Bugzilla – Attachment 109702 Details for
Bug 86448
Crashes importing malformed .rtf -- DoS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Valgrind log
clam-1010.rtf.log (text/x-log), 19.46 KB, created by
Alexander Cherepanov
on 2014-11-19 00:42:26 UTC
(
hide
)
Description:
Valgrind log
Filename:
MIME Type:
Creator:
Alexander Cherepanov
Created:
2014-11-19 00:42:26 UTC
Size:
19.46 KB
patch
obsolete
>==14594== Memcheck, a memory error detector >==14594== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==14594== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==14594== Command: /usr/bin/libreoffice clam-1010.rtf >==14594== >==15089== >==15089== HEAP SUMMARY: >==15089== in use at exit: 9,669 bytes in 44 blocks >==15089== total heap usage: 51 allocs, 7 frees, 10,365 bytes allocated >==15089== >==15089== LEAK SUMMARY: >==15089== definitely lost: 0 bytes in 0 blocks >==15089== indirectly lost: 0 bytes in 0 blocks >==15089== possibly lost: 0 bytes in 0 blocks >==15089== still reachable: 9,669 bytes in 44 blocks >==15089== suppressed: 0 bytes in 0 blocks >==15089== Rerun with --leak-check=full to see details of leaked memory >==15089== >==15089== For counts of detected and suppressed errors, rerun with: -v >==15089== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==15166== Memcheck, a memory error detector >==15166== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==15166== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==15166== Command: /usr/bin/dirname /usr/bin/libreoffice >==15166== >==15166== >==15166== HEAP SUMMARY: >==15166== in use at exit: 0 bytes in 0 blocks >==15166== total heap usage: 45 allocs, 45 frees, 7,408 bytes allocated >==15166== >==15166== All heap blocks were freed -- no leaks are possible >==15166== >==15166== For counts of detected and suppressed errors, rerun with: -v >==15166== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==15831== Memcheck, a memory error detector >==15831== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==15831== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==15831== Command: /usr/bin/basename /usr/bin/libreoffice >==15831== >==15831== >==15831== HEAP SUMMARY: >==15831== in use at exit: 0 bytes in 0 blocks >==15831== total heap usage: 46 allocs, 46 frees, 7,420 bytes allocated >==15831== >==15831== All heap blocks were freed -- no leaks are possible >==15831== >==15831== For counts of detected and suppressed errors, rerun with: -v >==15831== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==16489== Warning: invalid file descriptor -1 in syscall close() >==16504== Memcheck, a memory error detector >==16504== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==16504== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==16504== Command: /bin/ls -l libreoffice >==16504== >==16507== Memcheck, a memory error detector >==16507== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==16507== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==16507== Command: /bin/sed s/.*libreoffice\ -\>\ //g >==16507== >==16504== >==16504== HEAP SUMMARY: >==16504== in use at exit: 19,425 bytes in 8 blocks >==16504== total heap usage: 216 allocs, 208 frees, 49,214 bytes allocated >==16504== >==16504== LEAK SUMMARY: >==16504== definitely lost: 0 bytes in 0 blocks >==16504== indirectly lost: 0 bytes in 0 blocks >==16504== possibly lost: 0 bytes in 0 blocks >==16504== still reachable: 19,425 bytes in 8 blocks >==16504== suppressed: 0 bytes in 0 blocks >==16504== Rerun with --leak-check=full to see details of leaked memory >==16504== >==16504== For counts of detected and suppressed errors, rerun with: -v >==16504== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==16507== >==16507== HEAP SUMMARY: >==16507== in use at exit: 43,033 bytes in 118 blocks >==16507== total heap usage: 301 allocs, 183 frees, 59,825 bytes allocated >==16507== >==16507== LEAK SUMMARY: >==16507== definitely lost: 1 bytes in 1 blocks >==16507== indirectly lost: 0 bytes in 0 blocks >==16507== possibly lost: 0 bytes in 0 blocks >==16507== still reachable: 43,032 bytes in 117 blocks >==16507== suppressed: 0 bytes in 0 blocks >==16507== Rerun with --leak-check=full to see details of leaked memory >==16507== >==16507== For counts of detected and suppressed errors, rerun with: -v >==16507== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==16489== >==16489== HEAP SUMMARY: >==16489== in use at exit: 2,790 bytes in 56 blocks >==16489== total heap usage: 77 allocs, 21 frees, 6,040 bytes allocated >==16489== >==16489== LEAK SUMMARY: >==16489== definitely lost: 0 bytes in 0 blocks >==16489== indirectly lost: 0 bytes in 0 blocks >==16489== possibly lost: 0 bytes in 0 blocks >==16489== still reachable: 2,790 bytes in 56 blocks >==16489== suppressed: 0 bytes in 0 blocks >==16489== Rerun with --leak-check=full to see details of leaked memory >==16489== >==16489== For counts of detected and suppressed errors, rerun with: -v >==16489== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==17665== Memcheck, a memory error detector >==17665== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==17665== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==17665== Command: /usr/bin/dirname ../lib/libreoffice/program/soffice >==17665== >==17665== >==17665== HEAP SUMMARY: >==17665== in use at exit: 0 bytes in 0 blocks >==17665== total heap usage: 45 allocs, 45 frees, 7,408 bytes allocated >==17665== >==17665== All heap blocks were freed -- no leaks are possible >==17665== >==17665== For counts of detected and suppressed errors, rerun with: -v >==17665== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==18163== >==18163== HEAP SUMMARY: >==18163== in use at exit: 9,972 bytes in 54 blocks >==18163== total heap usage: 90 allocs, 36 frees, 17,638 bytes allocated >==18163== >==18163== LEAK SUMMARY: >==18163== definitely lost: 0 bytes in 0 blocks >==18163== indirectly lost: 0 bytes in 0 blocks >==18163== possibly lost: 0 bytes in 0 blocks >==18163== still reachable: 9,972 bytes in 54 blocks >==18163== suppressed: 0 bytes in 0 blocks >==18163== Rerun with --leak-check=full to see details of leaked memory >==18163== >==18163== For counts of detected and suppressed errors, rerun with: -v >==18163== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==14594== Warning: invalid file descriptor -1 in syscall close() >==18229== Memcheck, a memory error detector >==18229== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==18229== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==18229== Command: /bin/grep -q cc >==18229== >==18223== >==18223== HEAP SUMMARY: >==18223== in use at exit: 10,864 bytes in 70 blocks >==18223== total heap usage: 143 allocs, 73 frees, 28,952 bytes allocated >==18223== >==18223== LEAK SUMMARY: >==18223== definitely lost: 0 bytes in 0 blocks >==18223== indirectly lost: 0 bytes in 0 blocks >==18223== possibly lost: 0 bytes in 0 blocks >==18223== still reachable: 10,864 bytes in 70 blocks >==18223== suppressed: 0 bytes in 0 blocks >==18223== Rerun with --leak-check=full to see details of leaked memory >==18223== >==18223== For counts of detected and suppressed errors, rerun with: -v >==18223== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==18229== >==18229== HEAP SUMMARY: >==18229== in use at exit: 44,788 bytes in 28 blocks >==18229== total heap usage: 159 allocs, 131 frees, 60,360 bytes allocated >==18229== >==18229== LEAK SUMMARY: >==18229== definitely lost: 0 bytes in 0 blocks >==18229== indirectly lost: 0 bytes in 0 blocks >==18229== possibly lost: 0 bytes in 0 blocks >==18229== still reachable: 44,788 bytes in 28 blocks >==18229== suppressed: 0 bytes in 0 blocks >==18229== Rerun with --leak-check=full to see details of leaked memory >==18229== >==18229== For counts of detected and suppressed errors, rerun with: -v >==18229== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==19127== Memcheck, a memory error detector >==19127== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==19127== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==19127== Command: /bin/uname -s >==19127== >==19127== >==19127== HEAP SUMMARY: >==19127== in use at exit: 0 bytes in 0 blocks >==19127== total heap usage: 45 allocs, 45 frees, 7,408 bytes allocated >==19127== >==19127== All heap blocks were freed -- no leaks are possible >==19127== >==19127== For counts of detected and suppressed errors, rerun with: -v >==19127== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==14594== Memcheck, a memory error detector >==14594== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==14594== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==14594== Command: /usr/lib/libreoffice/program/oosplash clam-1010.rtf >==14594== >==21285== Memcheck, a memory error detector >==21285== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==21285== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==21285== Command: /usr/lib/libreoffice/program/../ure-link/bin/javaldx -env:INIFILENAME=vnd.sun.star.pathname:/usr/lib/libreoffice/program/redirectrc >==21285== >==21285== >==21285== HEAP SUMMARY: >==21285== in use at exit: 1,264 bytes in 25 blocks >==21285== total heap usage: 2,836 allocs, 2,811 frees, 558,189 bytes allocated >==21285== >==21285== LEAK SUMMARY: >==21285== definitely lost: 0 bytes in 0 blocks >==21285== indirectly lost: 0 bytes in 0 blocks >==21285== possibly lost: 0 bytes in 0 blocks >==21285== still reachable: 1,264 bytes in 25 blocks >==21285== suppressed: 0 bytes in 0 blocks >==21285== Rerun with --leak-check=full to see details of leaked memory >==21285== >==21285== For counts of detected and suppressed errors, rerun with: -v >==21285== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==23095== Memcheck, a memory error detector >==23095== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==23095== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==23095== Command: /usr/lib/libreoffice/program/soffice.bin clam-1010.rtf --splash-pipe=6 >==23095== >==6686== Memcheck, a memory error detector >==6686== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==6686== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==6686== Command: /bin/sh -c sh\ -c\ paperconf\ 2\>/dev/null >==6686== >==6686== >==6686== HEAP SUMMARY: >==6686== in use at exit: 1,548 bytes in 45 blocks >==6686== total heap usage: 48 allocs, 3 frees, 1,700 bytes allocated >==6686== >==6686== LEAK SUMMARY: >==6686== definitely lost: 0 bytes in 0 blocks >==6686== indirectly lost: 0 bytes in 0 blocks >==6686== possibly lost: 0 bytes in 0 blocks >==6686== still reachable: 1,548 bytes in 45 blocks >==6686== suppressed: 0 bytes in 0 blocks >==6686== Rerun with --leak-check=full to see details of leaked memory >==6686== >==6686== For counts of detected and suppressed errors, rerun with: -v >==6686== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==23095== Conditional jump or move depends on uninitialised value(s) >==23095== at 0x27C416F7: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::operator=(std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > > const&) (vector.tcc:164) >==23095== by 0x27C3D0A0: writerfilter::rtftok::RTFShape::operator=(writerfilter::rtftok::RTFShape const&) (rtfdocumentimpl.hxx:188) >==23095== by 0x27C37895: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3534) >==23095== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==23095== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==23095== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==23095== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==23095== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==23095== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==23095== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==23095== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==23095== by 0x1BB445CC: framework::LoadEnv::startLoading() (loadenv.cxx:412) >==23095== >==23095== Use of uninitialised value of size 8 >==23095== at 0x27C46848: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::capacity() const (stl_vector.h:707) >==23095== by 0x27C417D5: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::operator=(std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > > const&) (vector.tcc:183) >==23095== by 0x27C3D0A0: writerfilter::rtftok::RTFShape::operator=(writerfilter::rtftok::RTFShape const&) (rtfdocumentimpl.hxx:188) >==23095== by 0x27C37895: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3534) >==23095== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==23095== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==23095== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==23095== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==23095== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==23095== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==23095== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==23095== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==23095== >==23095== Invalid read of size 8 >==23095== at 0x27C46848: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::capacity() const (stl_vector.h:707) >==23095== by 0x27C417D5: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::operator=(std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > > const&) (vector.tcc:183) >==23095== by 0x27C3D0A0: writerfilter::rtftok::RTFShape::operator=(writerfilter::rtftok::RTFShape const&) (rtfdocumentimpl.hxx:188) >==23095== by 0x27C37895: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3534) >==23095== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==23095== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==23095== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==23095== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==23095== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==23095== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==23095== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==23095== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==23095== Address 0x308 is not stack'd, malloc'd or (recently) free'd >==23095== >==23095== >==23095== Process terminating with default action of signal 11 (SIGSEGV) >==23095== Access not within mapped region at address 0x308 >==23095== at 0x27C46848: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::capacity() const (stl_vector.h:707) >==23095== by 0x27C417D5: std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > >::operator=(std::vector<std::pair<rtl::OUString, rtl::OUString>, std::allocator<std::pair<rtl::OUString, rtl::OUString> > > const&) (vector.tcc:183) >==23095== by 0x27C3D0A0: writerfilter::rtftok::RTFShape::operator=(writerfilter::rtftok::RTFShape const&) (rtfdocumentimpl.hxx:188) >==23095== by 0x27C37895: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3534) >==23095== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==23095== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==23095== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==23095== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==23095== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==23095== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==23095== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==23095== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==23095== If you believe this happened as a result of a stack >==23095== overflow in your program's main thread (unlikely but >==23095== possible), you can try to increase the size of the >==23095== main thread stack using the --main-stacksize= flag. >==23095== The main thread stack size used in this run was 8388608. >==23095== >==23095== HEAP SUMMARY: >==23095== in use at exit: 14,852,177 bytes in 207,542 blocks >==23095== total heap usage: 489,456 allocs, 281,914 frees, 43,015,711 bytes allocated >==23095== >==23095== LEAK SUMMARY: >==23095== definitely lost: 4,376 bytes in 9 blocks >==23095== indirectly lost: 10,080 bytes in 297 blocks >==23095== possibly lost: 3,109,538 bytes in 44,035 blocks >==23095== still reachable: 11,728,183 bytes in 163,201 blocks >==23095== suppressed: 0 bytes in 0 blocks >==23095== Rerun with --leak-check=full to see details of leaked memory >==23095== >==23095== For counts of detected and suppressed errors, rerun with: -v >==23095== Use --track-origins=yes to see where uninitialised values come from >==23095== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 26 from 8) >==14594== >==14594== HEAP SUMMARY: >==14594== in use at exit: 334 bytes in 7 blocks >==14594== total heap usage: 1,167 allocs, 1,160 frees, 1,633,481 bytes allocated >==14594== >==14594== LEAK SUMMARY: >==14594== definitely lost: 0 bytes in 0 blocks >==14594== indirectly lost: 0 bytes in 0 blocks >==14594== possibly lost: 0 bytes in 0 blocks >==14594== still reachable: 334 bytes in 7 blocks >==14594== suppressed: 0 bytes in 0 blocks >==14594== Rerun with --leak-check=full to see details of leaked memory >==14594== >==14594== For counts of detected and suppressed errors, rerun with: -v >==14594== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 3)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=109702">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 86448
:
109701
| 109702 |
109703
|
109704