Apache OpenOffice (AOO) Bugzilla – Issue 17280
Valgrind warnings during bitmap loading
Last modified: 2013-08-07 15:21:02 UTC
After the attached presentation was saved as PowerPoint, an unrecoverable error crashed OpenOffice when I clicked on the collapsed help icon in the lower left of the window.
Created attachment 7949 [details] OpenOffice presentation that causes unrecoverable error after conversion to PowerPoint
Created attachment 7950 [details] script output showing stack dump at time of unrecoverable error
Don't know if it's related, but I get a spew of buffer overruns reported by Valgrind when I load that file. See http://kegel.com/openoffice/issue-17280.txt for the full stack. Here are the top four items: Invalid memory access of size 2 at 0x4794C81B: XMLShapeStyleContext::FillPropertySet(com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&) (in /opt/OpenOffice.org1.1rc1/program/libxo645li.so) by 0x478FA142: SdXMLStylesContext::ImpSetGraphicStyles(com::sun::star::uno::Reference<com::sun::star::container::XNameAccess>&, unsigned short, String const&) const (in /opt/OpenOffice.org1.1rc1/program/libxo645li.so) by 0x478F9461: SdXMLStylesContext::ImpSetGraphicStyles() const (in /opt/OpenOffice.org1.1rc1/program/libxo645li.so) by 0x478F8F67: SdXMLStylesContext::EndElement() (in /opt/OpenOffice.org1.1rc1/program/libxo645li.so) by 0x477A4BA0: SvXMLImport::endElement(rtl::OUString const&) (in /opt/OpenOffice.org1.1rc1/program/libxo645li.so) ... That was with -DFORCE_SYSALLOC (see http://kegel.com/openoffice/#valgrind). When I clicked on the OOo idea icon after the Save As Powerpoint, I did get an error, but it was "could not make internet connection to simpress". Hmm. Well, I reproduced *some* error at the right moment, and I have a nasty looking Valgrind error, so I guess that counts as reproduced. I'll pass it on to the developers. Thanks!
Created issue 17343 as home for this Valgrind error, which pops up in other crash issues as well.
Reassigned to Christian.
I can't reproduce the bug. Dan Kegel found another bug with the same callstack and wrote the issue 17343 for this both bugs. 17343 is assigned to thb. The target of issue 17343 is OOo2.0. I change this target to OOo2.0 and assign this issue to thb.
Christian, did you use Valgrind with -DFORCE_ALLOC? If not, it's going to be hard to reproduce.
Okay, will keep this one as a separate task, since I'm not sure if those problems are really related. Seems that the FillPropertySet overwrite happens for close to any document. Looking after that later.
Christian, as xmloff is more your area of responsibility, please have a look at the valgrind report.
as I'm not the linux expert I will see if I can find this by pure staring at the code or placing some assertions
OK, but do you have access to a Linux system? If so, valgrind is very easy to run. For that matter, Linux is pretty easy to run nowadays; no need to be an expert for this.
Ran OOo 680m17 under valgrind 2.0 while loading the problem doc and following the recipe. All went smoothly and well -- only one valgrind warning from X, none from OOo!! -- until I got to the help browser at the end of the recipe. At that point, I tried covering and uncovering the help window, and clicked on the border a couple times, and got a spew of valgrind warnings. Here's a sampling of four of the twenty-odd unique warnings I got: Conditional jump or move depends on uninitialised value(s) at 0x40316E17: operator>>(SvStream&, ImpGraphic&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x4030E24F: operator>>(SvStream&, Graphic&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x49DAFA63: SvxLinkManager::GetGraphicFromAny(String const&, com::sun::star::uno::Any const&, Graphic&) (in /opt/OpenOffice.org680/program/libsvx680li.so) by 0x5A21D7C5: (within /opt/OpenOffice.org680/program/libsw680li.so) Conditional jump or move depends on uninitialised value(s) at 0x402E4CF5: Bitmap::ImplReadDIBFileHeader(SvStream&, unsigned long&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x402E470F: Bitmap::Read(SvStream&, unsigned char) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x402E4660: operator>>(SvStream&, Bitmap&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x402F60FA: operator>>(SvStream&, BitmapEx&) (in /opt/OpenOffice.org680/program/libvcl680li.so) Conditional jump or move depends on uninitialised value(s) at 0x40309154: operator>>(SvStream&, GDIMetaFile&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x403171CA: operator>>(SvStream&, ImpGraphic&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x4030E24F: operator>>(SvStream&, Graphic&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x49DAFA63: SvxLinkManager::GetGraphicFromAny(String const&, com::sun::star::uno::Any const&, Graphic&) (in /opt/OpenOffice.org680/program/libsvx680li.so) Conditional jump or move depends on uninitialised value(s) at 0x40ADE3B6: Fraction::Fraction(long, long) (in /opt/OpenOffice.org680/program/libtl680li.so) by 0x402FB116: ImplReadMapMode(SvStream&, MapMode&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x402FBA6C: SVMConverter::ImplConvertFromSVM1(SvStream&, GDIMetaFile&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x402FB8F6: SVMConverter::SVMConverter(SvStream&, GDIMetaFile&, unsigned long) (in /opt/OpenOffice.org680/program/libvcl680li.so) Conditional jump or move depends on uninitialised value(s) at 0x402FBA94: SVMConverter::ImplConvertFromSVM1(SvStream&, GDIMetaFile&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x402FB8F6: SVMConverter::SVMConverter(SvStream&, GDIMetaFile&, unsigned long) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x40309277: operator>>(SvStream&, GDIMetaFile&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x403171CA: operator>>(SvStream&, ImpGraphic&) (in /opt/OpenOffice.org680/program/libvcl680li.so) Plus here's another valgrind warning I got just clicking in the help pane... you can get this one without having opened any documents: Conditional jump or move depends on uninitialised value(s) at 0x40431604: Edit::ImplGetCharPos(Point const&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x40431CC2: Edit::MouseButtonDown(MouseEvent const&) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x40411095: ImplHandleMouseEvent(Window*, unsigned short, unsigned char, long, long, unsigned long, unsigned short, unsigned short) (in /opt/OpenOffice.org680/program/libvcl680li.so) by 0x40413B35: ImplWindowFrameProc(void*, SalFrame*, unsigned short, void const*) (in /opt/OpenOffice.org680/program/libvcl680li.so) So this bug might still be present, though hard to trigger. Maybe Heiner should have a look at it? He's been fixing an awful lot of valgrind warnings in OOo lately...
thorsten, the last comment from dankegel make me thing this is an issue with graphics, please have a look
Convinced, will track this down.
Changed title.
*** Issue 35795 has been marked as a duplicate of this issue. ***
Checked the remaining valgrind issue: although this looks not nice, and should certainly be fixed (and be it only to limit valgrind's output to the truly dangerous probs), it does not do any harm: the code basically streams in some data from a file huge chunks at a time, and does not check file length for every byte. Thus, there are some comparisons performed on potentially uninitialized data (because the file was not long enough), but no real action is taken on these results: before anything is done with the data, at the end, the stream error is checked (see vcl/source/gdi/bitmap2.cxx:174).
Reset to default assignee.