152133 – Stack Protection is not provided for BASIC call to DLL using declare - lib

Bug 152133 - Stack Protection is not provided for BASIC call to DLL using declare - lib

Summary: Stack Protection is not provided for BASIC call to DLL using declare - lib

Status:	UNCONFIRMED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	BASIC (show other bugs)
Version: (earliest affected)	7.4.2.3 release
Hardware:	All Windows (All)

Importance:	medium enhancement
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	Macro
	Show dependency tree / graph

Reported:	2022-11-20 03:23 UTC by tanh
Modified:	2023-08-17 00:40 UTC (History)
CC List:	1 user (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tanh 2022-11-20 03:23:19 UTC

Description:
When a call is made to a function provided by a declaration with a bad signature:
Public Declare Function WSAStartup Lib "ws2_32.dll" (ByVal wVersionRequested As Integer, lpWSAData As wsaData) As Long

-- LibreOffice Calc just crashes.
In a similar situation, MS Excel does not crash, because VBA checks and corrects the stack.

Steps to Reproduce:
1.Type wsaData
    wVersion As Integer
    wHighVersion As Integer
    szDescription As String * WSA_DescriptionSize
    szSystemStatus As String * WSA_SysStatusSize
    iMaxSockets As Integer
    iMaxUdpDg As Integer
    lpVendorInfo As String * 200
End Type

Public Declare Function WSAStartup Lib "ws2_32.dll" (ByVal wVersionRequested As Integer, lpWSAData As wsaData) As Long

Sub Test()
Dim errCode     As Integer
Const wsVer22 = 514
Dim SockInfo As wsaData
        
        errCode = WSAStartup(wsVer22, SockInfo)
Exit Sub


2.Call the sub


Actual Results:
LibreOffice crashes and closes.

Expected Results:
Libre Office does not crash.


Reproducible: Always


User Profile Reset: Yes

Additional Info:
There's not much you can do if the stack is corrupted by a call to an external DLL. But LO should wrap calls to DLL's declared in BASIC, so that LO itself doesn't crash.  Stack faults in this situation should either be ignored, or cause an orderly shutdown.

The stack protection provided by MS VBA makes calls slower, and requires the use of LastDLLError (because the wrapper code will lose GetLastError), but that has not been a cause of complaint.

Version: 7.4.2.3 (x86) / LibreOffice Community
Build ID: 382eef1f22670f7f4118c8c2dd222ec7ad009daf
CPU threads: 4; OS: Windows 6.1 Service Pack 1 Build 7601; UI render: Skia/Raster; VCL: win
Locale: en-AU (en_AU); UI: en-US
Calc: threaded

Comment 1 Roman Kuznetsov 2023-07-09 08:37:37 UTC

I don't see the crash, I got just an error like:

BASIC syntax error.
Syntax error.

in  szDescription As String * WSA_DescriptionSize string

May be I did something wrong. Would be much better to have some ODS example with macro for checking

I tested in current dev build:

Version: 24.2.0.0.alpha0+ (X86_64) / LibreOffice Community
Build ID: 77fca616e0bd79e0b405fd0b3543cf8e94e15df3
CPU threads: 16; OS: Windows 10.0 Build 19045; UI render: Skia/Raster; VCL: win
Locale: ru-RU (ru_RU); UI: en-US
Calc: CL threaded

Comment 2 tanh 2023-08-17 00:40:19 UTC

Sorry, need to define the values for the manifest constants in the example:

Public Const WSA_DescriptionSize = 257
Public Const WSA_SysStatusSize = 129


I'll try again in the current version when I get the opportunity. If someone has been working on buffer-overflows and vulnerabilities it might eventually get done for that reason.