diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2019-10-22 11:30:39 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2019-10-22 14:21:29 +0200 |
| commit | 6fff5e07f63213b711d5ddd25e47e9593e306643 (patch) | |
| tree | e8ad5d995e83e28e73b0cb17041830606d46063f | |
| parent | 7fb43031b7eec663768f5a4e78e60da86379df41 (diff) | |
external/redland: Avoid UBSan nullptr-with-nonzero-offset
...(new with Clang 10 trunk), as seen during CppunitTest_sw_ooxmlexport:
> raptor_rfc2396.c:389:23: runtime error: applying non-zero offset 2 to null pointer
> #0 in raptor_uri_normalize_path at workdir/UnpackedTarball/raptor/src/raptor_rfc2396.c:389:23
> #1 in raptor_uri_resolve_uri_reference at workdir/UnpackedTarball/raptor/src/raptor_rfc2396.c:617:21
> #2 in raptor_new_uri_relative_to_base_counted at workdir/UnpackedTarball/raptor/src/raptor_uri.c:293:19
> #3 in raptor_new_uri_relative_to_base at workdir/UnpackedTarball/raptor/src/raptor_uri.c:319:10
> #4 in raptor_rdfxml_end_element_grammar at workdir/UnpackedTarball/raptor/src/raptor_rdfxml.c:2613:32
> #5 in raptor_rdfxml_end_element_handler at workdir/UnpackedTarball/raptor/src/raptor_rdfxml.c:850:5
> #6 in raptor_sax2_end_element at workdir/UnpackedTarball/raptor/src/raptor_sax2.c:867:7
> #7 in xmlParseTryOrFinish at workdir/UnpackedTarball/libxml2/parser.c:11386:8
> #8 in xmlParseChunk__internal_alias at workdir/UnpackedTarball/libxml2/parser.c:12244:13
> #9 in raptor_sax2_parse_chunk at workdir/UnpackedTarball/raptor/src/raptor_sax2.c:534:10
> #10 in raptor_rdfxml_parse_chunk at workdir/UnpackedTarball/raptor/src/raptor_rdfxml.c:1169:8
> #11 in raptor_parser_parse_chunk at workdir/UnpackedTarball/raptor/src/raptor_parse.c:482:10
> #12 in librdf_parser_raptor_parse_as_stream_common at <null> (instdir/program/librdf-lo.so.0 +0x11ee39)
> #13 in librdf_parser_raptor_parse_counted_string_as_stream at <null> (instdir/program/librdf-lo.so.0 +0x117ca4)
> #14 in librdf_parser_parse_counted_string_as_stream at <null> (instdir/program/librdf-lo.so.0 +0x111967)
> #15 in (anonymous namespace)::librdf_Repository::importGraph(short, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, com::sun::star::uno::Reference<com::sun::star::rdf::XURI> const&, com::sun::star::uno::Reference<com::sun::star::rdf::XURI> const&) at unoxml/source/rdf/librdf_repository.cxx:1048:9
> #17 in sfx2::readStream(sfx2::DocumentMetadataAccess_Impl&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, rtl::OUString const&, rtl::OUString const&) at sfx2/source/doc/DocumentMetadataAccess.cxx:606:36
> #18 in sfx2::initLoading(sfx2::DocumentMetadataAccess_Impl&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::rdf::XURI> const&, com::sun::star::uno::Reference<com::sun::star::task::XInteractionHandler> const&) at sfx2/source/doc/DocumentMetadataAccess.cxx:763:9
> #19 in sfx2::DocumentMetadataAccess::loadMetadataFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::rdf::XURI> const&, com::sun::star::uno::Reference<com::sun::star::task::XInteractionHandler> const&) at sfx2/source/doc/DocumentMetadataAccess.cxx:1126:5
> #20 in SfxBaseModel::loadMetadataFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::rdf::XURI> const&, com::sun::star::uno::Reference<com::sun::star::task::XInteractionHandler> const&) at sfx2/source/doc/sfxbasemodel.cxx:4411:15
> #21 in XMLReader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) at sw/source/filter/xml/swxml.cxx:810:19
> #22 in SwReader::Read(Reader const&) at sw/source/filter/basflt/shellio.cxx:188:22
> #23 in SwDocShell::Load(SfxMedium&) at sw/source/uibase/app/docshini.cxx:546:37
> #24 in SfxObjectShell::LoadOwnFormat(SfxMedium&) at sfx2/source/doc/objstor.cxx:3040:20
> #25 in SfxObjectShell::DoLoad(SfxMedium*) at sfx2/source/doc/objstor.cxx:696:40
> #26 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at sfx2/source/doc/sfxbasemodel.cxx:1851:36
> #27 in (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/frmload.cxx:691:28
> #28 in framework::LoadEnv::impl_loadContent() at framework/source/loadenv/loadenv.cxx:1157:37
> #29 in framework::LoadEnv::startLoading() at framework/source/loadenv/loadenv.cxx:390:20
> #30 in framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader> const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/loadenv/loadenv.cxx:171:14
> #31 in framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx:621:12
> #32 in non-virtual thunk to framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx
> #33 in unotest::MacrosTest::loadFromDesktop(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at unotest/source/cpp/macros_test.cxx:48:62
> #34 in SwModelTestBase::loadURL(rtl::OUString const&, char const*, char const*) at sw/qa/extras/inc/swmodeltestbase.hxx:765:23
> #35 in SwModelTestBase::load(rtl::OUString const&, char const*, char const*) at sw/qa/extras/inc/swmodeltestbase.hxx:720:16
> #36 in SwModelTestBase::executeImportExportImportTest(char const*, char const*) at sw/qa/extras/inc/swmodeltestbase.hxx:290:9
> #37 in testTdf118393::Import_Export_Import() at sw/qa/extras/ooxmlexport/ooxmlexport.cxx:84:1
Presumably, `cur` can legitimately be null there and the `s == (cur+2)` check
was intended to always be false when `cur` is null?
Change-Id: I0e3b762d5868933e586eb8f2255148f88a54e908
Reviewed-on: https://gerrit.libreoffice.org/81318
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
| -rw-r--r-- | external/redland/raptor/ubsan.patch | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/external/redland/raptor/ubsan.patch b/external/redland/raptor/ubsan.patch index 4be6e6a0e6b0..641d60bb7b49 100644 --- a/external/redland/raptor/ubsan.patch +++ b/external/redland/raptor/ubsan.patch @@ -1,3 +1,14 @@ +--- src/raptor_rfc2396.c ++++ src/raptor_rfc2396.c +@@ -386,7 +386,7 @@ + } + + +- if(prev && s == (cur+2) && cur[0] == '.' && cur[1] == '.') { ++ if(prev && cur && s == (cur+2) && cur[0] == '.' && cur[1] == '.') { + /* Remove <component>/.. at the end of the path */ + *prev = '\0'; + path_len -= (s-prev); --- src/raptor_uri.c +++ src/raptor_uri.c @@ -1336,9 +1336,9 @@ |