[sw-issues] [Issue 111038] sw: crash/insane alloc on opening up .doc with broken header/footer off sets

Wed, 21 Apr 2010 03:21:36 -0700 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=111038
                 Issue #|111038
                 Summary|sw: crash/insane alloc on opening up .doc with broken 
                        |header/footer offsets
               Component|Word processor
                 Version|DEV300m76
                Platform|All
                     URL|
              OS/Version|Linux
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|PATCH
                Priority|P3
            Subcomponent|code
             Assigned to|hbrinkm
             Reported by|cmc





------- Additional comments from c...@openoffice.org Wed Apr 21 10:17:47 +0000 
2010 -------
I have a confidential .doc which causes OOo to make massive allocs which can
force OOo to crash and definitely hang open opening. Looking at it it has a
Plcfhdd of ...

                       00 00 00 00 03 00 00 00 06 00 00 00 | ................
    63f0 | 06 00 00 00 09 00 00 00 0c 00 00 00 18 00 00 00 | ................
    6400 | 18 00 00 00 1a 00 00 00 1a 00 00 00 40 00 00 00 | ............@...
    6410 | 42 00 00 00 44 00 00 00 44 00 00 00 44 00 00 00 | B...D...D...D...
    6420 | 44 00 00 00 44 00 00 00 44 00 00 00 44 00 00 00 | D...D...D...D...
    6430 | 44 00 00 00 44 00 00 00 44 00 00 00 44 00 00 00 | D...D...D...D...
    6440 | 44 00 00 00 44 00 00 00 44 00 00 00 44 00 00 00 | D...D...D...D...
    6450 | 44 00 00 00 44 00 00 00 44 00 00 00 44 00 00 00 | D...D...D...D...
    6460 | 80 96 00 00 14 00 00 00 14 00 00 00 00 00 5c 05 | ..............\.
    6470 | bc 00 00 00 04 00 00 00 07 00 00 00 04 00 00 00 | ................
    6480 | 04 00 00 00 04 00 00 00 04 00 00 00 0c 00 00 00 | ................
    6490 | 0f 00 00 00

and the problem is the rather wild CharacterPositions seen above, e.g. 0x055C00 
etc.

The .doc spec gives an out to allow us to reject these crazy ones, i.e. 

"Except for the last CP, each CP of Plcfhdd MUST be ... less than 
FibRgLw97.ccpHdd"

Attached is a patch to do the above and avoid the problem

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@sw.openoffice.org
For additional commands, e-mail: issues-h...@sw.openoffice.org


---------------------------------------------------------------------
To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org
For additional commands, e-mail: allbugs-h...@openoffice.org

Reply via email to