When a macro file containing a line that is longer than 1024 characters is loaded with the BASIC IDE, a buffer overflow occurs.
For me, the overflow crashed X nearly every time.
This bug potentially dangerous because it might be exploitable.
NOT reproducible with an own document and "LibreOffice 3.3.2 – WIN7 Home Premium (64bit) German UI [OOO330m19 (Build:202 / tag 126.96.36.199)]". I created a comment for the macro (in document) with a very long line (caret in column 2192), no crash in 5 Tests.
Related to OS or Beta2? I can't test with 3.4Beta2.
@ Andreas Becker:
Please contribute information concerning OS you tested. If you can't contribute some code causing the crash a sample document and a step by step instruction might be useful.
Created attachment 46084 [details]
crashing basic module with long line
My OS: GNU/Linux x86_64, but I think overflows work in every OS.
The bug is present in at least LibO 3.3.2 and the current git master.
How to reproduce:
soffice → Tools → Macros → Organize Macros → LibreOffice Basic → New (Macro)
Then produce a long line with more than 1024 characters in the IDE, the content does not matter.
Sometimes, it crashed already when I inserted the long line or hit the run button.
Close LibreOffice, restart it, go to Organize Macros and try to edit or run the macro with the long line. That crashes reliably for me.
Because it is a buffer overflow, you need some luck to get a crash due to an illegal memory access. A longer line increases the crash probability.
Created attachment 46085 [details]
crashing basic module
I attached the wrong file, here is a crashing one.
Still NOT rproducible] with "LibreOffice 3.3.2 – WIN7 Home Premium (64bit) English UI [OOO330m19 (Build:202 / tag 188.8.131.52)]".
I started LibO Start Center from WIN Start Center, created a WRITER document, inserted a small Macro to the WRITER document, that caused no problem at all.
For your own tests you can open attached "mytestWorksForMe.odt", run the integrated macro by pushing the button or edit the macro in the document. I did not find a way to get a crash, the only problem I saw was that the letters "a" will be shown with white color on white background in BASIC IDE.
No idea how to use your sample document. Please contribute a comprehensible step by step instruction.
Created attachment 46086 [details]
Sample Document, see Comment 4
>No idea how to use your sample document.
>Please contribute a comprehensible
>step by step instruction.
My attachment is a module description file that can be copied to <libreoffice config path>/3/user/basic/Standard/Module1.xba. Then the Module1.xba appears in the LibreOffice macro browser.
But your attached document crashes if I try to edit the macro. When I press the "Start Macro" button in your document, nothing crashes.
To get to the macro dialog and edit the macro go to: Tools → Macros → Organize Macros → LibreOffice Basic.
Then expand mytestWorksForMe-2.odt, select "Module1", select the macro "Main", click "Edit" → crash.
Can someone test it on Linux? Perhaps the vcl GUI stuff is system dependent?
This seems to be fixed in the current git master
tested on 184.108.40.206-96.fc14.x86_64
Closed due to Comment 7 August Sodora 2011-10-09 13:07:19 PDT
Please feel free to reopen this bug if you find out that the problem still exists with LibreOffice version 3.5 and if you can contribute requested additional information.
RESOLVED, FIXED or CLOSED bugs cant be KEYWORD NEEDINFO.