Created attachment 186918 [details] Test docx that causes the stack overflow LibreOffice 7.3.7.2 (Fedora 36) as well as v7.5 on Windows crash when trying to open a docx file that is autogenerated by an audio transcription service. Attached is a very simple file that causes the segfault. It seems related to the multiple word/_rels in the docx file. If I do `zip -d test-file.docx word/_rels/header?.xml.rels word/_rels/footer?.xml.rels` then LibreOffice correctly opens the file. Valgrind seems to suggest a stack overflow somewhere - if I can increase the stack size, it does take a bit longer to crash, but it still segfaults. Reproducability: 100%
Confirm Version: 7.6.0.0.alpha0+ (X86_64) / LibreOffice Community Build ID: 066b23115c2a360507e306a88da572554daefab7 CPU threads: 8; OS: Mac OS X 12.6.3; UI render: Skia/Raster; VCL: osx Locale: nl-NL (nl_NL.UTF-8); UI: en-US Calc: threaded
Created attachment 186931 [details] bt with debug symbols On pc Debian x86-64 with master sources updated today, I could reproduce this. OOXMLDocumentImpl::resolveEmbeddingsStream is present a lot of times.
Created attachment 186945 [details] BT with symbols macOS My BT is slightly different. Adding, just in case
Version: 4.2.8.2 Build ID: 48d50dbfc06349262c9d50868e5c1f630a573ebd opens the file but Version: 4.3.7.2 Build ID: 8a35821d8636a03b8bf4e15b48f59794652c68ba doesn't open the file and hangs (I just killed the soffice process after some time) So it looks like an old regression
This seems to have begun at the below commit in bibisect repository/OS bibisect-43max/Linux. Adding Cc: to sushil_shinde ; Could you possibly take a look at this one? Thanks 901d4d3b18ebe50022f95017287ac564fc16410d is the first bad commit commit 901d4d3b18ebe50022f95017287ac564fc16410d Author: Matthew Francis <mjay.francis@gmail.com> Date: Thu May 28 20:29:30 2015 +0800 source-hash-23b65a84fd827555dfb84c7e2f78879c479c2f78 commit 23b65a84fd827555dfb84c7e2f78879c479c2f78 Author: sushil_shinde <sushil.shinde@synerzip.com> AuthorDate: Wed Mar 19 18:34:45 2014 +0530 Commit: Miklos Vajna <vmiklos@collabora.co.uk> CommitDate: Sun Mar 23 11:02:16 2014 +0100 fdo#76356 : Docx file contianing chart in footer/header gets corrupted. - Docx file with chart in footer/header or .bin file referred in chart was getting corrupted. - Embedded file for footer.xml was not grabbaged. - .bin embedded files were not grab baged. - Added grab bag support for both case. - Added UT to check .bin files are grab baged properly. Reviewed on: https://gerrit.libreoffice.org/8674
Miklos, may be you will interesting with this one too while you are working around DOCX crash area...
Somehow OOXMLDocumentImpl::resolveEmbeddingsStream() decides to call itself again and again, but I don't have more details at hand.
CRASH: - https://crashreport.libreoffice.org/stats/crash_details/945cf4ad-f3c4-4a1d-91b2-a7ff6b402665 All I did was open the attachment in comment 0 using: Version: 24.2.0.3 (X86_64) / LibreOffice Community Build ID: da48488a73ddd66ea24cf16bbc4f7b9c08e9bea1 CPU threads: 8; OS: Windows 10.0 Build 22631; UI render: Skia/Raster; VCL: win Locale: en-US (en_US); UI: en-US Calc: CL threaded