51301 – crash on load of invalid .sxw created with GRAMPS (svg:viewBox="0 0 0 0")

Issue 51301 - crash on load of invalid .sxw created with GRAMPS (svg:viewBox="0 0 0 0")

Summary: crash on load of invalid .sxw created with GRAMPS (svg:viewBox="0 0 0 0")

Status:	CLOSED FIXED

Alias:	None

Product:	Writer
Classification:	Application
Component:	open-import (show other issues)
Version:	680m109
Hardware:	All All

Importance:	P2 Trivial (vote)
Target Milestone:	---
Assignee:	eric.savary
QA Contact:	issues@sw

URL:
Keywords:	crash, oooqa, regression

Depends on:
Blocks:

Reported:	2005-06-28 11:53 UTC by caolanm
Modified:	2013-08-07 14:40 UTC (History)
CC List:	1 user (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
sample flawed sxw (3.72 KB, application/vnd.sun.xml.writer) 2005-06-28 11:54 UTC, caolanm	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description caolanm 2005-06-28 11:53:26 UTC

loading the attached document created with "GRAMPS" causes stacktrace of...

0xae2afe: /usr/lib/openoffice.org2.0/program/libuno_sal.so.3 + 0x1dafe
0xae334c: /usr/lib/openoffice.org2.0/program/libuno_sal.so.3 + 0x1e34c
0xf98420:  + 0x420 (__kernel_sigreturn + 0x0)
0x27c4ba6: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x165ba6
0x26be2c1: /usr/lib/openoffice.org2.0/program/libxo680li.so + 0x5f2c1
(SvXMLImport::startElement(rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> const&)
+ 0x387)
0x184c9c5: /usr/lib/openoffice.org2.0/program/libxof680li.so + 0x219c5
0x185585d: /usr/lib/openoffice.org2.0/program/libxof680li.so + 0x2a85d
0x10da2f7: /usr/lib/openoffice.org2.0/program/sax.uno.so + 0x92f7
0x81de03: /usr/lib/libexpat.so.0 + 0x8e03
0x81ec6d: /usr/lib/libexpat.so.0 + 0x9c6d
0x81cab2: /usr/lib/libexpat.so.0 + 0x7ab2
0x81d73d: /usr/lib/libexpat.so.0 + 0x873d
0x8177e9: /usr/lib/libexpat.so.0 + 0x27e9 (XML_ParseBuffer + 0x75)
0x819d9b: /usr/lib/libexpat.so.0 + 0x4d9b (XML_Parse + 0x143)
0x10da46f: /usr/lib/openoffice.org2.0/program/sax.uno.so + 0x946f
0x10dad05: /usr/lib/openoffice.org2.0/program/sax.uno.so + 0x9d05
0xb521c181: /usr/lib/openoffice.org2.0/program/libsw680li.so + 0x541181
0xb521c5ef: /usr/lib/openoffice.org2.0/program/libsw680li.so + 0x5415ef
0xb521d8e8: /usr/lib/openoffice.org2.0/program/libsw680li.so + 0x5428e8
0xb50fa4b8: /usr/lib/openoffice.org2.0/program/libsw680li.so + 0x41f4b8
0xb525af61: /usr/lib/openoffice.org2.0/program/libsw680li.so + 0x57ff61
0x865646d: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x11846d
(SfxObjectShell::LoadOwnFormat(SfxMedium&) + 0xe5)
0x865a71e: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x11c71e
(SfxObjectShell::DoLoad(SfxMedium*) + 0x430)
0x8688db6: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x14adb6
(SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) + 0x302)
0x86a4071: /usr/lib/openoffice.org2.0/program/libsfx680li.so + 0x166071
0x127f4b2: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xe04b2
0x127f675: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xe0675
0x127f72e: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0xe072e
0x11d36fb: /usr/lib/openoffice.org2.0/program/libfwk680li.so + 0x346fb
0x8072879: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x48879
(desktop::DispatchWatcher::executeDispatchRequests(_STL::vector<desktop::DispatchWatcher::DispatchRequest,
_STL::allocator<desktop::DispatchWatcher::DispatchRequest> > const&) + 0xf27)
0x806c59b: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x4259b
(desktop::OfficeIPCThread::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&)
+ 0x10b)
0x8062f27: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x38f27
(desktop::Desktop::OpenClients() + 0x38b)
0x8066e03: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x3ce03
(desktop::Desktop::OpenClients_Impl(void*) + 0x25)
0x5e044e2: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x824e2
0x5f58853: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x1d6853
0xf0611c: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x2211c
0xf2b27b: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x4727b
(SalDisplay::DispatchInternalEvent() + 0xad)
0xe438b3: /usr/lib/openoffice.org2.0/program/libvclplug_gtk680li.so + 0xa8b3
0xe80650: /usr/lib/libglib-2.0.so.0 + 0x25650
0xe7e3ee: /usr/lib/libglib-2.0.so.0 + 0x233ee (g_main_context_dispatch + 0x1dc)
0xe813f6: /usr/lib/libglib-2.0.so.0 + 0x263f6
0xe818d8: /usr/lib/libglib-2.0.so.0 + 0x268d8 (g_main_context_iteration + 0x66)
0xe434d9: /usr/lib/openoffice.org2.0/program/libvclplug_gtk680li.so + 0xa4d9
0xf2cf41: /usr/lib/openoffice.org2.0/program/libvclplug_gen680li.so + 0x48f41
(X11SalInstance::Yield(unsigned char) + 0x29)
0x5e0a850: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x88850
(Application::Yield() + 0x50)
0x5e0a88e: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x8888e
(Application::Execute() + 0x26)
0x80667c7: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x3c7c7
(desktop::Desktop::Main() + 0x14a3)
0x5e0fc73: /usr/lib/openoffice.org2.0/program/libvcl680li.so + 0x8dc73 (SVMain()
+ 0x45)
0x80618cb: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x378cb (sal_main +
0x47)
0x557de6: /lib/libc.so.6 + 0x14de6 (__libc_start_main + 0xc6)
0x8061801: /usr/lib/openoffice.org2.0/program/soffice.bin + 0x37801
(Window::RequestHelp(HelpEvent const&) + 0x31)

Comment 1 caolanm 2005-06-28 11:54:07 UTC

Created attachment 27537 [details]
sample flawed sxw

Comment 2 michael.ruess 2005-06-28 12:00:18 UTC

Reassigned to ES.

Comment 3 eric.savary 2005-06-28 12:26:52 UTC

ES->FLR: please have a look.

Comment 4 j_sanchezf 2005-07-06 23:19:41 UTC

I am the one who sent the original bug report to Fedora that was escalated
upstream here.

I am a translator and minor developer for GRAMPS. We want to clean the output
from GRAMPS so that it is valid.  I am testing changes that produce OOo
documents that seem to be DTD-compliant, but they still break OOo. I have a
compliant small test case.  Do you want me to attach it to this bug report or do
you think it is unnecessary?

Comment 5 lohmaier 2005-07-07 01:20:19 UTC

the element that makes OOo 1.9mXX crash is the draw:polygon element, more
precise its svg:viewBox attribute.

svg:viewBox="0 0 0 0"  - OOo doesn't like it to be all zero...

I don't know whether this is a bug of the document or a bug in OOo.

Comment 6 j_sanchezf 2005-07-07 06:36:03 UTC

Thanks for the hint.  The draw:viewBox value in the document is wrong.  I don't
know if is forbidden by the specification (arguably not), but its value was
unintended.  The computing algorithm had a rounding error that was producing
those values.  I have committed a fixed algorithm to GRAMPS current stable
branch that computes a correct draw:viewBox.  The result no longer crashes OOo,
We are still reviewing the changes needed to bring GRAMPS to OOo DTD compliance.

In my opinion, I think this issue should be left open as long as OOo crashes
with user input.

Comment 7 lohmaier 2005-07-07 11:32:23 UTC

Sure this one will be kept - OOo should never crash, esp. not when loading
documents.
setting regression keyword since the document opens without a crash in OOo 1.1.4

Comment 8 Mathias_Bauer 2006-01-20 15:17:02 UTC

We will not be able to fix that one until code freeze for 2.0.2 -> retargetted
to 2.0.3

Comment 9 Mathias_Bauer 2006-03-09 14:37:53 UTC

Cash:
>	xo680mi.dll!SdXMLImExPointsElement::SdXMLImExPointsElement()  + 0x1bc	C++
 	xo680mi.dll!SdXMLPolygonShapeContext::StartElement()  + 0xee	C++
 	xo680mi.dll!SvXMLImport::startElement()  + 0x38d	C++
 	xof680mi.dll!XMLProcAttrTransformerContext::StartElement()  + 0x45	C++
 	xof680mi.dll!XMLTransformerBase::startElement()  + 0x360	C++

There are a lot of assertions about wrong attributes before, I assume that the
doc is broken. While I agree that we shouldn't crash I also think that the
target is debatable. Please have a look wether an easy fix can be applied to
avoid the crash.

Comment 10 clippka 2006-03-14 12:29:22 UTC

fixed in cws impress89,

in xmloff/source/draw/xexptran.cxx we used the viewbox width and hight for
deviding in case of scaling. Even so a viewbox 0 0 0 0 does not make sense, we
now won't crash anymore.

Comment 11 clippka 2006-03-23 12:42:44 UTC

verified in cws, back to qa

re-open issue and reassign to es@openoffice.org

Comment 12 clippka 2006-03-23 12:42:50 UTC

reassign to es@openoffice.org

Comment 13 clippka 2006-03-23 12:42:57 UTC

reset resolution to FIXED

Comment 14 eric.savary 2006-04-04 10:24:06 UTC

Verified in CWS impress89

Comment 15 eric.savary 2006-04-13 13:20:58 UTC

Ok in src680m163