Created attachment 59900 [details] Crash PoC Both on Windows and Linux it is possible to cause a Dos and\or a memory corruption using crafted doc files (see attachments). On Fedora core 16 the program crash as follow: terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc Program received signal SIGABRT, Aborted. 0X00111416 in __kernel_vsyscall () Regards
Created attachment 59901 [details] DoS PoC
confirmed, but these are rtf not msword files
Caolan McNamara committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=234f150f30d881b2691288c5f5581306bd4d3d18 Resolves: fdo#48640 handle various busted rtf docs without hanging
caolanm->vmiklos: can you look over my changes and see if you're happy with them, and cherry-pick for 3-5 if so, or fix it up some more if necessary
Caolan McNamara committed a patch related to this issue. It has been pushed to "libreoffice-3-5": http://cgit.freedesktop.org/libreoffice/core/commit/?id=51c8c95b2864b49e7bcbd824eacedb5778a758c0&g=libreoffice-3-5 Resolves: fdo#48640 handle various busted rtf docs without hanging It will be available in LibreOffice 3.5.3.
Caolán, Yes, looks reasonable, thanks for fixing this one. Miklos