https://bugs.documentfoundation.org/show_bug.cgi?id=94275
Bug ID: 94275
Summary: Unguarded strlen causes core dump with XKeysymToString
returns NULL
Product: LibreOffice
Version: 5.0.1.1 rc
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: [email protected]
Reporter: [email protected]
Created attachment 118768
--> https://bugs.documentfoundation.org/attachment.cgi?id=118768&action=edit
ODT export of ORG export which causes crash
I thought I'd test importing an ODT document generated from Emacs' org-mode
export. Unfortunately it causes a core dump when an unguarded strlen in
SalDisplay::GetKeyNameFromKeySym attempts to operate on a NULL return.
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007fffdfd69083 in SalDisplay::GetKeyNameFromKeySym
(this=this@entry=0x1121b30, nKeySym=<optimised out>)
at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/unx/generic/app/saldisp.cxx:744
#2 0x00007fffdfd696f5 in SalDisplay::GetKeyName (this=0x1121b30,
nKeyCode=nKeyCode@entry=9476) at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/unx/generic/app/saldisp.cxx:798
#3 0x00007fffe17892a2 in GtkSalFrame::GetKeyName (this=<optimised out>,
nKeyCode=<optimised out>) at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/unx/gtk/window/gtksalframe.cxx:3005
#4 0x00007ffff6125bbc in vcl::KeyCode::GetName
(this=this@entry=0x7fffffffbfb0, pWindow=<optimised out>, pWindow@entry=0x0)
at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/source/window/keycod.cxx:108
...
(gdb) directory ~/disk/packages/libreoffice-5.0.1~rc2/vcl/unx/generic/app/
Source directories searched:
/home/alex/disk/packages/libreoffice-5.0.1~rc2/vcl/unx/generic/app:/home/alex/disk/packages/libreoffice-5.0.1~rc2:$cdir:$cwd
(gdb) l
739 {
740 aRet = ::vcl_sal::getKeysymReplacementName( aLang, nKeySym
);
741 if( aRet.isEmpty() )
742 {
743 const char *pString = XKeysymToString( nKeySym );
744 int n = strlen( pString );
745 if( n > 2 && pString[n-2] == '_' )
746 aRet = OUString( pString, n-2,
RTL_TEXTENCODING_ISO_8859_1 );
747 else
748 aRet = OUString( pString, n,
RTL_TEXTENCODING_ISO_8859_1 );
(gdb) info locals
pString = 0x0
n = <optimised out>
aLang = "en"
aRet = ""
aKeyCode = <optimised out>
I'm not sure which element of the document it was failing on as optimization
has hidden the useful variables.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
