379396 – Calligra crashes on opening a particular .doc file

Bug 379396 - Calligra crashes on opening a particular .doc file

Summary: Calligra crashes on opening a particular .doc file

Status:	REPORTED

Alias:	None

Product:	calligrawords
Classification:	Applications
Component:	doc (show other bugs)
Version:	2.9.7
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Calligra Words Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-01 06:07 UTC by phma
Modified:	2021-01-01 05:04 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
File sent by a gold scammer (230.50 KB, application/msword) 2017-05-01 06:07 UTC, phma	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description phma 2017-05-01 06:07:20 UTC

Created attachment 105292 [details]
File sent by a gold scammer

-- Information about the crash:
- What I was doing when the application crashed:
I ran "calligra <file.doc> and it crashed. I brought up Calligra Words from the K gear and tried to open the file, and it crashed. I opened another .doc file, and it didn't crash.

The crash can be reproduced every time.

The attached file is a .doc file sent by a gold scammer whom I am baiting. Please do not contact the scammer, as it would blow the bait.

-- Backtrace:
Application: Calligra Words (calligrawords), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f99d3a74940 (LWP 23898))]

Thread 2 (Thread 0x7f99a967e700 (LWP 23933)):
#0  0x00007f99d348ab5d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007f99ce36538c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f99ce36549c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f99d1b7a2ce in QEventDispatcherGlib::processEvents (this=0x7f99a40008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:452
#4  0x00007f99d1b4818f in QEventLoop::processEvents (this=this@entry=0x7f99a967dc40, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007f99d1b484f5 in QEventLoop::exec (this=this@entry=0x7f99a967dc40, flags=...) at kernel/qeventloop.cpp:204
#6  0x00007f99d1a37549 in QThread::exec (this=this@entry=0x1dc3db0) at thread/qthread.cpp:538
#7  0x00007f99d1b2babd in QDnotifySignalThread::run (this=0x1dc3db0) at io/qfilesystemwatcher_dnotify.cpp:179
#8  0x00007f99d1a39e3c in QThreadPrivate::start (arg=0x1dc3db0) at thread/qthread_unix.cpp:352
#9  0x00007f99ce84c6ba in start_thread (arg=0x7f99a967e700) at pthread_create.c:333
#10 0x00007f99d349682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f99d3a74940 (LWP 23898)):
[KCrash Handler]
#6  0x00007f99d3413982 in __GI___libc_free (mem=0x1eca820) at malloc.c:2965
#7  0x00007f99d0165693 in QVectorTypedData<KoXmlWriter::Tag>::free (alignment=<optimized out>, x=<optimized out>) at /usr/include/qt4/QtCore/qvector.h:99
#8  QVector<KoXmlWriter::Tag>::free (this=0x1f177e8, x=<optimized out>) at /usr/include/qt4/QtCore/qvector.h:468
#9  QVector<KoXmlWriter::Tag>::realloc (this=this@entry=0x1f177e8, asize=-1, aalloc=<optimized out>) at /usr/include/qt4/QtCore/qvector.h:553
#10 0x00007f99d0163e19 in QVector<KoXmlWriter::Tag>::append (t=..., this=0x1f177e8) at /usr/include/qt4/QtCore/qvector.h:577
#11 QStack<KoXmlWriter::Tag>::push (t=..., this=0x1f177e8) at /usr/include/qt4/QtCore/qstack.h:60
#12 KoXmlWriter::startElement (this=this@entry=0x2327e40, tagName=tagName@entry=0x7f99a3d9ab9c "text:p", indentInside=indentInside@entry=false) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/odf/KoXmlWriter.cpp:134
#13 0x00007f99a3c8d12a in Paragraph::writeToFile (this=0x1e51ac0, writer=writer@entry=0x2327e40, openTextBox=<optimized out>, tabLeader=<optimized out>) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/paragraph.cpp:419
#14 0x00007f99a3c7583d in WordsTextHandler::paragraphEnd (this=0x1e96080) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/texthandler.cpp:970
#15 0x00007f99a3993822 in wvWare::Parser9x::processParagraph (this=this@entry=0x1e94230, fc=fc@entry=4423) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/wv2/src/parser9x.cpp:835
#16 0x00007f99a3996dec in wvWare::Parser9x::processPiece<unsigned char> (this=this@entry=0x1e94230, string=string@entry=0x1eb5da0 "\b\b\b\r\r\r\r\r\r\r\r\b\r\rPRIVATE SALE AND PURCHASE AGREEMENT FOR ALLUVIAL \rGOLD BAR INTERNATIONAL ACCEPTABLE (DELIVERY)\r\b\r\rTHIS AGREEMENT BETWEEN:\r\rKONE GOLD MINES INC. with headquarters in Abidjan, hereby duly "..., fc=fc@entry=2048, limit=limit@entry=12661, position=...) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/wv2/src/parser9x.cpp:593
#17 0x00007f99a399427e in wvWare::Parser9x::parseHelper (this=this@entry=0x1e94230, startPos=...) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/wv2/src/parser9x.cpp:529
#18 0x00007f99a3994991 in wvWare::Parser9x::parseBody (this=this@entry=0x1e94230) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/wv2/src/parser9x.cpp:478
#19 0x00007f99a3994b33 in wvWare::Parser9x::parse (this=0x1e94230) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/wv2/src/parser9x.cpp:175
#20 0x00007f99a3c62468 in Document::parse (this=this@entry=0x1e92830) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/document.cpp:442
#21 0x00007f99a3c5aade in MSWordOdfImport::convert (this=<optimized out>, from=..., to=...) at /build/calligra-ZNsRv2/calligra-2.9.7/filters/words/msword-odf/mswordodfimport.cpp:239
#22 0x00007f99d31281c6 in CalligraFilter::ChainLink::invokeFilter (this=0x21d4800, parentChainLink=parentChainLink@entry=0x0) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoFilterChainLink.cpp:88
#23 0x00007f99d311fa88 in KoFilterChain::invokeChain (this=0x1f11590) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoFilterChain.cpp:95
#24 0x00007f99d3118e70 in KoFilterManager::importDocument (this=0x1e86490, url=..., documentMimeType=..., status=@0x7ffd85250140: 2233795088) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoFilterManager.cpp:168
#25 0x00007f99d30e01c0 in KoDocument::openFile (this=0x1e7aa90) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoDocument.cpp:1489
#26 0x00007f99d30ea138 in KoDocument::Private::openFile (this=0x1fe29e0) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoDocument.cpp:271
#27 KoDocument::Private::openLocalFile (this=0x1fe29e0) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoDocument.cpp:293
#28 KoDocument::openUrlInternal (this=this@entry=0x1e7aa90, url=...) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoDocument.cpp:2691
#29 0x00007f99d30ea553 in KoDocument::openUrl (this=0x1e7aa90, _url=...) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoDocument.cpp:1258
#30 0x00007f99d30f4d54 in KoMainWindow::openDocumentInternal (this=this@entry=0x1687c00, url=..., newpart=0x1e697f0, newpart@entry=0x0, newdoc=0x1e7aa90, newdoc@entry=0x0) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoMainWindow.cpp:780
#31 0x00007f99d30f6577 in KoMainWindow::openDocument (this=this@entry=0x1687c00, url=...) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoMainWindow.cpp:741
#32 0x00007f99d3104e8c in KoMainWindow::slotFileOpen (this=0x1687c00) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoMainWindow.cpp:1330
#33 0x00007f99d3107ea5 in KoMainWindow::qt_static_metacall (_o=0x1687c00, _c=<optimized out>, _id=<optimized out>, _a=0x7ffd852508a0) at /build/calligra-ZNsRv2/calligra-2.9.7/obj-x86_64-linux-gnu/libs/main/KoMainWindow.moc:136
#34 0x00007f99d1b5e010 in QMetaObject::activate (sender=sender@entry=0x16662b0, m=m@entry=0x7f99d3050da0 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffd852508a0) at kernel/qobject.cpp:3567
#35 0x00007f99d2553d62 in QAction::triggered (this=this@entry=0x16662b0, _t1=false) at .moc/release-shared/moc_qaction.cpp:276
#36 0x00007f99d25550b3 in QAction::activate (this=this@entry=0x16662b0, event=event@entry=QAction::Trigger) at kernel/qaction.cpp:1257
#37 0x00007f99d29b69fd in QMenuPrivate::activateCausedStack (this=this@entry=0x16c1aa0, causedStack=..., action=action@entry=0x16662b0, action_e=action_e@entry=QAction::Trigger, self=self@entry=true) at widgets/qmenu.cpp:1037
#38 0x00007f99d29bade9 in QMenuPrivate::activateAction (this=0x16c1aa0, action=0x16662b0, action_e=action_e@entry=QAction::Trigger, self=self@entry=true) at widgets/qmenu.cpp:1129
#39 0x00007f99d29beb17 in QMenu::mouseReleaseEvent (this=this@entry=0x1790550, e=e@entry=0x7ffd85250fd0) at widgets/qmenu.cpp:2371
#40 0x00007f99cf43e613 in KMenu::mouseReleaseEvent (this=0x1790550, e=0x7ffd85250fd0) at /build/kde4libs-oFCmS0/kde4libs-4.14.16/kdeui/widgets/kmenu.cpp:464
#41 0x00007f99d25b08d0 in QWidget::event (this=this@entry=0x1790550, event=event@entry=0x7ffd85250fd0) at kernel/qwidget.cpp:8775
#42 0x00007f99d29beffb in QMenu::event (this=0x1790550, e=0x7ffd85250fd0) at widgets/qmenu.cpp:2480
#43 0x00007f99d2559fdc in QApplicationPrivate::notify_helper (this=this@entry=0x1285d90, receiver=receiver@entry=0x1790550, e=e@entry=0x7ffd85250fd0) at kernel/qapplication.cpp:4570
#44 0x00007f99d25610d6 in QApplication::notify (this=<optimized out>, receiver=receiver@entry=0x1790550, e=e@entry=0x7ffd85250fd0) at kernel/qapplication.cpp:4113
#45 0x00007f99d30d3e35 in KoApplication::notify (this=<optimized out>, receiver=0x1790550, event=0x7ffd85250fd0) at /build/calligra-ZNsRv2/calligra-2.9.7/libs/main/KoApplication.cpp:625
#46 0x00007f99d1b4990d in QCoreApplication::notifyInternal (this=0x7ffd85251760, receiver=receiver@entry=0x1790550, event=event@entry=0x7ffd85250fd0) at kernel/qcoreapplication.cpp:955
#47 0x00007f99d25606dd in QCoreApplication::sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#48 QApplicationPrivate::sendMouseEvent (receiver=receiver@entry=0x1790550, event=event@entry=0x7ffd85250fd0, alienWidget=alienWidget@entry=0x0, nativeWidget=nativeWidget@entry=0x1790550, buttonDown=buttonDown@entry=0x7f99d3085368 <qt_button_down>, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3178
#49 0x00007f99d25ded7c in QETWidget::translateMouseEvent (this=this@entry=0x1790550, event=event@entry=0x7ffd85251300) at kernel/qapplication_x11.cpp:4572
#50 0x00007f99d25ddc83 in QApplication::x11ProcessEvent (this=0x7ffd85251760, event=event@entry=0x7ffd85251300) at kernel/qapplication_x11.cpp:3626
#51 0x00007f99d2607542 in x11EventSourceDispatch (s=0x1272310, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#52 0x00007f99ce365197 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#53 0x00007f99ce3653f0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#54 0x00007f99ce36549c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#55 0x00007f99d1b7a2ce in QEventDispatcherGlib::processEvents (this=0x11ef2e0, flags=...) at kernel/qeventdispatcher_glib.cpp:452
#56 0x00007f99d2607616 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#57 0x00007f99d1b4818f in QEventLoop::processEvents (this=this@entry=0x7ffd852516e0, flags=...) at kernel/qeventloop.cpp:149
#58 0x00007f99d1b484f5 in QEventLoop::exec (this=this@entry=0x7ffd852516e0, flags=...) at kernel/qeventloop.cpp:204
#59 0x00007f99d1b4e4b9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1227
#60 0x00007f99d255822c in QApplication::exec () at kernel/qapplication.cpp:3828
#61 0x00007f99d375c3b5 in kdemain (argc=<optimized out>, argv=<optimized out>) at /build/calligra-ZNsRv2/calligra-2.9.7/words/app/main.cpp:44
#62 0x00007f99d33b0830 in __libc_start_main (main=0x4006c0 <main(int, char**)>, argc=1, argv=0x7ffd852518a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd85251898) at ../csu/libc-start.c:291
#63 0x00000000004006f9 in _start ()

Comment 1 Justin Zobel 2020-12-17 05:28:26 UTC

Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.

Comment 2 Bug Janitor Service 2021-01-01 04:36:45 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 3 phma 2021-01-01 05:04:04 UTC

I just installed Calligra 3.1.0 on Focal Fossa and tried to open the file, and it crashed. Here's what it said when I ran calligrawords from the command line and tried to open it:

calligra.lib.pigment: Legacy integer arithmetics implementation
calligra.filter.doc2odt: BUG: m_bgColors stack NOT empty, clearing!
Cannot handle shape 0x 93
calligra.filter.doc2odt: Warning: field instructions not supported, storing as ODF field!
calligra.filter.doc2odt: Warning: ignoring field result!
calligra.filter.doc2odt: BUG: m_bgColors stack NOT empty, clearing!
calligra.filter.doc2odt: Warning: Object located in field instructions, Ignoring!
calligra.lib.store: EndElement() was called more times than startElement(). The generated XML will be invalid! Please report this bug (by saving the document to another format...) 

calligra.lib.store: EndElement() was called more times than startElement(). The generated XML will be invalid! Please report this bug (by saving the document to another format...) 

calligra.lib.store: EndElement() was called more times than startElement(). The generated XML will be invalid! Please report this bug (by saving the document to another format...) 

KCrash: crashing... crashRecursionCounter = 2
KCrash: Application Name = calligrawords path = /usr/bin pid = 450403
KCrash: Arguments: /usr/bin/calligrawords 
KCrash: Attempting to start /usr/lib/x86_64-linux-gnu/libexec/drkonqi from kdeinit
sock_file=/run/user/1000/kdeinit5__0