https://bugs.freedesktop.org/show_bug.cgi?id=79137
Priority: medium
Bug ID: 79137
Assignee: libreoffice-bugs@lists.freedesktop.org
Summary: Crash in oox::vml::InputStream::updateBuffer
Severity: critical
Classification: Unclassified
OS: All
Reporter: nicolas.grego...@agarri.fr
Hardware: Other
Status: UNCONFIRMED
Version: 4.3.0.0.beta1
Component: Libreoffice
Product: LibreOffice
Created attachment 99659
--> https://bugs.freedesktop.org/attachment.cgi?id=99659&action=edit
Repro file
When opening a mutated DOCX file, an ASan build of LO 4.4.0.0 alpha0 will
crash:
Program received signal SIGSEGV, Segmentation fault.
0x00007fffb12597cd in oox::vml::InputStream::updateBuffer (this=<optimized
out>) at /home/moggi/devel/libo7/oox/source/vml/vmlinputstream.cxx:339
rax 0x0 0
rbx 0x7ffffffe7780 140737488254848
rcx 0x0 0
rdx 0x0 0
rsi 0x7ffffffe73c0 140737488253888
rdi 0x7ffffffe7480 140737488254080
rbp 0x7ffffffe7930 0x7ffffffe7930
rsp 0x7ffffffe7500 0x7ffffffe7500
0x00007fffb12597c5 <oox::vml::InputStream::updateBuffer()+901>: mov
0x1a0(%rsp),%rax
=> 0x00007fffb12597cd <oox::vml::InputStream::updateBuffer()+909>: mov
(%rax),%rcx
0x00007fffb12597d0 <oox::vml::InputStream::updateBuffer()+912>: add
$0x50,%rcx
Original OO file: Cast_Simulation.xlsx
Mutated OO file (repro file): crash-30730.docx
Modified XML file: xl/worksheets/_rels/sheet1.xml.rels
Modifications: attrribute "Target" of tag " "Relationship" was switched from
"../drawings/vmlDrawing1.vml" to "Abc123"
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
