[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #5 from Armin Le Grand (CIB) --- Only png's in the picture filder, no metafile. Reducing pages to see where the problem is... -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #6 from Armin Le Grand (CIB) --- Problem is Page8, Object 4, and there, it's replacement. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #9 from Armin Le Grand (CIB) --- @djnesic: Thanks for your comments and the task - my comments are for documenting what is going on for evtl. insights of developers following and might have a direct idea what might be the reason, also for self-documentation. No need to understand that or to react ;-) -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #14 from Armin Le Grand (CIB) --- The repaired and saved file works well at load time, that excludes that there is currently a general error in the metafile round trip as OLE preview/replacement. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #11 from Armin Le Grand (CIB) --- Checked deeper, the malformed mtf does as intended, seeks far beyond and goes to EOF, that causes not the crash. It is more complicated - the graphic and the contained Metafile come from an OLE object. That object seems to create a malformed metafile. Cheking -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #8 from djnesic --- Oh my God, I have written 20 minutes a comment and I don't see that. Oh my God. My english is so bad (I am active user of google translator :) ). But, there is a bigger problem.. I am just a ordinary user of computers and apps, not a geek :) . I love free software and that is the reason why I reported this bug (if it is). "Crash is in SvMemoryStream::ReAllocateMemory which gets a negative value as diff. That may be allowed, but leads to a nNewSize value of 4294934350 (0x7f4e) which is probably too big." and the other stuff is so strange for me. Anyway, thank you Buovjaga and Armin Le Grand fo yours comments. Salute to you. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 Armin Le Grand (CIB) changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|libreoffice-b...@lists.free |armin.le.gr...@me.com |desktop.org | --- Comment #15 from Armin Le Grand (CIB) --- Looks good, added change to gerrit for review. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #13 from Armin Le Grand (CIB) --- At OLE import the added StarMath objects with their previews in metafile format get loaded. That metafiles are corrupt, thus getting a (preview-) Graphic goes wrong or crashes. Added code to detect inconsistent metafiles and stop loading them. Interestingly, in this case it is possible to try to 'repair' that state by trying to get a newly created (preview-) Graphic fro mthe OLE. Added code to do this. This allows Document self-repair in those cases. When saving once after load all is well again. Doing more checks on this. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #4 from Armin Le Grand (CIB) --- Seems to happen at preparing the preview for slide 6 (may be reduced to that slide, though). Crash is in SvMemoryStream::ReAllocateMemory which gets a negative value as diff. That may be allowed, but leads to a nNewSize value of 4294934350 (0x7f4e) which is probably too big. All this comes from reading a Metafile and there a a VersionCompat which gets created and reads in a size of 0x which it tries to seek forward over. The action Type read is 1753 and probably not a VersionCompat, but that is of course the default at MetaAction::ReadMetaAction. Ths looks like a malformed metafile, checking the presentation file contents directly... -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #12 from Armin Le Grand (CIB) --- The (replacement) graphics for the OLE are fetched using EmbeddedObjectRef::GetGraphic(), that again has a bNeedUpdate switch. If forcing always to true, all looks good. Thus it looks like the file was created/written with a Office version which produced invalid metafiles for the embedded OLEs. Checking where these OLEs fetch their metafiles from initially, there are quite some Math OLEs embedded -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #10 from Armin Le Grand (CIB) --- This is really strange. The Metafile is broken, but what the current importer does is dangerous from my point of view: - The Stream is in read/write mode, it should be in read-only mode. If forcing to read-only, the too-big seek leads to seeking back to start of file, importer ends at least without crash. Is it really intended that seking beyond EOF in a read-only file resets to start of file? - When keeping read/write, the seek does not go to EOF, but tries to extend the file to the needed size. Can this be intended? It is basically *very* dangerous, can lead to crashes like this and can evetually be used to infiltrate code/pages (security?). I do not dare to change stuff in SvStream, but can at least seek to EOF when a seek beyond the file length is intended in ~VersionCompat. Trying that... -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #7 from Armin Le Grand (CIB) --- I have checked all metafiles contained (only in replacement objects) and removjhed 'Object 4', but when loading the document there is also a metafile coming up with an action '53434' which also crashes. Need to check where that file comes from... -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 Buovjaga changed: What|Removed |Added Priority|medium |high Status|NEEDINFO|NEW OS|Linux (All) |All Severity|normal |major --- Comment #3 from Buovjaga --- Reproduced. Win 7 Pro 64-bit Version: 5.2.0.0.alpha0+ Build ID: b89feb8018bf3610faf01e73995d576f6566e20b CPU Threads: 4; OS Version: Windows 6.1; UI Render: default; TinderBox: Win-x86@39, Branch:master, Time: 2016-03-07_03:36:17 Locale: fi-FI (fi_FI) -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 --- Comment #2 from djnesic --- Created attachment 123559 --> https://bugs.documentfoundation.org/attachment.cgi?id=123559&action=edit Here is the file. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 Buovjaga changed: What|Removed |Added Status|UNCONFIRMED |NEEDINFO CC||todven...@suomi24.fi Ever confirmed|0 |1 --- Comment #1 from Buovjaga --- Maybe you could try getting a trace of the error: https://wiki.documentfoundation.org/QA/BugReport/Debug_Information Can you share the presentation on Bugzilla? Set to NEEDINFO. Change back to UNCONFIRMED after you have provided the information/document. -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 djnesic changed: What|Removed |Added Status|UNCONFIRMED |NEEDINFO Ever confirmed|0 |1 -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 98136] std::bad_alloc in LO IMpress
https://bugs.documentfoundation.org/show_bug.cgi?id=98136 djnesic changed: What|Removed |Added Status|NEEDINFO|UNCONFIRMED Ever confirmed|1 |0 -- You are receiving this mail because: You are the assignee for the bug. ___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs