Bug#766788: libreoffice-writer: Crashes with "stack smashing detected"

[Rene Engelhard <rene@debian.org>]

found 766788 1:4.3.3~rc2~git20141011-1
severity 766788 normal
thanks

Hi,

On Sat, Oct 25, 2014 at 09:00:37PM +0200, Michal Sojka wrote:
> LibreOffice Writer crashes after performing the following steps:
> 
> 1. Start lowriter (when started from terminal, an error message can be
>    seen, otherwise the crash is "silent").
> 2. Press '[' and keep it pressed for several seconds.
> 3. After about one and half line is filled with '[', lowriter crashes.

And that is important? In what way? Why would anyone do something like
that in a document?

> I can reproduce this in both unstable and testing
> (1:4.3.3~rc2~git20141011-1). I cannot reproduce this in the version

And why are you then not marking it as such?

> from libreoffice.org (LibreOffice_4.3.2_Linux_x86-64_deb.tar.gz).

And with 4.3.3 rc1? (Or rc2 which would be in the next days)
You right now compare a 4.3.2 with a -between-4.3.3-rc1-and-rc2
or 4.3.3 rc2 ;)

> After the crash the following information appears on the terminal:
> 
> *** stack smashing detected ***: /usr/lib/libreoffice/program/soffice.bin terminated
> ======= Backtrace: =========
> /lib/x86_64-linux-gnu/libc.so.6(+0x72faf)[0x7fdd44a1ffaf]
> /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fdd44aa30a7]
> /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7fdd44aa3070]

But given it runs into the fortify functions it probably won't appear
in 4.3.3 rc1 upstream until it's a real crash also there; upstream doesn't
use those hardening flags.

Regards,

Rene