Bug 281112

Summary: Words/wv2 import filter crashes with .doc file
Product: [Applications] calligrawords Reporter: Thomas Fischer <fischer>
Component: docAssignee: Matus Uzak <matus.uzak>
Status: RESOLVED FIXED    
Severity: crash CC: matus.uzak, sebsauer, swathi.vegesna999
Priority: NOR    
Version: Git   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: .doc file that makes Words crash

Description Thomas Fischer 2011-08-31 13:15:35 UTC 
Created attachment 63260 [details]
.doc file that makes Words crash

Version:           2.4-snapshots (using KDE 4.6.5) 
OS:                Linux

This is essentially the same bug as 27542, but applied to Calligra Words 2.3.74.
The file is the same: http://www.ambience11.se/doc/Ambience11_cpf_template.doc
Crash output is slightly different (maybe due to updated wv2 library):

words(3601)/winword-filter MSWordOdfImport::convert: ######################## MSWordOdfImport::convert ########################
words(3601)/winword-filter: Unable to construct  /Data stream 
words(3601)/winword-filter MSWordOdfImport::convert: Failed to open /Data stream, no big deal (OPTIONAL).
words(3601)/winword-filter MSWordOdfImport::convert: created storeout.
words(3601)/winword-filter MSWordOdfImport::convert: created oasisStore.
words(3601)/winword-filter MSWordOdfImport::convert: created temp contentWriter and bodyWriter.


Reproducible: Always

Steps to Reproduce:
Open attached .doc file.

Actual Results:  
Words will immediately crash. No (graphical) error message or DrKonqi

Expected Results:  
File opens properly.
Comment 1 Camilla Boemann 2011-08-31 13:19:14 UTC 
i can confirm
Comment 2 Sebastian Sauer 2011-09-02 11:26:48 UTC 
Attached patch fixes the problem. The patch restores the logic we had before commit 62771a54. Commit 62771a54 fixed bug 245368 but since then it seems it was fixed another way and with this patch applied bug 245368 cannot be reproduced any longer.

diff --git a/filters/words/msword-odf/wv2/src/headers.cpp b/filters/words/msword-odf/wv2/src/headers.cpp
index 877f557..6c371bf 100644
--- a/filters/words/msword-odf/wv2/src/headers.cpp
+++ b/filters/words/msword-odf/wv2/src/headers.cpp
@@ -61,7 +61,7 @@ Headers::Headers( U32 ccpHdd, U32 fcPlcfhdd, U32 lcbPlcfhdd, OLEStreamReader* ta
             tableStream->readU32();
         }
     }
-
+#if 0
     QList<U32> strsCPs;
     //CPs of header/footer related stories 
     for ( ; i < lcbPlcfhdd; i += sizeof( U32 ) ) {
@@ -108,6 +108,11 @@ Headers::Headers( U32 ccpHdd, U32 fcPlcfhdd, U32 lcbPlcfhdd, OLEStreamReader* ta
     //append second-to-last and last CP
     m_headers.append(strsCPs[l]);
     m_headers.append(strsCPs[l + 1]);
+#else
+    for ( ; i < lcbPlcfhdd; i += sizeof( U32 ) ) {
+        m_headers.push_back( tableStream->readU32() );
+    }
+#endif
 
     tableStream->pop();
 }
Comment 3 Sebastian Sauer 2011-09-02 11:28:03 UTC 
*** Bug 281164 has been marked as a duplicate of this bug. ***
Comment 4 Sebastian Sauer 2011-09-02 11:31:42 UTC 
It looks as the reason is that the new code that was added with commit 62771a54 makes the assumption that

lcbPlcfhdd / sizeof( U32 ) - 2

is true also for the case that version!=Word8 what seems to be not correct.
Comment 5 Sebastian Sauer 2011-09-02 11:45:10 UTC 
Note that the document attached to bug 281164 is a version==Word8 document. So, the code is wrong for version==Word8 documents too.

With the patch from comment #2 this is fixed too.
Comment 6 Sebastian Sauer 2011-09-02 11:51:11 UTC 
Patch from comment #2 is for review at https://git.reviewboard.kde.org/r/102520/ . Waiting for feedback from Matus now :-)
Comment 7 Matus Uzak 2011-09-07 09:07:50 UTC 
Git commit 3e38e48b682a57b76ad1056ce587958e252dd56d by Matus Uzak.
Committed on 06/09/2011 at 19:03.
Pushed by uzak into branch 'master'.

DOC: Improved validation of the Header document.

* Check for missing header/footer stories and append empty ones if required.
* Use a different logic for Word6/Word7 and Word8 files.

BUG:281112
BUG:281164

M  +94   -42   filters/words/msword-odf/wv2/src/headers.cpp
M  +3    -2    filters/words/msword-odf/wv2/src/headers.h
M  +4    -2    filters/words/msword-odf/wv2/src/headers95.cpp
M  +2    -1    filters/words/msword-odf/wv2/src/headers95.h
M  +3    -2    filters/words/msword-odf/wv2/src/headers97.cpp
M  +2    -1    filters/words/msword-odf/wv2/src/headers97.h
M  +3    -1    filters/words/msword-odf/wv2/src/parser95.cpp
M  +3    -1    filters/words/msword-odf/wv2/src/parser97.cpp

http://commits.kde.org/calligra/3e38e48b682a57b76ad1056ce587958e252dd56d
Comment 8 swathi 2011-09-13 12:35:23 UTC 
In git commit 79697867a34448f3472bbd3243247cb141ee11bf,document opened with out any crash.