https://bugs.documentfoundation.org/show_bug.cgi?id=167936
Bug ID: 167936
Summary: LibreOffice crash (segmentation fault) when opening
document from UNO pipe
Product: LibreOffice
Version: 25.2.5.2 release
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: sdk
Assignee: [email protected]
Reporter: [email protected]
Created attachment 202308
--> https://bugs.documentfoundation.org/attachment.cgi?id=202308&action=edit
Java code demonstrating the problem
This problem has also been reported as
https://bugzilla.redhat.com/show_bug.cgi?id=2388224 . I'm not sure if sdk is
the proper component to report against; please move to other components as
needed.
I have a Java program (attached) that starts a headless LO process, connects to
it using a named pipe and uses loadComponentFromURL to open an ODT file. Doing
this with LO 24.8 works perfectly, but LO 25.2 crashes while reading the file.
It happens with several ODT files that I've tried, all of which can be opened
without problems from the GUI - the one I am testing with has been created in
LO 25.2 and is completely empty.
The stacktraces (attached) show that the crash happens in
package/source/zipapi/ZipFile.cxx:1173 or
package/source/zipapi/ByteGrabber.cxx:59 . The ODT file is 9312 bytes, so in
ZipFile.cxx nLength = 9312, nSize = 534 and nEnd = 8778. This matches well with
what I observe - just before the crash happens the seek method of the input
stream is called with position = 8778, corresponding to ZipFile.cxx line 1169,
and nBytesToRead is 534 in ByteGrabber.cxx line 59.
I have noticed that the memory handling at the crash site in
ZipFile::findCentralDirectory() has been refactored from LO 24.8 to 25.2 to use
a sal_Int8[] wrapped in a unique_ptr instead of a Sequence.
--
You are receiving this mail because:
You are the assignee for the bug.
