Bug 1643752
Summary: | [fix available] There is a illegal address access at function WP6ContentListener::defineTable in software libwpd. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | shuitao gan <ganshuitao> | ||||
Component: | libwpd | Assignee: | Caolan McNamara <caolanm> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Desktop QE <desktop-qa-list> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.7-Alt | ||||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1644276 (view as bug list) | Environment: | |||||
Last Closed: | 2018-11-16 15:45:17 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1644276 | ||||||
Attachments: |
|
I have a fix for this libwpd-0.10.2-4.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. libwpd-0.10.2-4.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. *** This bug has been marked as a duplicate of bug 1650535 *** |
Created attachment 1498271 [details] Trigger by "./wpd2html POC0" version: 0.10.2 Summary: There is a illegal address access at function WP6ContentListener::defineTable in software libwpd. Description: The asan debug is as follows: $./wpd2html POC0 ================================================================= ==59723==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000518308 sp 0x7ffc1b342aa0 bp 0x7ffc1b343170 T0) ==59723==WARNING: Trying to symbolize code, but external symbolizer is not initialized! #0 0x518307 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x518307) #1 0x503b89 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x503b89) #2 0x5341f6 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x5341f6) #3 0x54a0d5 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x54a0d5) #4 0x51dbdf (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x51dbdf) #5 0x55e43e (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x55e43e) #6 0x55b783 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x55b783) #7 0x558713 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x558713) #8 0x51f166 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x51f166) #9 0x553791 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x553791) #10 0x50b0b4 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x50b0b4) #11 0x53406e (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x53406e) #12 0x5355d9 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x5355d9) #13 0x54e7be (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x54e7be) #14 0x47deaa (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x47deaa) #15 0x7fc17ee57a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #16 0x47d558 (/home/company/real_sanitize/poc_check/wpd/wpd2html_w+0x47d558) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ??:0 ?? ==59723==ABORTING $./wpd2html POC0 Segmentation fault The GDB debugging information is as follow (gdb) set args POC0 (gdb) r Program received signal SIGSEGV, Segmentation fault. std::unique_ptr<WP6ContentParsingState, std::default_delete<WP6ContentParsingState> >::operator-> (this=<optimized out>) at ./WPXTable.h:89 89 return (*m_tableList)[i]; (gdb) bt #0 std::unique_ptr<WP6ContentParsingState, std::default_delete<WP6ContentParsingState> >::operator-> (this=<optimized out>) at ./WPXTable.h:89 #1 WP6ContentListener::defineTable (this=0x7fffffffda40, position=<optimized out>, leftOffset=21333) at WP6ContentListener.cpp:1314 #2 0x00007ffff7b859ec in WP6Parser::parseDocument (input=0x615f50, encryption= 0x0, listener=0x7fffffffda40) at WP6Parser.cpp:149 #3 0x00007ffff7b80762 in WP6ContentListener::_handleSubDocument ( this=0x7fffffffda40, subDocument=0x615f30, subDocumentType=WPX_SUBDOCUMENT_HEADER_FOOTER, tableList=..., nextTableIndice=<optimized out>) at WP6ContentListener.cpp:1783 #4 0x00007ffff7b8d71c in WPXContentListener::handleSubDocument ( this=0x7fffffffda50, subDocument=0x615f30, subDocumentType=WPX_SUBDOCUMENT_HEADER_FOOTER, tableList=..., nextTableIndice=0) at WPXContentListener.cpp:1226 #5 0x00007ffff7b8cfbe in WPXContentListener::_openPageSpan ( this=0x7fffffffda50) at WPXContentListener.cpp:415 #6 0x00007ffff7b8c7ed in WPXContentListener::_openSection ( this=0x7fffffffda50) at WPXContentListener.cpp:198 #7 0x00007ffff7b80a7b in WP6ContentListener::_handleListChange ( this=0x7fffffffda40) at WP6ContentListener.cpp:1888 #8 0x00007ffff7b8bea9 in WPXContentListener::_openSpan (this=0x7fffffffda50) at WPXContentListener.cpp:797 #9 0x00007ffff7b7dbb5 in WP6ContentListener::insertCharacter ( ---Type <return> to continue, or q <return> to quit--- this=0x7fffffffda40, character=<optimized out>) at WP6ContentListener.cpp:423 #10 0x00007ffff7b85a3f in WP6Parser::parseDocument (input=<optimized out>, encryption=<optimized out>, listener=<optimized out>) at WP6Parser.cpp:138 #11 0x00007ffff7b85dd6 in WP6Parser::parse (this=<optimized out>, input=<optimized out>, encryption=<optimized out>, this=<optimized out>, input=<optimized out>, encryption=<optimized out>, listener=<optimized out>) at WP6Parser.cpp:79 #12 WP6Parser::parse (this=<optimized out>, documentInterface=<optimized out>) at WP6Parser.cpp:225 #13 0x00007ffff7b8b449 in libwpd::WPDocument::parse (input=<optimized out>, textInterface=0x0, password=<optimized out>) at WPDocument.cpp:336 #14 0x0000000000401032 in main (argc=<optimized out>, argv=<optimized out>) at wpd2html.cpp:116