Bug 150135 - Accessing uninitialized TextInputStream methods crashes
Summary: Accessing uninitialized TextInputStream methods crashes
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: BASIC (show other bugs)
Version:
(earliest affected)
unspecified
Hardware: All All
: medium normal
Assignee: Baole Fang
URL:
Whiteboard: target:7.6.0 target:7.5.3
Keywords: difficultyBeginner, easyHack, skillCpp
Depends on:
Blocks: Crash
  Show dependency treegraph
 
Reported: 2022-07-25 09:41 UTC by Mike Kaganski
Modified: 2023-03-16 09:24 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Kaganski 2022-07-25 09:41:49 UTC 
Sub crash
  stream = CreateUnoService("com.sun.star.io.TextInputStream")
  stream.available()
End Sub

This crashes the process, which is an unacceptable outcome (it should raise an exception, translated to Basic run-time error).

The code of OTextInputStream [1] does not check if its mxStream is valid before dereferencing.

The easy hack is to add the checking code, that would throw an appropriate runtime exception.

[1] https://opengrok.libreoffice.org/xref/core/io/source/TextInputStream/TextInputStream.cxx?r=ed9ff1a3#53
Comment 1 Rafael Lima 2022-07-25 17:24:20 UTC 
Repro with

Version: 7.5.0.0.alpha0+ / LibreOffice Community
Build ID: 21a31eefab1401d288dbb8220f3df3365be9efaf
CPU threads: 16; OS: Linux 5.15; UI render: default; VCL: kf5 (cairo+xcb)
Locale: pt-BR (pt_BR.UTF-8); UI: en-US
Calc: threaded

LibreOffice crashes as reported by the OP. The interpreter should have treated this as a runtime exception and caught the error before crashing.
Comment 2 Baole Fang 2023-03-13 18:49:22 UTC 
I start working on this.
Comment 3 Commit Notification 2023-03-14 06:48:08 UTC 
Baole Fang committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/16242898da50fbf680df558cb47d1978c3304572

tdf#150135: Fix OTextInputStream to throw runtime exception when uninitialized

It will be available in 7.6.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 4 Commit Notification 2023-03-16 09:24:36 UTC 
Baole Fang committed a patch related to this issue.
It has been pushed to "libreoffice-7-5":

https://git.libreoffice.org/core/commit/bf6d1e58031c56dbe85995572deabd35200c9c74

tdf#150135: Fix OTextInputStream to throw runtime exception when uninitialized

It will be available in 7.5.3.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.