libreoffice-online/fuzzer/data/crash-32e5136d2291e6c5fa99aa5942acded42b66a528 at 3e131a9e0f9e677c217af8eec5205315da62b4bb

Miklos Vajna aefc65465b wsd: fix crash when downloadas has not enough parameters

==11898==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007c4f87 bp 0x7fffe45dfe90 sp 0x7fffe45df608 T0)
==11898==The signal is caused by a READ memory access.
==11898==Hint: address points to the zero page.
    #0 0x7c4f86 in AddressIsPoisoned lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_mapping.h:397
    #1 0x7c4f86 in __asan::QuickCheckForUnpoisonedRegion(unsigned long, unsigned long) lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_interceptors_memintrinsics.h:31
    #2 0x816436 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:834
    #3 0x816d38 in memcmp lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:866
    #4 0x7f1964437595 in std::char_traits<char>::compare(char const*, char const*, unsigned long) lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/char_traits.h:310
    #5 0x7f1964437595 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(unsigned long, unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:1391
    #6 0x18e206d in LOOLProtocol::getTokenString(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) common/Protocol.cpp:141:19
    #7 0x117cc0a in ClientSession::filterMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const wsd/ClientSession.cpp:940:13
    #8 0x116b832 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:741:14
    #9 0x18f70d0 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13

Change-Id: I0c7da6c02ac62bf0bc99557517fc7c517917046c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89229
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>

2020-02-22 12:18:34 +01:00

165 B

Raw History

View raw

165 B Raw History

165 B

Raw History