The crash is caused by an incorrect pointer structure between master and secondary item pools.  The crash takes place in ~SdrItemPool because its secondary pool has not been "disposed" properly by a former call to SfxItemPool::SetSecondayPool(NULL).  Find the stack trace below:

 	ntdll.dll!_ZwRaiseException@12()  + 0x12 bytes	
 	ntdll.dll!_ZwRaiseException@12()  + 0x12 bytes	
 	kernel32.dll!_HeapFree@12()  + 0x14 bytes	
>	svxcore.dll!SdrItemPool::~SdrItemPool()  Line 381	C++
 	svxcore.dll!SdrItemPool::`vector deleting destructor'()  + 0x4d bytes	C++
 	svl.dll!SfxItemPool::Free(SfxItemPool * pPool)  Line 419 + 0x20 bytes	C++
 	svx.dll!SvxUnoDrawPool::~SvxUnoDrawPool()  Line 75 + 0xd bytes	C++
 	sc.dll!ScDrawDefaultsObj::~ScDrawDefaultsObj()  + 0x79 bytes	C++
 	sc.dll!ScDrawDefaultsObj::`vector deleting destructor'()  + 0xb bytes	C++
 	cppuhelper3MSC.dll!cppu::OWeakObject::release()  + 0x29 bytes	C++
 	cppuhelper3MSC.dll!cppu::OWeakAggObject::release()  + 0x55 bytes	C++
 	svx.dll!SvxUnoDrawPool::release()  Line 374 + 0x9 bytes	C++
 	xo.dll!XMLGraphicsDefaultStyle::SetDefaults()  + 0x19c bytes	
 	[Frames below may be incorrect and/or missing, no symbols loaded for xo.dll]	
 	xo.dll!SvXMLStylesContext::CopyStylesToDoc()  + 0x32 bytes	
 	sc.dll!ScXMLImport::InsertStyles()  + 0x15 bytes	C++
 	sc.dll!XMLTableStylesContext::EndElement()  + 0x4e bytes	C++
 	xo.dll!SvXMLImport::endElement()  + 0xf8 bytes	
 	sax.uno.dll!sax_expatwrap::SaxExpatParser_Impl::callbackEndElement()  + 0x38 bytes	C++
 	sax.uno.dll!_XML_Parse()  + 0x25de bytes	C
 	sax.uno.dll!_XML_Parse()  + 0x29de bytes	C
 	sax.uno.dll!_XML_Parse()  + 0x3f30 bytes	C
 	sax.uno.dll!_XML_Parse()  + 0x40a5 bytes	C
 	sax.uno.dll!_XML_Parse()  + 0x422a bytes	C
 	sax.uno.dll!_XML_ParseBuffer()  + 0x58 bytes	C
 	sax.uno.dll!_XML_Parse()  + 0xef bytes	C
 	sax.uno.dll!sax_expatwrap::SaxExpatParser_Impl::parse()  + 0x69 bytes	C++
 	sax.uno.dll!sax_expatwrap::SaxExpatParser::parseStream()  + 0x229 bytes	C++
 	sc.dll!ScXMLImportWrapper::ImportFromComponent()  + 0x367 bytes	C++
 	sc.dll!ScXMLImportWrapper::Import()  + 0xd78 bytes	C++
 	sc.dll!ScDocShell::LoadXML()  + 0x4d bytes	C++
 	sc.dll!ScDocShell::Load()  + 0xd1 bytes	C++
 	sfx.dll!SfxObjectShell::LoadOwnFormat()  + 0x157 bytes	
 	sfx.dll!SfxObjectShell::DoLoad()  + 0x4d0 bytes	
 	sfx.dll!SfxBaseModel::load()  + 0x192 bytes	
 	sfx.dll!SfxFrame::SetPresentationMode()  + 0x307b bytes	
 	fwk.dll!5bcab60d() 	
 	fwk.dll!5bcab746() 	
 	fwk.dll!5bc6f00e() 	
 	fwk.dll!5bc6f015() 	
 	fwk.dll!5bc6f256() 	
 	comphelpMSC.dll!comphelper::SynchronousDispatch::dispatch()  + 0x153 bytes	
 	sfx.dll!SfxApplication::OpenDocExec_Impl()  + 0x1f31 bytes	
 	sfx.dll!SfxInterface::operator[]()  + 0x26f bytes	
 	sfx.dll!SfxShell::ExecuteSlot()  + 0x7b bytes	
 	sd.dll!SdModule::Execute()  + 0x1b4 bytes	C++
 	sd.dll!SfxStubSdModuleExecute()  + 0xe bytes	C++
 	sfx.dll!SfxDispatcher::Call_Impl()  + 0x254 bytes	
 	sfx.dll!SfxDispatcher::_Execute()  + 0xb9 bytes	
 	sfx.dll!SfxDispatcher::Execute()  + 0xcd bytes	
 	sfx.dll!SfxDispatcher::Execute()  + 0x13 bytes	
 	sfx.dll!SfxApplication::OpenDocExec_Impl()  + 0x615 bytes	
 	sfx.dll!SfxInterface::operator[]()  + 0x26f bytes	
 	sfx.dll!SfxShell::ExecuteSlot()  + 0x7b bytes	
 	sd.dll!SdModule::Execute()  + 0x1b4 bytes	C++
 	sd.dll!SfxStubSdModuleExecute()  + 0xe bytes	C++
 	sfx.dll!SfxDispatcher::Call_Impl()  + 0x254 bytes	
 	sfx.dll!SfxDispatcher::PostMsgHandler()  + 0xd5 bytes	
 	sfx.dll!SfxDispatcher::LinkStubPostMsgHandler()  + 0xe bytes	
 	tl.dll!Link::Call()  + 0x11 bytes	
 	sfx.dll!SfxVirtualMenu::InitializeHelp()  + 0x484c bytes	
 	sfx.dll!SfxVirtualMenu::InitializeHelp()  + 0x4869 bytes	
 	tl.dll!Link::Call()  + 0x11 bytes	
 	vcl.dll!Window::LinkStubImplAsyncFocusHdl()  + 0x418 bytes	
 	vcl.dll!WorkWindow::IsPresentationMode()  + 0xe6 bytes	
 	vcl.dll!ImageList::`default constructor closure'()  + 0x30f8 bytes	
 	vcl.dll!Menu::Menu()  + 0x2168 bytes	
 	vcl.dll!Menu::Menu()  + 0x237a bytes	
 	user32.dll!_InternalCallWinProc@20()  + 0x23 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xed bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes	
 	vcl.dll!Application::EndYield()  + 0x1a9 bytes	
 	vcl.dll!AutoTimer::~AutoTimer()  + 0x5cb bytes	
 	vcl.dll!AutoTimer::~AutoTimer()  + 0x635 bytes	
 	vcl.dll!AutoTimer::~AutoTimer()  + 0x726 bytes	
 	vcl.dll!Application::Abort()  + 0x55 bytes	
 	vcl.dll!Application::Yield()  + 0xd bytes	
 	vcl.dll!Application::Execute()  + 0x24 bytes	
 	vcl.dll!DeInitVCL()  + 0x540 bytes	
 	vcl.dll!SVMain()  + 0x1c bytes	
 	sofficeapp.dll!_soffice_main()  + 0x81 bytes	C++
 	soffice.bin!_main()  + 0x16 bytes	C
 	soffice.bin!_WinMain@16()  + 0x15 bytes	C
 	soffice.bin!__tmainCRTStartup()  Line 578 + 0x35 bytes	C
 	soffice.bin!WinMainCRTStartup()  Line 403	C
 	kernel32.dll!@BaseThreadInitThunk@12()  + 0x12 bytes	
 	ntdll.dll!___RtlUserThreadStart@8()  + 0x27 bytes	
 	ntdll.dll!__RtlUserThreadStart@8()  + 0x1b bytes

This crash apparently does not happen always.  It probably depends on certain random values in dead memory (not yet acquired or already released.)

As it would take more time than I have right now to find the root cause for this, I will just fix the symptom (the crash.)
The SfxItemPool destructor already contains an assertion for the destruction of a secondary pool that is still in use.  For some reason nobody thought of taking any action when this is dected.  I added that.

Fix is commited in SVN revision 1352449.

And setting status to resolved.

Verified on Aoo_Trunk_20121109.1800 Rev.1407366
pass, no crash when opening ods file.

close it