gnumeric r16360 - in branches/gnumeric-1-8: . plugins/excel

From: mortenw svn gnome org
To: svn-commits-list gnome org
Subject: gnumeric r16360 - in branches/gnumeric-1-8: . plugins/excel
Date: Fri, 8 Feb 2008 14:25:42 +0000 (GMT)

Author: mortenw
Date: Fri Feb  8 14:25:42 2008
New Revision: 16360
URL: http://svn.gnome.org/viewvc/gnumeric?rev=16360&view=rev

Log:
2008-02-08  Morten Welinder  <terra gnome org>

	* ms-excel-read.c (excel_read_SUPBOOK): Add length checks.  Fixes
	#515155.



Modified:
   branches/gnumeric-1-8/NEWS
   branches/gnumeric-1-8/plugins/excel/ChangeLog
   branches/gnumeric-1-8/plugins/excel/ms-excel-read.c

Modified: branches/gnumeric-1-8/NEWS
==============================================================================
--- branches/gnumeric-1-8/NEWS	(original)
+++ branches/gnumeric-1-8/NEWS	Fri Feb  8 14:25:42 2008
@@ -9,7 +9,7 @@
 	* Fix corrupted-xls-file problems.  [#512984] [#513005] [#513313]
 	  [#513317] [#513361] [#513364] [#513551] [#513605] [#513608] [#513790]
 	  [#513787] [#513835] [#513963] [#514229] [#514230] [#514295] [#514435]
-	  [#514436] [#514437] [#514506] [#514510] [#514630] [#514637]
+	  [#514436] [#514437] [#514506] [#514510] [#514630] [#514637] [#515155]
 	* Fix non-ascii export problem.  [#511135]
 	* Band-aid evaluation problem with broken xls.  [#513559]
 	* Fix circular array formula problem.

Modified: branches/gnumeric-1-8/plugins/excel/ms-excel-read.c
==============================================================================
--- branches/gnumeric-1-8/plugins/excel/ms-excel-read.c	(original)
+++ branches/gnumeric-1-8/plugins/excel/ms-excel-read.c	Fri Feb  8 14:25:42 2008
@@ -6313,8 +6313,7 @@
 static void
 excel_read_SUPBOOK (BiffQuery *q, GnmXLImporter *importer)
 {
-	unsigned const numTabs = GSF_LE_GET_GUINT16 (q->data);
-	unsigned len = GSF_LE_GET_GUINT16 (q->data + 2);
+	unsigned numTabs, len;
 	unsigned i;
 	guint32 byte_length;
 	gboolean is_2byte = FALSE;
@@ -6322,6 +6321,10 @@
 	guint8 encodeType, *data;
 	ExcelSupBook *new_supbook;
 
+	XL_CHECK_CONDITION (q->length >= 4);
+	numTabs = GSF_LE_GET_GUINT16 (q->data);
+	len = GSF_LE_GET_GUINT16 (q->data + 2);
+
 	d (2, fprintf (stderr,"supbook %d has %d\n", importer->v8.supbook->len, numTabs););
 
 	i = importer->v8.supbook->len;
@@ -6345,6 +6348,7 @@
 
 	new_supbook->type = EXCEL_SUP_BOOK_STD;
 
+	XL_CHECK_CONDITION (q->length >= 6);
 	switch (GSF_LE_GET_GUINT8 (q->data + 4)) {
 	case 0 : break; /* 1 byte locale compressed unicode for book name */
 	case 1 : len *= 2; is_2byte = TRUE; break;	/* 2 byte unicode */
@@ -6354,7 +6358,8 @@
 		 return;
 	}
 
-	XL_CHECK_CONDITION (len < q->length);
+	/* 5??? */
+	XL_CHECK_CONDITION (len + 5 < q->length);
 
 #warning create a workbook and sheets when we have a facility for merging things
 	encodeType = GSF_LE_GET_GUINT8 (q->data + 5);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]