You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openoffice.apache.org by bu...@apache.org on 2023/01/17 19:49:58 UTC

[Issue 127783] Crash when opening any PPT file

https://bz.apache.org/ooo/show_bug.cgi?id=127783

damjan@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |damjan@apache.org

--- Comment #6 from damjan@apache.org ---
The sample document crashes for me on FreeBSD as well. Top 21 stack frames:

---snip---
#0  ContentAttribs::GetStyleSheet() const (this=0x8) at
source/editeng/editdoc.hxx:192
#1  0x000000080448453d in ImpEditEngine::SetStyleSheet(unsigned int,
SfxStyleSheet*) (this=0x80aef1710, nPara=<optimized out>, pStyle=0x80ab74380)
at source/editeng/impedit5.cxx:78
#2  0x000000080447a16c in ImpEditEngine::InsertBinTextObject(BinTextObject&,
EditPaM) (this=this@entry=0x80aef1710, rTextObject=..., aPaM=...) at
source/editeng/impedit4.cxx:1347
#3  0x0000000804476b74 in ImpEditEngine::InsertText(EditTextObject const&,
EditSelection) (this=this@entry=0x80aef1710, rTextObject=..., aSel=...) at
source/editeng/impedit4.cxx:1230
#4  0x0000000804479963 in ImpEditEngine::SetText(EditTextObject const&)
(this=0x80aef1710, rTextObject=...) at source/editeng/impedit4.cxx:1214
#5  0x000000080442b979 in EditEngine::SetText(EditTextObject const&)
(this=0x80aea9450, rTextObject=...) at source/editeng/editeng.cxx:1383
#6  0x00000008044d322a in Outliner::SetText(OutlinerParaObject const&)
(this=0x80ab64290, rPObj=...) at source/outliner/outliner.cxx:646
#7  0x0000000803b47bb5 in SdrTextObj::AdjustTextFrameWidthAndHeight(Rectangle&,
int, int) const (this=0x80d98c350, rR=..., bHgt=<optimized out>,
bWdt=<optimized out>) at source/svdraw/svdotxat.cxx:148
#8  0x0000000803b47eb8 in SdrTextObj::NbcAdjustTextFrameWidthAndHeight(int,
int) (this=0x8, bHgt=16017840, bWdt=16684368) at source/svdraw/svdotxat.cxx:211
#9  0x0000000803b3bb84 in
SdrTextObj::NbcSetOutlinerParaObjectForText(OutlinerParaObject*, SdrText*)
(this=0x80d98c350, pTextObject=<optimized out>, pText=0x80d97b910) at
source/svdraw/svdotext.cxx:1505
#10 0x0000000803b045b4 in SdrObject::SetOutlinerParaObject(OutlinerParaObject*)
(this=0x80d98c350, pTextObject=0x80d942610) at source/svdraw/svdobj.cxx:1781
#11 0x000000080e6d2caa in SdPage::SetObjText(SdrTextObj*, SdrOutliner*,
PresObjKind, String const&) (this=this@entry=0x80aeac010, pObj=0x8, 
    pObj@entry=0x80d98c350, pOutliner=pOutliner@entry=0x80a138710,
eObjKind=<optimized out>, rString=...) at source/core/sdpage.cxx:2502
#12 0x000000080e6d1a1f in SdPage::CreatePresObj(PresObjKind, unsigned char,
Rectangle const&, unsigned char) (this=this@entry=0x80aeac010,
eObjKind=16684368, 
    eObjKind@entry=PRESOBJ_NOTES, bVertical=bVertical@entry=0 '\000',
rRect=<optimized out>) at source/core/sdpage.cxx:466
#13 0x000000080e6d6e93 in SdPage::InsertAutoLayoutShape(SdrObject*,
PresObjKind, bool, Rectangle, bool) (this=this@entry=0x80aeac010, pObj=0x0,
eObjKind=eObjKind@entry=PRESOBJ_NOTES, bVertical=false, aRect=..., bInit=true)
    at source/core/sdpage.cxx:2226
#14 0x000000080e6d36fc in SdPage::SetAutoLayout(AutoLayout, unsigned char,
unsigned char) (this=0x8, eLayout=<optimized out>, bInit=1 '\001',
bCreate=<optimized out>) at source/core/sdpage.cxx:1575
#15 0x000000080e1561f1 in ImplSdPPTImport::Import() (this=0x80d867010) at
source/filter/ppt/pptin.cxx:1033
#16 0x000000080e153d57 in SdPPTImport::Import() (this=this@entry=0x80d860850)
at source/filter/ppt/pptin.cxx:164
#17 0x000000080e15b35b in ImportPPT(rtl::OUString const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>*,
SdDrawDocument*, SvStream&, SotStorage&, SfxMedium&)
    (rConfigPath=..., pConfigData=pConfigData@entry=0x7fffffff9450,
pDocument=pDocument@entry=0x80a144c10, rDocStream=..., rStorage=...,
rMedium=...) at source/filter/ppt/pptin.cxx:2789
#18 0x000000080e740bc1 in SdPPTFilter::Import() (this=0x7fffffff94a0) at
source/filter/sdpptwrp.cxx:116
#19 0x000000080e68932b in sd::DrawDocShell::ConvertFrom(SfxMedium&)
(this=0x80a0b0670, rMedium=...) at source/ui/docshell/docshel4.cxx:488
#20 0x000000080141ab89 in SfxObjectShell::DoLoad(SfxMedium*) (this=0x80a0b0670,
pMed=0x80aecfe10) at source/doc/objstor.cxx:753
---snip---


In frame #0 we have this=0x8, which is definitely wrong, objects are never that
low in memory. It came from frame #1, line 77:

74      void ImpEditEngine::SetStyleSheet( sal_uInt16 nPara, SfxStyleSheet*
pStyle )
75      {
76              DBG_ASSERT( GetStyleSheetPool() || !pStyle, "SetStyleSheet: No
StyleSheetPool registered!" );
77              ContentNode* pNode = aEditDoc.SaveGetObject( nPara );
78              SfxStyleSheet* pCurStyle = pNode->GetStyleSheet();

(gdb) print pNode
$2 = (ContentNode *) 0x0

So in line 78 we're calling GetStyleSheet() on a NULL pNode. The reason NULL
becomes 8 is probably a second vtable pointer on an object using multiple
inheritance.

But "git blame" shows that whole function is unchanged since the code was
initially imported in 2011. It wasn't a case of a NULL check being removed. The
root cause must be elsewhere.

-- 
You are receiving this mail because:
You are the assignee for the issue.