gnumeric r16334 - in trunk: . plugins/excel

[mortenw svn gnome org]

Author: mortenw
Date: Sat Feb  2 02:40:57 2008
New Revision: 16334
URL: http://svn.gnome.org/viewvc/gnumeric?rev=16334&view=rev

Log:
2008-02-01  Morten Welinder  <terra gnome org>

	* ms-excel-read.c (excel_read_NAME): Properly check record length.
	Fixes #513608.
	(excel_read_FORMAT): Ditto.  Fixes #513608.
	(excel_read_ROW): Ditto.  Fixes #513787.

	* ms-chart.c (BC_R): Ditto.  Fixes #513790.



Modified:
   trunk/NEWS
   trunk/plugins/excel/ChangeLog
   trunk/plugins/excel/ms-chart.c
   trunk/plugins/excel/ms-excel-read.c

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS	(original)
+++ trunk/NEWS	Sat Feb  2 02:40:57 2008
@@ -17,7 +17,8 @@
 	* Fix loading of solver constraints.
 	* Fix solver issue.  [#512500]
 	* Fix corrupted-xls-file problems.  [#512984] [#513005] [#513313]
-	  [#513317] [#513361] [#513364] [#513551] [#513605] [#513608]
+	  [#513317] [#513361] [#513364] [#513551] [#513605] [#513608] [#513790]
+	  [#513787]
 	* Fix non-ascii export problem.  [#511135]
 	* Band-aid evaluation problem with broken xls.  [#513559]
 	* Fix circular array formula problem.

Modified: trunk/plugins/excel/ms-chart.c
==============================================================================
--- trunk/plugins/excel/ms-chart.c	(original)
+++ trunk/plugins/excel/ms-chart.c	Sat Feb  2 02:40:57 2008
@@ -1191,9 +1191,13 @@
 	guint8 const spacing = GSF_LE_GET_GUINT8  (q->data+17);
 	guint16 const flags = GSF_LE_GET_GUINT16  (q->data+18);
 #endif
-	guint16 const XL_pos = GSF_LE_GET_GUINT8 (q->data+16);
+	guint16 XL_pos;
 	GogObjectPosition pos;
 
+	XL_CHECK_CONDITION_VAL (q->length >= 17, FALSE);
+
+	XL_pos = GSF_LE_GET_GUINT8 (q->data+16);
+
 	switch (XL_pos) {
 	case 0: pos = GOG_POSITION_S | GOG_POSITION_ALIGN_CENTER; break;
 	case 1: pos = GOG_POSITION_N | GOG_POSITION_E; break;

Modified: trunk/plugins/excel/ms-excel-read.c
==============================================================================
--- trunk/plugins/excel/ms-excel-read.c	(original)
+++ trunk/plugins/excel/ms-excel-read.c	Sat Feb  2 02:40:57 2008
@@ -3565,23 +3565,28 @@
 static void
 excel_read_ROW (BiffQuery *q, ExcelReadSheet *esheet)
 {
-	guint16 const row = GSF_LE_GET_GUINT16 (q->data);
+	guint16 row, height;
+	guint16 flags = 0;
+	guint16 flags2 = 0;
+	guint16 xf;
+	gboolean is_std_height;
+
+	XL_CHECK_CONDITION (q->length >= (q->opcode == BIFF_ROW_v2 ? 16 : 8));
+
+	row = GSF_LE_GET_GUINT16 (q->data);
 #if 0
 	/* Unnecessary info for now.
-	 * do we want to preallocate baed on this info?
+	 * do we want to preallocate based on this info?
 	 */
 	guint16 const start_col = GSF_LE_GET_GUINT16 (q->data + 2);
 	guint16 const end_col = GSF_LE_GET_GUINT16 (q->data + 4) - 1;
 #endif
-	guint16 const height = GSF_LE_GET_GUINT16 (q->data + 6);
-	guint16 flags = 0;
-	guint16 flags2 = 0;
-	guint16 xf;
+	height = GSF_LE_GET_GUINT16 (q->data + 6);
 
 	/* If the bit is on it indicates that the row is of 'standard' height.
 	 * However the remaining bits still include the size.
 	 */
-	gboolean const is_std_height = (height & 0x8000) != 0;
+	is_std_height = (height & 0x8000) != 0;
 
 	if (q->opcode == BIFF_ROW_v2) {
 		flags = GSF_LE_GET_GUINT16 (q->data + 12);