[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-4-0' - common/Protocol.cpp fuzzer/data
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Thu Mar 12 07:53:52 UTC 2020
common/Protocol.cpp | 15 +++++++++----
fuzzer/data/crash-060b81ab7163c0546b2c11459f19719af22d7390 |binary
2 files changed, 11 insertions(+), 4 deletions(-)
New commits:
commit f94c6b7fb19a5b57fc81e4469835703448891fb5
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Fri Feb 21 15:36:28 2020 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Thu Mar 12 08:53:34 2020 +0100
common: fix crash when the version string contains no dot character
==13901==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000904678 bp 0x7ffdb9e21580 sp 0x7ffdb9e21340 T0)
==13901==The signal is caused by a READ memory access.
==13901==Hint: address points to the zero page.
#0 0x904677 in LOOLProtocol::tokenize[abi:cxx11](char const*, unsigned long, char) common/Protocol.hpp:113:40
#1 0x898c52 in LOOLProtocol::tokenize(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, char) common/Protocol.hpp:141:16
#2 0x18dc2d9 in LOOLProtocol::ParseVersion(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) common/Protocol.cpp:35:51
#3 0x1148824 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:358:64
#4 0x18efcb8 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:232:13
Next commit will add the actual simple fuzzer that found this.
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89225
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
(cherry picked from commit 8d2a8da960828d16502927f80ad76fabf502df6d)
Conflicts:
common/Protocol.cpp
Change-Id: I8623b4451a57390f6f84c11084c5a1120a11fcc5
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89545
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Andras Timar <andras.timar at collabora.com>
diff --git a/common/Protocol.cpp b/common/Protocol.cpp
index 9aa4a230a..354914748 100644
--- a/common/Protocol.cpp
+++ b/common/Protocol.cpp
@@ -36,11 +36,18 @@ namespace LOOLProtocol
{
major = std::stoi(firstTokens[0]);
- StringTokenizer secondTokens(firstTokens[1], "-", StringTokenizer::TOK_IGNORE_EMPTY | StringTokenizer::TOK_TRIM);
- minor = std::stoi(secondTokens[0]);
+ std::unique_ptr<StringTokenizer> secondTokens;
+ if (firstTokens.count() > 1)
+ {
+ secondTokens.reset(new StringTokenizer(firstTokens[1], "-", StringTokenizer::TOK_IGNORE_EMPTY | StringTokenizer::TOK_TRIM));
+ }
+ if (secondTokens && secondTokens->count() > 0)
+ {
+ minor = std::stoi((*secondTokens)[0]);
+ }
- if (secondTokens.count() > 1)
- patch = secondTokens[1];
+ if (secondTokens && secondTokens->count() > 1)
+ patch = (*secondTokens)[1];
}
return std::make_tuple(major, minor, patch);
}
diff --git a/fuzzer/data/crash-060b81ab7163c0546b2c11459f19719af22d7390 b/fuzzer/data/crash-060b81ab7163c0546b2c11459f19719af22d7390
new file mode 100644
index 000000000..7f94fa866
Binary files /dev/null and b/fuzzer/data/crash-060b81ab7163c0546b2c11459f19719af22d7390 differ
More information about the Libreoffice-commits
mailing list