[Libreoffice-commits] core.git: vcl/inc

Stephan Bergmann (via logerrit) logerrit at kemper.freedesktop.org
Mon May 4 09:55:13 UTC 2020


 vcl/inc/graphic/DetectorTools.hxx |    2 --
 1 file changed, 2 deletions(-)

New commits:
commit a05ad2aab70de111aa52d856c1f2c1c94313129b
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Mon May 4 11:10:25 2020 +0200
Commit:     Stephan Bergmann <sbergman at redhat.com>
CommitDate: Mon May 4 11:54:16 2020 +0200

    Remove what looks like debug printf
    
    ...left over presumably accidentally by bb459008de9d410e6e7ea982ce30aa22f70ae849
    "vcl: add DetectorTools + tests, refactor array string matching", but which
    causes heap-buffer-overflow during CppunitTest_vcl_filters_test when printing an
    apparently not null-terminated string, see
    <https://ci.libreoffice.org/job/lo_ubsan/1614/>:
    
    > ==12896==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d0000e5480 at pc 0x000000454f7f bp 0x7fffaff10200 sp 0x7fffaff0f9b0
    > READ of size 2049 at 0x61d0000e5480 thread T0
    >     #0 0x454f7e in printf_common(void*, char const*, __va_list_tag*) /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:547
    >     #1 0x45568b in vprintf /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1631
    >     #2 0x45575e in printf /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1689
    >     #3 0x2b0e63a119ca in vcl::checkArrayForMatchingStrings(char const*, int, std::__debug::vector<rtl::OString, std::allocator<rtl::OString> > const&) /vcl/inc/graphic/DetectorTools.hxx:57:9
    >     #4 0x2b0e63a1ad0a in vcl::GraphicFormatDetector::checkXBM() /vcl/source/filter/GraphicFormatDetector.cxx:426:9
    [...]
    > 0x61d0000e5480 is located 0 bytes to the right of 2048-byte region [0x61d0000e4c80,0x61d0000e5480)
    > allocated by thread T0 here:
    >     #0 0x4f5648 in operator new[](unsigned long) /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_new_delete.cc:108
    >     #1 0x2b0e63a1a839 in vcl::GraphicFormatDetector::checkXBM() /vcl/source/filter/GraphicFormatDetector.cxx:419:42
    >     #2 0x2b0e639685b8 in ImpPeekGraphicFormat(SvStream&, rtl::OUString&, bool) /vcl/source/filter/graphicfilter.cxx:394:23
    >     #3 0x2b0e639693b0 in GraphicFilter::ImpTestOrFindFormat(rtl::OUString const&, SvStream&, unsigned short&) /vcl/source/filter/graphicfilter.cxx:455:13
    >     #4 0x2b0e63970153 in GraphicFilter::ImportGraphic(Graphic&, rtl::OUString const&, SvStream&, unsigned short, unsigned short*, GraphicFilterImportFlags, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const*, WmfExternal const*) /vcl/source/filter/graphicfilter.cxx:1437:19
    
    Change-Id: I8d88a417083c14e4f1a9a78f9e1354390283d83c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93403
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>

diff --git a/vcl/inc/graphic/DetectorTools.hxx b/vcl/inc/graphic/DetectorTools.hxx
index b9163de135d9..3847457fcfd8 100644
--- a/vcl/inc/graphic/DetectorTools.hxx
+++ b/vcl/inc/graphic/DetectorTools.hxx
@@ -50,11 +50,9 @@ bool checkArrayForMatchingStrings(const char* pSource, sal_Int32 nSourceSize,
     for (OString const& rString : rStrings)
     {
         sal_Int32 nCurrentSize = nSourceSize - sal_Int32(pCurrent - pBegin);
-        printf("Current size %d -> %d\n", nCurrentSize, nSourceSize);
         pCurrent = matchArray(pCurrent, nCurrentSize, rString.getStr(), rString.getLength());
         if (pCurrent == nullptr)
             return false;
-        printf("%s\n", pCurrent);
     }
     return true;
 }


More information about the Libreoffice-commits mailing list