| Summary: | LibreOffice 3.5.2.2 - crash or memory corruption with a specific .rtf file | ||
|---|---|---|---|
| Product: | LibreOffice | Reporter: | Carlo Di Dato <shinnai> |
| Component: | Writer | Assignee: | Miklos Vajna <vmiklos> |
| Status: | CLOSED FIXED | ||
| Severity: | normal | CC: | caolan.mcnamara, dtardon |
| Priority: | medium | ||
| Version: | 3.5.2 release | ||
| Hardware: | x86 (IA32) | ||
| OS: | All | ||
| Whiteboard: | target:3.6.0 target:3.5.3 | ||
| Crash report or crash signature: | Regression By: | ||
| Attachments: |
Crash PoC
DoS PoC |
||
Created attachment 59901 [details]
DoS PoC
confirmed, but these are rtf not msword files Caolan McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=234f150f30d881b2691288c5f5581306bd4d3d18 Resolves: fdo#48640 handle various busted rtf docs without hanging caolanm->vmiklos: can you look over my changes and see if you're happy with them, and cherry-pick for 3-5 if so, or fix it up some more if necessary Caolan McNamara committed a patch related to this issue. It has been pushed to "libreoffice-3-5": http://cgit.freedesktop.org/libreoffice/core/commit/?id=51c8c95b2864b49e7bcbd824eacedb5778a758c0&g=libreoffice-3-5 Resolves: fdo#48640 handle various busted rtf docs without hanging It will be available in LibreOffice 3.5.3. Caolán, Yes, looks reasonable, thanks for fixing this one. Miklos |
Created attachment 59900 [details] Crash PoC Both on Windows and Linux it is possible to cause a Dos and\or a memory corruption using crafted doc files (see attachments). On Fedora core 16 the program crash as follow: terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc Program received signal SIGABRT, Aborted. 0X00111416 in __kernel_vsyscall () Regards