatrix( rDataSeq.mnPointCount, 1 )
> and rDataSeq.mnPointCount is -1, which doesn't make sense as a length
> argument to vector::resize
>
> C.
>
--
Jean-Tiare LE BIGOT
More information about the LibreOffice
mailing list