Bug 36590 - Long lines in BASIC IDE cause crash
Summary: Long lines in BASIC IDE cause crash
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: BASIC (show other bugs)
(earliest affected)
3.4.0 Beta2
Hardware: x86-64 (AMD64) Linux (All)
: medium critical
Assignee: Not Assigned
Depends on:
Reported: 2011-04-25 12:53 UTC by Andreas Becker
Modified: 2011-12-23 13:45 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

crashing basic module with long line (326 bytes, application/xml)
2011-04-26 03:29 UTC, Andreas Becker
crashing basic module (7.09 KB, application/xml)
2011-04-26 03:37 UTC, Andreas Becker
Sample Document, see Comment 4 (11.23 KB, application/vnd.oasis.opendocument.text)
2011-04-26 04:30 UTC, Rainer Bielefeld Retired

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Becker 2011-04-25 12:53:22 UTC
When a macro file containing a line that is longer than 1024 characters is loaded with the BASIC IDE, a buffer overflow occurs.
For me, the overflow crashed X nearly every time.
This bug potentially dangerous because it might be exploitable.
Comment 1 Rainer Bielefeld Retired 2011-04-26 01:10:30 UTC
NOT reproducible with an own document and "LibreOffice 3.3.2  – WIN7  Home Premium  (64bit) German UI [OOO330m19 (Build:202 / tag]". I created a comment for the macro (in document) with a very long line (caret in column 2192), no crash in 5 Tests.

Related to OS or Beta2? I can't test with 3.4Beta2.

@ Andreas Becker:
Please contribute information concerning OS you tested. If you can't contribute some code causing the crash a sample document and a step by step instruction might be useful.
Comment 2 Andreas Becker 2011-04-26 03:29:23 UTC
Created attachment 46084 [details]
crashing basic module with long line

My OS: GNU/Linux x86_64, but I think overflows work in every OS.

The bug is present in at least LibO 3.3.2 and the current git master.

How to reproduce:
soffice → Tools → Macros → Organize Macros → LibreOffice Basic → New (Macro)
Then produce a long line with more than 1024 characters in the IDE, the content does not matter.
Sometimes, it crashed already when I inserted the long line or hit the run button.
Close LibreOffice, restart it, go to Organize Macros and try to edit or run the macro with the long line. That crashes reliably for me.

Because it is a buffer overflow, you need some luck to get a crash due to an illegal memory access. A longer line increases the crash probability.
Comment 3 Andreas Becker 2011-04-26 03:37:20 UTC
Created attachment 46085 [details]
crashing basic module

I attached the wrong file, here is a crashing one.
Comment 4 Rainer Bielefeld Retired 2011-04-26 04:28:49 UTC
Still NOT rproducible] with "LibreOffice 3.3.2  – WIN7  Home Premium  (64bit) English UI [OOO330m19 (Build:202 / tag]".

I started LibO Start Center from WIN Start Center, created a WRITER document, inserted a small Macro to the WRITER document, that caused no problem at all.
For your own tests you can open attached "mytestWorksForMe.odt", run the integrated macro by pushing the button or edit the macro in the document. I did not find a way to get a crash, the only problem I saw was that the letters "a" will be shown with white color on white background in BASIC IDE.

@Andreas Becker:
No idea how to use your sample document. Please contribute a comprehensible step by step instruction.
Comment 5 Rainer Bielefeld Retired 2011-04-26 04:30:00 UTC
Created attachment 46086 [details]
Sample Document, see Comment 4
Comment 6 Andreas Becker 2011-04-26 07:06:03 UTC
>No idea how to use your sample document.
>Please contribute a comprehensible
>step by step instruction.

My attachment is a module description file that can be copied to <libreoffice config path>/3/user/basic/Standard/Module1.xba. Then the Module1.xba appears in the LibreOffice macro browser.

But your attached document crashes if I try to edit the macro. When I press the "Start Macro" button in your document, nothing crashes.
To get to the macro dialog and edit the macro go to: Tools → Macros → Organize Macros → LibreOffice Basic.
Then expand mytestWorksForMe-2.odt, select "Module1", select the macro "Main", click "Edit" → crash.

Can someone test it on Linux? Perhaps the vcl GUI stuff is system dependent?
Comment 7 August Sodora 2011-10-09 13:07:19 UTC
This seems to be fixed in the current git master

tested on
Comment 8 Rainer Bielefeld Retired 2011-12-18 07:34:57 UTC
Closed due to Comment 7 August Sodora 2011-10-09 13:07:19 PDT 

Please feel free to reopen this bug if you find out that the problem still exists with LibreOffice version 3.5 and if you can contribute requested additional information.
Comment 9 Björn Michaelsen 2011-12-22 05:51:31 UTC