46948 – PDF export crashes for document with unicode surrogate pair

Issue 46948 - PDF export crashes for document with unicode surrogate pair

Summary: PDF export crashes for document with unicode surrogate pair

Status:	CLOSED FIXED

Alias:	None

Product:	gsl
Classification:	Code
Component:	code (show other issues)
Version:	OOo 2.0
Hardware:	All Windows XP

Importance:	P3 Trivial (vote)
Target Milestone:	OOo 2.0.1
Assignee:	hdu@apache.org
QA Contact:	issues@gsl

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-04-07 14:36 UTC by hdu@apache.org
Modified:	2005-10-19 15:09 UTC (History)
CC List:	2 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description hdu@apache.org 2005-04-07 14:36:17 UTC

Reproduction:
- install the latest Doulos font from http://scripts.sil.org/DoulosSILfont
- load the first sample document from issue 45983
- export this as PDF
=> OOo crashes in MultiSalLayout::GetNextGlyphs()

Comment 1 hdu@apache.org 2005-04-07 14:39:00 UTC

Found in SRC680m91 wntmsci10.pro.

Comment 2 hdu@apache.org 2005-05-17 14:23:09 UTC

Found it: An integer overflow resulted in a negative index value and accessing
of the value there causes the crash. The fix gets into CWS vcl39.

Comment 3 hdu@apache.org 2005-05-19 11:19:53 UTC

Also the fallback levels was allowed too deep because only one half of the
surrogate pair was recognized as unresolved.

Comment 4 hdu@apache.org 2005-06-15 11:18:52 UTC

HDU->US: please verify that the crash is fixed in CWS vcl39.

re-open issue and reassign to us@openoffice.org

Comment 5 hdu@apache.org 2005-06-15 11:18:55 UTC

reassign to us@openoffice.org

Comment 6 hdu@apache.org 2005-06-15 11:18:59 UTC

reset resolution to FIXED

Comment 7 ulf.stroehler 2005-08-25 16:52:53 UTC

US->HI: could you pls. verify this one on WinXP.
Looks good on Un*x. 
Thanks.

re-open issue and reassign to hi@openoffice.org

Comment 8 ulf.stroehler 2005-08-25 16:52:58 UTC

reassign to hi@openoffice.org

Comment 9 ulf.stroehler 2005-08-25 16:53:03 UTC

reset resolution to FIXED

Comment 10 h.ilter 2005-09-12 09:47:39 UTC

Verified with vcl39 = No crash -> OK

Comment 11 h.ilter 2005-10-11 13:48:57 UTC

Verified with 680m133_8966 = broken

Comment 12 h.ilter 2005-10-11 13:50:58 UTC

Back to HDU

Comment 13 hdu@apache.org 2005-10-18 15:53:06 UTC

With the increased number of existing GF alternatives the overflow is now
triggered after more fallback levels...

Comment 14 h.ilter 2005-10-19 15:07:46 UTC

I did an wrong comment on Tue Oct 11 05

Comment 15 h.ilter 2005-10-19 15:09:00 UTC

The pdf export still not crash with master 680m134_8969