From 6b1071b6096f65de1244f8f3994366bb9cd0ff09 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Caol=C3=A1n=20McNamara?= Date: Wed, 23 Mar 2022 16:49:03 +0000 Subject: [PATCH] forcepoint#83 Invalid read of size 1 Change-Id: I1576dfd8c9731d943107764aeb66bb1c2294ad5f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131996 Tested-by: Jenkins Reviewed-by: Michael Stahl --- external/liborcus/UnpackedTarball_liborcus.mk | 5 ++-- external/liborcus/forcepoint-83.patch.1 | 38 +++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 external/liborcus/forcepoint-83.patch.1 diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index 87e462e33d91..a87da7edb88d 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -15,8 +15,8 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,liborcus,1)) $(eval $(call gb_UnpackedTarball_update_autoconf_configs,liborcus)) -# crashtesting-crash-on-passing-null-to-std-string_vie.patch.1 submitted as -# https://gitlab.com/orcus/orcus/-/merge_requests/113 +# forcepoint-83.patch.1 submitted as +# https://gitlab.com/orcus/orcus/-/merge_requests/117 $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/rpath.patch.0 \ @@ -25,6 +25,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/fix-pch.patch.0 \ external/liborcus/liborcus_newline.patch.1 \ external/liborcus/std-get-busted.patch.1 \ + external/liborcus/forcepoint-83.patch.1 \ )) ifeq ($(OS),WNT) diff --git a/external/liborcus/forcepoint-83.patch.1 b/external/liborcus/forcepoint-83.patch.1 new file mode 100644 index 000000000000..bfd3bb86fcf9 --- /dev/null +++ b/external/liborcus/forcepoint-83.patch.1 @@ -0,0 +1,38 @@ +From 283b45ba3bcb22dc28303a09a96c9b94f86d1ba2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Wed, 23 Mar 2022 16:44:00 +0000 +Subject: [PATCH] forcepoint#83 Invalid read of size 1 + +==343916== Invalid read of size 1 +==343916== at 0x11A7B2F0: orcus::parser_base::cur_char() const (parser_base.hpp:79) +==343916== by 0x11B7B112: orcus::sax_parser::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::element_open(long) (sax_parser.hpp:258) +==343916== by 0x11B7A2C7: orcus::sax_parser::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::element() (sax_parser.hpp:246) +==343916== by 0x11B7A197: orcus::sax_parser::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::body() (sax_parser.hpp:214) +==343916== by 0x11B79FD9: orcus::sax_parser::handler_wrapper>::handler_wrapper, orcus::sax_parser_default_config>::parse() (sax_parser.hpp:182) +==343916== by 0x11B79F8B: orcus::sax_ns_parser::handler_wrapper>::parse() (sax_ns_parser.hpp:277) +==343916== by 0x11B79768: orcus::sax_token_parser::parse() (sax_token_parser.hpp:215) +==343916== by 0x11B79406: orcus::xml_stream_parser::parse() (xml_stream_parser.cpp:68) +==343916== by 0x11BE3805: orcus::orcus_xlsx::detect(unsigned char const*, unsigned long) (orcus_xlsx.cpp:188) +==343916== by 0x11AB2482: orcus::detect(unsigned char const*, unsigned long) (format_detection.cpp:60) +==343916== by 0x30E60945: (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence&) (filterdetect.cxx:83) +==343916== by 0x30E60ABE: non-virtual thunk to (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence&) (filterdetect.cxx:0) +--- + include/orcus/sax_parser.hpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/orcus/sax_parser.hpp b/include/orcus/sax_parser.hpp +index 15e8d917..d0fc45b5 100644 +--- a/include/orcus/sax_parser.hpp ++++ b/include/orcus/sax_parser.hpp +@@ -255,6 +255,8 @@ void sax_parser<_Handler,_Config>::element_open(std::ptrdiff_t begin_pos) + while (true) + { + skip_space_and_control(); ++ if (!has_char()) ++ return; + char c = cur_char(); + if (c == '/') + { +-- +2.35.1 + -- 2.11.4.GIT