Execute following macro: Sub strOverflow Dim s As String, i As Integer s = "0" For i=1 To 31 s = s & s Next i End Sub This segfaults both on 32- and 64-bit LibreOffice when memory allocation is unsuccessful (maximum string size is 2147483638 = 2^31 - 10). LibreOffice crashes.
A patch submitted for review: https://gerrit.libreoffice.org/37965
It crashes with Version: 5.4.0.0.alpha1+ Build ID: 965494c544dd8f35ae83b7cf38549009da06c367 CPU threads: 4; OS: Windows 6.1; UI render: default; TinderBox: Win-x86@62-TDF, Branch:MASTER, Time: 2017-05-10_23:06:27 Locale: de-DE (de_DE); Calc: group
Let's put this one to ASSIGNED since you assigned yourself.
Mike Kaganski committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=ef117cad3a13fda0932bd3da6c032f3499eb9069 tdf#108039: check for nullptr in rtl_uString and OUString It will be available in 5.5.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.