[Libreoffice-commits] online.git: fuzzer/admin-data wsd/Admin.cpp wsd/AdminModel.cpp

Miklos Vajna (via logerrit) logerrit at kemper.freedesktop.org
Mon Apr 20 09:18:23 UTC 2020 

 fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c |binary
 wsd/Admin.cpp                                                    |    2 +-
 wsd/AdminModel.cpp                                               |    5 +++++
 3 files changed, 6 insertions(+), 1 deletion(-)

New commits:
commit 72cfcf7f3e306e1ce1808d66c063b887c738fc9b
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Mon Apr 20 10:26:44 2020 +0200
Commit:     Miklos Vajna <vmiklos at collabora.com>
CommitDate: Mon Apr 20 11:18:05 2020 +0200

    admin_fuzzer: fix too large param to cpu_stats_size setter
    
    Don't pop an empty container, also use stol() so it does not throw
    std::out_of_range.
    
    Change-Id: Id81cb00ccfb0ecc234b8f6fa89edf5a0d8c6d353
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92524
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Miklos Vajna <vmiklos at collabora.com>

diff --git a/fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c b/fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c
new file mode 100644
index 000000000..b2aad8d84
Binary files /dev/null and b/fuzzer/admin-data/crash-00efc256446b2866e6fdec23e04dc28fcc3b1e6c differ
diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp
index 27dc596b9..fccf8dd4f 100644
--- a/wsd/Admin.cpp
+++ b/wsd/Admin.cpp
@@ -238,7 +238,7 @@ void AdminSocketHandler::handleMessage(const std::vector<char> &payload)
             }
             else if (settingName == "cpu_stats_size")
             {
-                if (settingVal != std::stoi(model.query(settingName)))
+                if (settingVal != std::stol(model.query(settingName)))
                 {
                     model.setCpuStatsSize(settingVal);
                 }
diff --git a/wsd/AdminModel.cpp b/wsd/AdminModel.cpp
index f19d6e367..3caff4bb5 100644
--- a/wsd/AdminModel.cpp
+++ b/wsd/AdminModel.cpp
@@ -401,6 +401,11 @@ void AdminModel::setCpuStatsSize(unsigned size)
     int wasteValuesLen = _cpuStats.size() - size;
     while (wasteValuesLen-- > 0)
     {
+        if (_cpuStats.empty())
+        {
+            break;
+        }
+
         _cpuStats.pop_front();
     }
     _cpuStatsSize = size;

More information about the Libreoffice-commits mailing list