[Libreoffice-bugs] [Bug 94275] New: Unguarded strlen causes core dump with XKeysymToString returns NULL

[bugzilla-daemon]

https://bugs.documentfoundation.org/show_bug.cgi?id=94275

            Bug ID: 94275
           Summary: Unguarded strlen causes core dump with XKeysymToString
                    returns NULL
           Product: LibreOffice
           Version: 5.0.1.1 rc
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: LibreOffice
          Assignee: libreoffice-bugs@lists.freedesktop.org
          Reporter: bugzi...@bennee.com

Created attachment 118768
  --> https://bugs.documentfoundation.org/attachment.cgi?id=118768&action=edit
ODT export of ORG export which causes crash

I thought I'd test importing an ODT document generated from Emacs' org-mode
export. Unfortunately it causes a core dump when an unguarded strlen in
SalDisplay::GetKeyNameFromKeySym attempts to operate on a NULL return.

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00007fffdfd69083 in SalDisplay::GetKeyNameFromKeySym
(this=this@entry=0x1121b30, nKeySym=<optimised out>)
    at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/unx/generic/app/saldisp.cxx:744
#2  0x00007fffdfd696f5 in SalDisplay::GetKeyName (this=0x1121b30,
nKeyCode=nKeyCode@entry=9476) at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/unx/generic/app/saldisp.cxx:798
#3  0x00007fffe17892a2 in GtkSalFrame::GetKeyName (this=<optimised out>,
nKeyCode=<optimised out>) at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/unx/gtk/window/gtksalframe.cxx:3005
#4  0x00007ffff6125bbc in vcl::KeyCode::GetName
(this=this@entry=0x7fffffffbfb0, pWindow=<optimised out>, pWindow@entry=0x0)
    at
/build/libreoffice-Ke3JzN/libreoffice-5.0.1~rc2/vcl/source/window/keycod.cxx:108
...


(gdb) directory ~/disk/packages/libreoffice-5.0.1~rc2/vcl/unx/generic/app/
Source directories searched:
/home/alex/disk/packages/libreoffice-5.0.1~rc2/vcl/unx/generic/app:/home/alex/disk/packages/libreoffice-5.0.1~rc2:$cdir:$cwd
(gdb) l
739             {
740                 aRet = ::vcl_sal::getKeysymReplacementName( aLang, nKeySym
);
741                 if( aRet.isEmpty() )
742                 {
743                     const char *pString = XKeysymToString( nKeySym );
744                     int n = strlen( pString );
745                     if( n > 2 && pString[n-2] == '_' )
746                         aRet = OUString( pString, n-2,
RTL_TEXTENCODING_ISO_8859_1 );
747                     else
748                         aRet = OUString( pString, n,
RTL_TEXTENCODING_ISO_8859_1 );
(gdb) info locals
pString = 0x0
n = <optimised out>
aLang = "en"
aRet = ""
aKeyCode = <optimised out>

I'm not sure which element of the document it was failing on as optimization
has hidden the useful variables.

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs