Created attachment 99659 [details] Repro file When opening a mutated DOCX file, an ASan build of LO 4.4.0.0 alpha0 will crash: Program received signal SIGSEGV, Segmentation fault. 0x00007fffb12597cd in oox::vml::InputStream::updateBuffer (this=<optimized out>) at /home/moggi/devel/libo7/oox/source/vml/vmlinputstream.cxx:339 rax 0x0 0 rbx 0x7ffffffe7780 140737488254848 rcx 0x0 0 rdx 0x0 0 rsi 0x7ffffffe73c0 140737488253888 rdi 0x7ffffffe7480 140737488254080 rbp 0x7ffffffe7930 0x7ffffffe7930 rsp 0x7ffffffe7500 0x7ffffffe7500 0x00007fffb12597c5 <oox::vml::InputStream::updateBuffer()+901>: mov 0x1a0(%rsp),%rax => 0x00007fffb12597cd <oox::vml::InputStream::updateBuffer()+909>: mov (%rax),%rcx 0x00007fffb12597d0 <oox::vml::InputStream::updateBuffer()+912>: add $0x50,%rcx Original OO file: Cast_Simulation.xlsx Mutated OO file (repro file): crash-30730.docx Modified XML file: xl/worksheets/_rels/sheet1.xml.rels Modifications: attrribute "Target" of tag " "Relationship" was switched from "../drawings/vmlDrawing1.vml" to "Abc123"
Created attachment 99660 [details] Original file
Julien Nabet committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=372d5d74ad8cfb9b69dc20557359c4a2c1597b57 Resolves: fdo#79137 Crash in oox::vml::InputStream::updateBuffer The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
On pc Debian x86-64 with master sources updated yesterday, I could reproduce this. For 4.3: https://gerrit.libreoffice.org/9465 For 4.2: https://gerrit.libreoffice.org/9466
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=5a1a182f626bd9caa077e20850a132759fec5d86&h=libreoffice-4-2 Resolves: fdo#79137 Crash in oox::vml::InputStream::updateBuffer It will be available in LibreOffice 4.2.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Julien Nabet committed a patch related to this issue. It has been pushed to "libreoffice-4-3": http://cgit.freedesktop.org/libreoffice/core/commit/?id=38365bf44e7ea37d25463787baab83e985240a41&h=libreoffice-4-3 Resolves: fdo#79137 Crash in oox::vml::InputStream::updateBuffer It will be available in LibreOffice 4.3. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Thanks to the review of Caolan for 4.3 and 4.2 branches, we can consider this as FIXED.