Bug 86451 - Crash importing malformed .rtf
Summary: Crash importing malformed .rtf
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: filters and storage (show other bugs)
(earliest affected)
3.5.4 release
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Not Assigned
Whiteboard: target:4.4.0 target:4.3.5
Depends on:
Reported: 2014-11-19 00:54 UTC by Alexander Cherepanov
Modified: 2014-11-19 17:05 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

Crasher (19.78 KB, application/rtf)
2014-11-19 00:55 UTC, Alexander Cherepanov
Valgrind log (17.90 KB, text/x-log)
2014-11-19 00:55 UTC, Alexander Cherepanov
Crasher (19.78 KB, application/rtf)
2014-11-19 00:55 UTC, Alexander Cherepanov
Valgrind log (18.83 KB, text/x-log)
2014-11-19 00:56 UTC, Alexander Cherepanov

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Cherepanov 2014-11-19 00:54:48 UTC
A couple of crashes while importing malformed .rtf files. According to valgrind (log attached) they are due to invalid reads at high addresses. DoS only?
Tested on Debian Stable.
Comment 1 Alexander Cherepanov 2014-11-19 00:55:12 UTC
Created attachment 109708 [details]
Comment 2 Alexander Cherepanov 2014-11-19 00:55:29 UTC
Created attachment 109709 [details]
Valgrind log
Comment 3 Alexander Cherepanov 2014-11-19 00:55:44 UTC
Created attachment 109710 [details]
Comment 4 Alexander Cherepanov 2014-11-19 00:56:00 UTC
Created attachment 109711 [details]
Valgrind log
Comment 5 Jean-Baptiste Faure 2014-11-19 05:45:16 UTC
Did you really report this bug against version 3.5.4? This version is very old and not maintained anymore. If it is the case, did you check if the problem is present in current stable versions and in master? If the problem is not present in the current versions, I fear we should close this bug report as WontFix.

Set status to NEEDINFO. Please set it back to UNCONFIRMED once you have provided requested informations. Thank you for your understanding.

Best regards. JBF
Comment 6 Miklos Vajna 2014-11-19 08:43:14 UTC
Yes, this is still an issue on master.
Comment 7 Commit Notification 2014-11-19 12:13:18 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":


Resolves: fdo#86451 guard all the tops post pop

It will be available in 4.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
Affected users are encouraged to test the fix and report feedback.
Comment 8 Caolán McNamara 2014-11-19 12:27:56 UTC
brute force fix resolves this