[gnumeric] xls: fuzzed file fix.

From: Morten Welinder <mortenw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnumeric] xls: fuzzed file fix.
Date: Mon, 1 Jun 2015 15:03:49 +0000 (UTC)

commit a1f4615dcb735c3952c7088d3520b82d973c8480
Author: Morten Welinder <terra gnome org>
Date:   Mon Jun 1 11:03:34 2015 -0400

    xls: fuzzed file fix.

 NEWS                    |    2 +-
 plugins/excel/ChangeLog |    2 ++
 plugins/excel/ms-obj.c  |    3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/NEWS b/NEWS
index ce647c8..ad0f583 100644
--- a/NEWS
+++ b/NEWS
@@ -18,7 +18,7 @@ Morten:
        * Fuzzed file fixes.  [#748595] [#748597] [#749031] [#749030]
          [#749069] [#748533] [#749118] [#749166] [#749181] [#749184]
          [#749236] [#749240] [#749234] [#749235] [#749271] [#749270]
-         [#749424] [#749917] [#749919] [#750043] [#750044]
+         [#749424] [#749917] [#749919] [#750043] [#750044] [#750046]
        * Make solver check linearity of model.
        * Fix xls saving of marker style.  [#749185]
        * Make compilation with clang work again.  [#749138]
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index adc2e0a..236f909 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,5 +1,7 @@
 2015-06-01  Morten Welinder  <terra gnome org>
 
+       * ms-obj.c (ms_read_TXO): Zero out markup earlier.  Fixes #750046.
+
        * ms-excel-read.c (excel_fill_bmp_header): Don't read beyond
        buffer.
        (excel_read_os2bmp): Check that image length makes sense.  Fixes
diff --git a/plugins/excel/ms-obj.c b/plugins/excel/ms-obj.c
index 70a4a32..f78cc0c 100644
--- a/plugins/excel/ms-obj.c
+++ b/plugins/excel/ms-obj.c
@@ -413,6 +413,8 @@ ms_read_TXO (BiffQuery *q, MSContainer *c, PangoAttrList **markup)
        GString *accum;
        gboolean continue_seen = FALSE;
 
+       *markup = NULL;
+
        XL_CHECK_CONDITION_VAL (q->length >= 14, g_strdup (""));
 
        options = GSF_LE_GET_GUINT16 (q->data);
@@ -422,7 +424,6 @@ ms_read_TXO (BiffQuery *q, MSContainer *c, PangoAttrList **markup)
        halign = (options >> 1) & 0x7;
        valign = (options >> 4) & 0x7;
 
-       *markup = NULL;
        if (text_len == 0)
                return NULL;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]