41642 – Impress crash due to stack exhaustion

Bug 41642 - Impress crash due to stack exhaustion

Summary: Impress crash due to stack exhaustion

Status:	CLOSED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Impress (show other bugs)
Version: (earliest affected)	3.4.3 release
Hardware:	All Linux (All)

Importance:	medium normal
Assignee:	Caolán McNamara

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-10 03:00 UTC by Huzaifa Sidhpurwala
Modified:	2012-05-04 00:33 UTC (History)
CC List:	1 user (show)

See Also:
Crash report or crash signature:

Attachments
crasher slidedeck (90.00 KB, application/vnd.ms-powerpoint) 2011-10-10 03:00 UTC, Huzaifa Sidhpurwala	Details
gdb traceback (19.71 KB, text/plain) 2011-10-10 03:03 UTC, Huzaifa Sidhpurwala	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Huzaifa Sidhpurwala 2011-10-10 03:00:31 UTC

Created attachment 52167 [details]
crasher slidedeck

Found this bug during my fuzzing. gdb suggests stack exhaustion here, could not see any traces of memory corruption, but i could be wrong :)

Comment 1 Huzaifa Sidhpurwala 2011-10-10 03:03:18 UTC

Created attachment 52168 [details]
gdb traceback

Comment 2 Caolán McNamara 2011-10-10 12:55:31 UTC

looks like a loop in the structured storage loader, seen this sort of thing before, typically because it the chain *is* actually looped.

Some loop detection probably required

Comment 3 Caolán McNamara 2011-10-12 01:49:32 UTC

fixed locally, will push with test-harness, post conference

Comment 4 Caolán McNamara 2011-10-15 04:21:05 UTC

fixed with http://cgit.freedesktop.org/libreoffice/core/commit/?id=751b72050331c6b97c91bb1d4c69e05e3e32d998

regression test with http://cgit.freedesktop.org/libreoffice/core/commit/?id=a851938bfc4c8a12bbb25be3d14b7da835a49e6f

Comment 5 Roman Eisele 2012-05-04 00:33:53 UTC

This is an Impress issue, therefore changed 'Component' accordingly.