[Libreoffice-commits] online.git: fuzzer/data wsd/ClientSession.cpp

Thu, 27 Feb 2020 09:00:22 -0800 

 fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3 |binary
 wsd/ClientSession.cpp                                      |    2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

New commits:
commit d129979822212f739279de89c9f6ad5d48f338f4
Author:     Miklos Vajna <vmik...@collabora.com>
AuthorDate: Thu Feb 27 15:34:52 2020 +0100
Commit:     Miklos Vajna <vmik...@collabora.com>
CommitDate: Thu Feb 27 17:59:59 2020 +0100

    wsd: fix crash with read-only documents + uno command without param
    
    ==15956==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 
(pc 0x0000007cd2f7 bp 0x7ffe96c7cd70 sp 0x7ffe96c7c4e8 T0)
    ...
        #7 0x11a9d31 in 
ClientSession::filterMessage(std::__cxx11::basic_string<char, 
std::char_traits<char>, std::allocator<char> > const&) const 
wsd/ClientSession.cpp:977:27
        #8 0x11925d6 in ClientSession::_handleInput(char const*, int) 
wsd/ClientSession.cpp:741:14
        #9 0x19395d0 in Session::handleMessage(bool, WSOpCode, 
std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13
    
    This seems to be a recurring pattern, I'll consider reworking
    LOOLProtocol::tokenize() in a follow-up commit to have a return value
    that is safer than std::vector<std::string>.
    
    Change-Id: I0e71214a55af2e71e4787cb0dba0ddf7825bf9d9
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89637
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>

diff --git a/fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3 
b/fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3
new file mode 100644
index 000000000..39175f20c
Binary files /dev/null and 
b/fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3 differ
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index 1c9ac7e66..75106c162 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -974,7 +974,7 @@ bool ClientSession::filterMessage(const std::string& 
message) const
         }
         else if (tokens[0] == "uno")
         {
-            if (tokens[1] == ".uno:ExecuteSearch")
+            if (tokens.size() > 1 && tokens[1] == ".uno:ExecuteSearch")
             {
                 allowed = true;
             }
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to