Bug 86448

Summary: Crashes importing malformed .rtf -- DoS
Product: LibreOffice Reporter: Alexander Cherepanov <cherepan>
Component: filters and storageAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED DUPLICATE    
Severity: normal CC: vmiklos
Priority: medium    
Version: 3.5.4 release   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
Crash report or crash signature: Regression By:
Attachments: Crasher
Valgrind log
Crasher
Valgrind log

Description Alexander Cherepanov 2014-11-19 00:41:39 UTC 
A couple of crashes while importing malformed .rtf files. According to valgrind (logs attached) they are due to null pointer deref (but note "Use of uninitialised value" too). Seem to be DoS only.
Tested on Debian Stable.
Comment 1 Alexander Cherepanov 2014-11-19 00:42:06 UTC 
Created attachment 109701 [details]
Crasher
Comment 2 Alexander Cherepanov 2014-11-19 00:42:26 UTC 
Created attachment 109702 [details]
Valgrind log
Comment 3 Alexander Cherepanov 2014-11-19 00:42:45 UTC 
Created attachment 109703 [details]
Crasher
Comment 4 Alexander Cherepanov 2014-11-19 00:43:02 UTC 
Created attachment 109704 [details]
Valgrind log
Comment 5 Miklos Vajna 2014-11-19 08:39:38 UTC 
'OOO_EXIT_POST_STARTUP=1 ./soffice fdo86448.rtf' hangs here on master, but it does not crash.
Comment 6 Caolán McNamara 2014-11-19 12:36:24 UTC 
This crashes in 4-3 for me. The fix for bug 86449 also fixes it there, so setting it as a dup of that. I don't see a hang in master btw.

*** This bug has been marked as a duplicate of bug 86449 ***