Summary: | Find and fix anti-patterns that result in use-after-free of strings | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Matthew Francis <fdbugs> |
Component: | Libreoffice | Assignee: | Matthew Francis <fdbugs> |
Status: | NEW --- | QA Contact: | |
Severity: | major | ||
Priority: | high | CC: | fdbugs, noelgrandin, tml |
Version: | 4.4.0.0.alpha0+ Master | ||
Hardware: | Other | ||
OS: | All | ||
Whiteboard: | target:4.4.0 | ||
i915 platform: | i915 features: | ||
Attachments: | Apparent bugs |
Description
Matthew Francis
2014-09-19 08:49:56 UTC
A git grep to find instances to verify looks like: git grep -P "\(\w+\s*\*\)\s*\(\w+\s*\*\)" And there are approx. 101 places to check Oops, copied wrong thing - this is the correct search pattern git grep -iP "OUStringToOString.*getStr\(" and there are 952 locations to check. But most of them can be eliminated with a second grep pass because they are calling the logging methods. Created attachment 106553 [details]
Apparent bugs
Although not a substitute for a clang plugin, a visual grep of the likely candidates revealed the attached
- including one comment on the basis that it's not nice to leave unexploded ordnance hanging around
- including several defines where a further search showed probable unsafe uses thereof (not listed separately)
Matthew J. Francis committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=764e3016b62665281539af4e990ca4ff0445c26c fdo#84086 Fix assorted use-after-free bugs The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.