| Summary: | Crash in: SbxArray::Count() when trying to call a WinAPI function | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | Mike Kaganski <mikekaganski> |
| Component: | BASIC | Assignee: | Mike Kaganski <mikekaganski> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | 6.1.2.1 release | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | target:6.2.0 target:6.1.4 | ||
| Crash report or crash signature: | ["SbxArray::Count()"] | Regression By: | |
|
Description
Mike Kaganski
2018-10-19 12:46:33 UTC
This is the error in ErrCode call() in basic/source/runtime/dllmgr-x64.cxx, where it dereferences `arguments` before checking it for nullptr (as done below, and as mentioned in a comment to SbiRuntime::DllCall()). 32-bit version of the function doesn't have this problem. Mike Kaganski committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=49d304c4f6635381a27b60a8944744cc81ff1e91 tdf#120706: nullptr dereference It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Mike Kaganski committed a patch related to this issue. It has been pushed to "libreoffice-6-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=7951138541caabcd25fccaa8f9ebb0226ce2ce12&h=libreoffice-6-1 tdf#120706: nullptr dereference It will be available in 6.1.4. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |