Created attachment 63260 [details] .doc file that makes Words crash Version: 2.4-snapshots (using KDE 4.6.5) OS: Linux This is essentially the same bug as 27542, but applied to Calligra Words 2.3.74. The file is the same: http://www.ambience11.se/doc/Ambience11_cpf_template.doc Crash output is slightly different (maybe due to updated wv2 library): words(3601)/winword-filter MSWordOdfImport::convert: ######################## MSWordOdfImport::convert ######################## words(3601)/winword-filter: Unable to construct /Data stream words(3601)/winword-filter MSWordOdfImport::convert: Failed to open /Data stream, no big deal (OPTIONAL). words(3601)/winword-filter MSWordOdfImport::convert: created storeout. words(3601)/winword-filter MSWordOdfImport::convert: created oasisStore. words(3601)/winword-filter MSWordOdfImport::convert: created temp contentWriter and bodyWriter. Reproducible: Always Steps to Reproduce: Open attached .doc file. Actual Results: Words will immediately crash. No (graphical) error message or DrKonqi Expected Results: File opens properly.
i can confirm
Attached patch fixes the problem. The patch restores the logic we had before commit 62771a54. Commit 62771a54 fixed bug 245368 but since then it seems it was fixed another way and with this patch applied bug 245368 cannot be reproduced any longer. diff --git a/filters/words/msword-odf/wv2/src/headers.cpp b/filters/words/msword-odf/wv2/src/headers.cpp index 877f557..6c371bf 100644 --- a/filters/words/msword-odf/wv2/src/headers.cpp +++ b/filters/words/msword-odf/wv2/src/headers.cpp @@ -61,7 +61,7 @@ Headers::Headers( U32 ccpHdd, U32 fcPlcfhdd, U32 lcbPlcfhdd, OLEStreamReader* ta tableStream->readU32(); } } - +#if 0 QList<U32> strsCPs; //CPs of header/footer related stories for ( ; i < lcbPlcfhdd; i += sizeof( U32 ) ) { @@ -108,6 +108,11 @@ Headers::Headers( U32 ccpHdd, U32 fcPlcfhdd, U32 lcbPlcfhdd, OLEStreamReader* ta //append second-to-last and last CP m_headers.append(strsCPs[l]); m_headers.append(strsCPs[l + 1]); +#else + for ( ; i < lcbPlcfhdd; i += sizeof( U32 ) ) { + m_headers.push_back( tableStream->readU32() ); + } +#endif tableStream->pop(); }
*** Bug 281164 has been marked as a duplicate of this bug. ***
It looks as the reason is that the new code that was added with commit 62771a54 makes the assumption that lcbPlcfhdd / sizeof( U32 ) - 2 is true also for the case that version!=Word8 what seems to be not correct.
Note that the document attached to bug 281164 is a version==Word8 document. So, the code is wrong for version==Word8 documents too. With the patch from comment #2 this is fixed too.
Patch from comment #2 is for review at https://git.reviewboard.kde.org/r/102520/ . Waiting for feedback from Matus now :-)
Git commit 3e38e48b682a57b76ad1056ce587958e252dd56d by Matus Uzak. Committed on 06/09/2011 at 19:03. Pushed by uzak into branch 'master'. DOC: Improved validation of the Header document. * Check for missing header/footer stories and append empty ones if required. * Use a different logic for Word6/Word7 and Word8 files. BUG:281112 BUG:281164 M +94 -42 filters/words/msword-odf/wv2/src/headers.cpp M +3 -2 filters/words/msword-odf/wv2/src/headers.h M +4 -2 filters/words/msword-odf/wv2/src/headers95.cpp M +2 -1 filters/words/msword-odf/wv2/src/headers95.h M +3 -2 filters/words/msword-odf/wv2/src/headers97.cpp M +2 -1 filters/words/msword-odf/wv2/src/headers97.h M +3 -1 filters/words/msword-odf/wv2/src/parser95.cpp M +3 -1 filters/words/msword-odf/wv2/src/parser97.cpp http://commits.kde.org/calligra/3e38e48b682a57b76ad1056ce587958e252dd56d
In git commit 79697867a34448f3472bbd3243247cb141ee11bf,document opened with out any crash.