From 72cfcf7f3e306e1ce1808d66c063b887c738fc9b Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Mon, 20 Apr 2020 10:26:44 +0200 Subject: [PATCH] admin_fuzzer: fix too large param to cpu_stats_size setter Don't pop an empty container, also use stol() so it does not throw std::out_of_range. Change-Id: Id81cb00ccfb0ecc234b8f6fa89edf5a0d8c6d353 Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92524 Tested-by: Jenkins CollaboraOffice Reviewed-by: Miklos Vajna --- ...crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c | Bin 0 -> 329 bytes wsd/Admin.cpp | 2 +- wsd/AdminModel.cpp | 5 +++++ 3 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c diff --git a/fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c b/fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c new file mode 100644 index 0000000000000000000000000000000000000000..b2aad8d84d98200d0b7088d4271c15a6b1aefd58 GIT binary patch literal 329 zcmZvXO$x#=5Jt1k(i3#&s)Bz|7hPF|6jTr`E|gHxps}?rWK`<;JV^G@eR(-CA}6*3|B^2k#DAAD$?>0A>u$+VX4MN z4o8~qWTFa0ZZ$Znyh#f&SZU2O@xAqHNk0~|K4Oxc2AtBgOp1lxNAoU36B4wD+ah<_ zZ~Q!$H#UrgXCQ;$q0pS(|JmAi+fCH0AuFy3{ &payload) } else if (settingName == "cpu_stats_size") { - if (settingVal != std::stoi(model.query(settingName))) + if (settingVal != std::stol(model.query(settingName))) { model.setCpuStatsSize(settingVal); } diff --git a/wsd/AdminModel.cpp b/wsd/AdminModel.cpp index f19d6e367..3caff4bb5 100644 --- a/wsd/AdminModel.cpp +++ b/wsd/AdminModel.cpp @@ -401,6 +401,11 @@ void AdminModel::setCpuStatsSize(unsigned size) int wasteValuesLen = _cpuStats.size() - size; while (wasteValuesLen-- > 0) { + if (_cpuStats.empty()) + { + break; + } + _cpuStats.pop_front(); } _cpuStatsSize = size;