Bugzilla – Attachment 109704 Details for
Bug 86448
Crashes importing malformed .rtf -- DoS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Valgrind log
clam-8254.rtf.log (text/x-log), 18.22 KB, created by
Alexander Cherepanov
on 2014-11-19 00:43:02 UTC
(
hide
)
Description:
Valgrind log
Filename:
MIME Type:
Creator:
Alexander Cherepanov
Created:
2014-11-19 00:43:02 UTC
Size:
18.22 KB
patch
obsolete
>==1041== Memcheck, a memory error detector >==1041== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==1041== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==1041== Command: /usr/bin/libreoffice clam-8254.rtf >==1041== >==1692== >==1692== HEAP SUMMARY: >==1692== in use at exit: 9,669 bytes in 44 blocks >==1692== total heap usage: 51 allocs, 7 frees, 10,365 bytes allocated >==1692== >==1692== LEAK SUMMARY: >==1692== definitely lost: 0 bytes in 0 blocks >==1692== indirectly lost: 0 bytes in 0 blocks >==1692== possibly lost: 0 bytes in 0 blocks >==1692== still reachable: 9,669 bytes in 44 blocks >==1692== suppressed: 0 bytes in 0 blocks >==1692== Rerun with --leak-check=full to see details of leaked memory >==1692== >==1692== For counts of detected and suppressed errors, rerun with: -v >==1692== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==1768== Memcheck, a memory error detector >==1768== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==1768== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==1768== Command: /usr/bin/dirname /usr/bin/libreoffice >==1768== >==1768== >==1768== HEAP SUMMARY: >==1768== in use at exit: 0 bytes in 0 blocks >==1768== total heap usage: 45 allocs, 45 frees, 7,408 bytes allocated >==1768== >==1768== All heap blocks were freed -- no leaks are possible >==1768== >==1768== For counts of detected and suppressed errors, rerun with: -v >==1768== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==2404== Memcheck, a memory error detector >==2404== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==2404== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==2404== Command: /usr/bin/basename /usr/bin/libreoffice >==2404== >==2404== >==2404== HEAP SUMMARY: >==2404== in use at exit: 0 bytes in 0 blocks >==2404== total heap usage: 46 allocs, 46 frees, 7,420 bytes allocated >==2404== >==2404== All heap blocks were freed -- no leaks are possible >==2404== >==2404== For counts of detected and suppressed errors, rerun with: -v >==2404== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==2934== Warning: invalid file descriptor -1 in syscall close() >==2952== Memcheck, a memory error detector >==2952== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==2952== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==2952== Command: /bin/ls -l libreoffice >==2952== >==2955== Memcheck, a memory error detector >==2955== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==2955== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==2955== Command: /bin/sed s/.*libreoffice\ -\>\ //g >==2955== >==2952== >==2952== HEAP SUMMARY: >==2952== in use at exit: 19,425 bytes in 8 blocks >==2952== total heap usage: 216 allocs, 208 frees, 49,214 bytes allocated >==2952== >==2952== LEAK SUMMARY: >==2952== definitely lost: 0 bytes in 0 blocks >==2952== indirectly lost: 0 bytes in 0 blocks >==2952== possibly lost: 0 bytes in 0 blocks >==2952== still reachable: 19,425 bytes in 8 blocks >==2952== suppressed: 0 bytes in 0 blocks >==2952== Rerun with --leak-check=full to see details of leaked memory >==2952== >==2952== For counts of detected and suppressed errors, rerun with: -v >==2952== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==2955== >==2955== HEAP SUMMARY: >==2955== in use at exit: 43,033 bytes in 118 blocks >==2955== total heap usage: 301 allocs, 183 frees, 59,825 bytes allocated >==2955== >==2955== LEAK SUMMARY: >==2955== definitely lost: 1 bytes in 1 blocks >==2955== indirectly lost: 0 bytes in 0 blocks >==2955== possibly lost: 0 bytes in 0 blocks >==2955== still reachable: 43,032 bytes in 117 blocks >==2955== suppressed: 0 bytes in 0 blocks >==2955== Rerun with --leak-check=full to see details of leaked memory >==2955== >==2955== For counts of detected and suppressed errors, rerun with: -v >==2955== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==2934== >==2934== HEAP SUMMARY: >==2934== in use at exit: 2,790 bytes in 56 blocks >==2934== total heap usage: 77 allocs, 21 frees, 6,040 bytes allocated >==2934== >==2934== LEAK SUMMARY: >==2934== definitely lost: 0 bytes in 0 blocks >==2934== indirectly lost: 0 bytes in 0 blocks >==2934== possibly lost: 0 bytes in 0 blocks >==2934== still reachable: 2,790 bytes in 56 blocks >==2934== suppressed: 0 bytes in 0 blocks >==2934== Rerun with --leak-check=full to see details of leaked memory >==2934== >==2934== For counts of detected and suppressed errors, rerun with: -v >==2934== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==4056== Memcheck, a memory error detector >==4056== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==4056== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==4056== Command: /usr/bin/dirname ../lib/libreoffice/program/soffice >==4056== >==4056== >==4056== HEAP SUMMARY: >==4056== in use at exit: 0 bytes in 0 blocks >==4056== total heap usage: 45 allocs, 45 frees, 7,408 bytes allocated >==4056== >==4056== All heap blocks were freed -- no leaks are possible >==4056== >==4056== For counts of detected and suppressed errors, rerun with: -v >==4056== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==4579== >==4579== HEAP SUMMARY: >==4579== in use at exit: 9,972 bytes in 54 blocks >==4579== total heap usage: 90 allocs, 36 frees, 17,638 bytes allocated >==4579== >==4579== LEAK SUMMARY: >==4579== definitely lost: 0 bytes in 0 blocks >==4579== indirectly lost: 0 bytes in 0 blocks >==4579== possibly lost: 0 bytes in 0 blocks >==4579== still reachable: 9,972 bytes in 54 blocks >==4579== suppressed: 0 bytes in 0 blocks >==4579== Rerun with --leak-check=full to see details of leaked memory >==4579== >==4579== For counts of detected and suppressed errors, rerun with: -v >==4579== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==1041== Warning: invalid file descriptor -1 in syscall close() >==4659== Memcheck, a memory error detector >==4659== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==4659== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==4659== Command: /bin/grep -q cc >==4659== >==4654== >==4654== HEAP SUMMARY: >==4654== in use at exit: 10,864 bytes in 70 blocks >==4654== total heap usage: 143 allocs, 73 frees, 28,952 bytes allocated >==4654== >==4654== LEAK SUMMARY: >==4654== definitely lost: 0 bytes in 0 blocks >==4654== indirectly lost: 0 bytes in 0 blocks >==4654== possibly lost: 0 bytes in 0 blocks >==4654== still reachable: 10,864 bytes in 70 blocks >==4654== suppressed: 0 bytes in 0 blocks >==4654== Rerun with --leak-check=full to see details of leaked memory >==4654== >==4654== For counts of detected and suppressed errors, rerun with: -v >==4654== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==4659== >==4659== HEAP SUMMARY: >==4659== in use at exit: 44,788 bytes in 28 blocks >==4659== total heap usage: 159 allocs, 131 frees, 60,360 bytes allocated >==4659== >==4659== LEAK SUMMARY: >==4659== definitely lost: 0 bytes in 0 blocks >==4659== indirectly lost: 0 bytes in 0 blocks >==4659== possibly lost: 0 bytes in 0 blocks >==4659== still reachable: 44,788 bytes in 28 blocks >==4659== suppressed: 0 bytes in 0 blocks >==4659== Rerun with --leak-check=full to see details of leaked memory >==4659== >==4659== For counts of detected and suppressed errors, rerun with: -v >==4659== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==5539== Memcheck, a memory error detector >==5539== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==5539== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==5539== Command: /bin/uname -s >==5539== >==5539== >==5539== HEAP SUMMARY: >==5539== in use at exit: 0 bytes in 0 blocks >==5539== total heap usage: 45 allocs, 45 frees, 7,408 bytes allocated >==5539== >==5539== All heap blocks were freed -- no leaks are possible >==5539== >==5539== For counts of detected and suppressed errors, rerun with: -v >==5539== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==1041== Memcheck, a memory error detector >==1041== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==1041== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==1041== Command: /usr/lib/libreoffice/program/oosplash clam-8254.rtf >==1041== >==8131== Memcheck, a memory error detector >==8131== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==8131== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==8131== Command: /usr/lib/libreoffice/program/../ure-link/bin/javaldx -env:INIFILENAME=vnd.sun.star.pathname:/usr/lib/libreoffice/program/redirectrc >==8131== >==8131== >==8131== HEAP SUMMARY: >==8131== in use at exit: 1,264 bytes in 25 blocks >==8131== total heap usage: 2,833 allocs, 2,808 frees, 558,045 bytes allocated >==8131== >==8131== LEAK SUMMARY: >==8131== definitely lost: 0 bytes in 0 blocks >==8131== indirectly lost: 0 bytes in 0 blocks >==8131== possibly lost: 0 bytes in 0 blocks >==8131== still reachable: 1,264 bytes in 25 blocks >==8131== suppressed: 0 bytes in 0 blocks >==8131== Rerun with --leak-check=full to see details of leaked memory >==8131== >==8131== For counts of detected and suppressed errors, rerun with: -v >==8131== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4) >==10011== Memcheck, a memory error detector >==10011== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==10011== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==10011== Command: /usr/lib/libreoffice/program/soffice.bin clam-8254.rtf --splash-pipe=6 >==10011== >==24010== Memcheck, a memory error detector >==24010== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >==24010== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info >==24010== Command: /bin/sh -c sh\ -c\ paperconf\ 2\>/dev/null >==24010== >==24010== >==24010== HEAP SUMMARY: >==24010== in use at exit: 1,548 bytes in 45 blocks >==24010== total heap usage: 48 allocs, 3 frees, 1,700 bytes allocated >==24010== >==24010== LEAK SUMMARY: >==24010== definitely lost: 0 bytes in 0 blocks >==24010== indirectly lost: 0 bytes in 0 blocks >==24010== possibly lost: 0 bytes in 0 blocks >==24010== still reachable: 1,548 bytes in 45 blocks >==24010== suppressed: 0 bytes in 0 blocks >==24010== Rerun with --leak-check=full to see details of leaked memory >==24010== >==24010== For counts of detected and suppressed errors, rerun with: -v >==24010== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) >==10011== Use of uninitialised value of size 8 >==10011== at 0x27C42D32: void std::vector<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >, std::allocator<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > > >::emplace_back<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > >(std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >&&) (vector.tcc:95) >==10011== by 0x27C3E4E9: std::vector<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >, std::allocator<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > > >::push_back(std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >&&) (stl_vector.h:900) >==10011== by 0x27C3730A: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3495) >==10011== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==10011== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==10011== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==10011== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==10011== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==10011== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==10011== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==10011== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==10011== by 0x1BB445CC: framework::LoadEnv::startLoading() (loadenv.cxx:412) >==10011== >==10011== Invalid read of size 8 >==10011== at 0x27C42D32: void std::vector<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >, std::allocator<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > > >::emplace_back<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > >(std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >&&) (vector.tcc:95) >==10011== by 0x27C3E4E9: std::vector<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >, std::allocator<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > > >::push_back(std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >&&) (stl_vector.h:900) >==10011== by 0x27C3730A: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3495) >==10011== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==10011== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==10011== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==10011== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==10011== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==10011== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==10011== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==10011== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==10011== by 0x1BB445CC: framework::LoadEnv::startLoading() (loadenv.cxx:412) >==10011== Address 0x38 is not stack'd, malloc'd or (recently) free'd >==10011== >==10011== >==10011== Process terminating with default action of signal 11 (SIGSEGV) >==10011== Access not within mapped region at address 0x38 >==10011== at 0x27C42D32: void std::vector<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >, std::allocator<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > > >::emplace_back<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > >(std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >&&) (vector.tcc:95) >==10011== by 0x27C3E4E9: std::vector<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >, std::allocator<std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> > > >::push_back(std::pair<unsigned int, boost::shared_ptr<writerfilter::rtftok::RTFValue> >&&) (stl_vector.h:900) >==10011== by 0x27C3730A: writerfilter::rtftok::RTFDocumentImpl::popState() (rtfdocumentimpl.cxx:3495) >==10011== by 0x27C5B0B8: writerfilter::rtftok::RTFTokenizer::resolveParse() (rtftokenizer.cxx:112) >==10011== by 0x27C20DDC: writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&) (rtfdocumentimpl.cxx:597) >==10011== by 0x25BAEFAE: RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (RtfFilter.cxx:100) >==10011== by 0x7282CD9: SfxObjectShell::ImportFrom(SfxMedium&, bool) (objstor.cxx:2240) >==10011== by 0x727B153: SfxObjectShell::DoLoad(SfxMedium*) (objstor.cxx:733) >==10011== by 0x72BA944: SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) (sfxbasemodel.cxx:1873) >==10011== by 0x72FD35B: SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) (frmload.cxx:611) >==10011== by 0x1BB47BA7: framework::LoadEnv::impl_loadContent() (loadenv.cxx:1150) >==10011== by 0x1BB445CC: framework::LoadEnv::startLoading() (loadenv.cxx:412) >==10011== If you believe this happened as a result of a stack >==10011== overflow in your program's main thread (unlikely but >==10011== possible), you can try to increase the size of the >==10011== main thread stack using the --main-stacksize= flag. >==10011== The main thread stack size used in this run was 8388608. >==10011== >==10011== HEAP SUMMARY: >==10011== in use at exit: 14,784,919 bytes in 207,004 blocks >==10011== total heap usage: 479,187 allocs, 272,183 frees, 42,073,127 bytes allocated >==10011== >==10011== LEAK SUMMARY: >==10011== definitely lost: 4,376 bytes in 9 blocks >==10011== indirectly lost: 10,080 bytes in 297 blocks >==10011== possibly lost: 3,089,655 bytes in 43,765 blocks >==10011== still reachable: 11,680,808 bytes in 162,933 blocks >==10011== suppressed: 0 bytes in 0 blocks >==10011== Rerun with --leak-check=full to see details of leaked memory >==10011== >==10011== For counts of detected and suppressed errors, rerun with: -v >==10011== Use --track-origins=yes to see where uninitialised values come from >==10011== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 26 from 8) >==1041== >==1041== HEAP SUMMARY: >==1041== in use at exit: 334 bytes in 7 blocks >==1041== total heap usage: 1,167 allocs, 1,160 frees, 1,633,481 bytes allocated >==1041== >==1041== LEAK SUMMARY: >==1041== definitely lost: 0 bytes in 0 blocks >==1041== indirectly lost: 0 bytes in 0 blocks >==1041== possibly lost: 0 bytes in 0 blocks >==1041== still reachable: 334 bytes in 7 blocks >==1041== suppressed: 0 bytes in 0 blocks >==1041== Rerun with --leak-check=full to see details of leaked memory >==1041== >==1041== For counts of detected and suppressed errors, rerun with: -v >==1041== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 3)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=109704">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 86448
:
109701
|
109702
|
109703
| 109704