fuzzer/data/crash-32e5136d2291e6c5fa99aa5942acded42b66a528 |binary
wsd/ClientSession.cpp | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
New commits:
commit aefc65465b255e09ee2f66cbebaf1b2e54ded40c
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Feb 21 16:27:58 2020 +0100
Commit: Michael Meeks <michael.me...@collabora.com>
CommitDate: Sat Feb 22 12:18:34 2020 +0100
wsd: fix crash when downloadas has not enough parameters
==11898==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x0000007c4f87 bp 0x7fffe45dfe90 sp 0x7fffe45df608 T0)
==11898==The signal is caused by a READ memory access.
==11898==Hint: address points to the zero page.
#0 0x7c4f86 in AddressIsPoisoned
lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_mapping.h:397
#1 0x7c4f86 in __asan::QuickCheckForUnpoisonedRegion(unsigned long,
unsigned long)
lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_interceptors_memintrinsics.h:31
#2 0x816436 in MemcmpInterceptorCommon(void*, int (*)(void const*, void
const*, unsigned long), void const*, void const*, unsigned long)
lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:834
#3 0x816d38 in memcmp
lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:866
#4 0x7f1964437595 in std::char_traits<char>::compare(char const*, char
const*, unsigned long)
lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/char_traits.h:310
#5 0x7f1964437595 in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::compare(unsigned long, unsigned
long, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&) const
lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:1391
#6 0x18e206d in
LOOLProtocol::getTokenString(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
const&, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >&) common/Protocol.cpp:141:19
#7 0x117cc0a in
ClientSession::filterMessage(std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&) const
wsd/ClientSession.cpp:940:13
#8 0x116b832 in ClientSession::_handleInput(char const*, int)
wsd/ClientSession.cpp:741:14
#9 0x18f70d0 in Session::handleMessage(bool, WSOpCode,
std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13
Change-Id: I0c7da6c02ac62bf0bc99557517fc7c517917046c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89229
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
Reviewed-by: Michael Meeks <michael.me...@collabora.com>
diff --git a/fuzzer/data/crash-32e5136d2291e6c5fa99aa5942acded42b66a528
b/fuzzer/data/crash-32e5136d2291e6c5fa99aa5942acded42b66a528
new file mode 100644
index 000000000..5fc870ec6
Binary files /dev/null and
b/fuzzer/data/crash-32e5136d2291e6c5fa99aa5942acded42b66a528 differ
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 1442b4a23..1c9ac7e66 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -937,7 +937,7 @@ bool ClientSession::filterMessage(const std::string&
message) const
if (tokens[0] == "downloadas")
{
std::string id;
- if (getTokenString(tokens[2], "id", id))
+ if (tokens.size() >= 3 && getTokenString(tokens[2], "id", id))
{
if (id == "print" && _wopiFileInfo &&
_wopiFileInfo->getDisablePrint())
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
