gnumeric r16365 - in trunk: . plugins/excel

From: mortenw svn gnome org
To: svn-commits-list gnome org
Subject: gnumeric r16365 - in trunk: . plugins/excel
Date: Sat, 9 Feb 2008 02:40:58 +0000 (GMT)
Author: mortenw
Date: Sat Feb  9 02:40:58 2008
New Revision: 16365
URL: http://svn.gnome.org/viewvc/gnumeric?rev=16365&view=rev

Log:
2008-02-08  Morten Welinder  <terra gnome org>

	* ms-chart.c: Sprinkle some length checks.  Fixes #515269,
	#515275, and #515335.



Modified:
   trunk/NEWS
   trunk/plugins/excel/ChangeLog
   trunk/plugins/excel/ms-chart.c

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS	(original)
+++ trunk/NEWS	Sat Feb  9 02:40:58 2008
@@ -23,7 +23,7 @@
 	  [#513317] [#513361] [#513364] [#513551] [#513605] [#513608] [#513790]
 	  [#513787] [#513835] [#513963] [#514229] [#514230] [#514295] [#514435]
 	  [#514436] [#514437] [#514506] [#514510] [#514630] [#514637] [#515155]
-	  [#515269] [#515275]
+	  [#515269] [#515275] [#515335]
 	* Fix non-ascii export problem.  [#511135]
 	* Band-aid evaluation problem with broken xls.  [#513559]
 	* Fix circular array formula problem.

Modified: trunk/plugins/excel/ms-chart.c
==============================================================================
--- trunk/plugins/excel/ms-chart.c	(original)
+++ trunk/plugins/excel/ms-chart.c	Sat Feb  9 02:40:58 2008
@@ -589,7 +589,10 @@
 		     XLChartReadState *s, BiffQuery *q)
 {
 	guint16 opcode;
-	guint16 const type = GSF_LE_GET_GUINT16 (q->data);
+	guint16 type;
+
+	XL_CHECK_CONDITION_VAL (q->length >= 2, FALSE);
+	type = GSF_LE_GET_GUINT16 (q->data);
 
 	d (0, {
 	g_printerr ("Axisline is ");
@@ -913,7 +916,7 @@
 
 	if (pt_num == 0 && series_index == 0 && series_index_for_label == 0xfffd)
 		s->has_extra_dataformat = TRUE;
-	XL_CHECK_CONDITION_VAL (s->series && series_index < s->series->len, TRUE);
+	XL_CHECK_CONDITION_VAL (series_index < s->series->len, TRUE);
 
 	series = g_ptr_array_index (s->series, series_index);
 	XL_CHECK_CONDITION_VAL (series != NULL, TRUE);
@@ -1829,9 +1832,14 @@
 BC_R(trendlimits)(XLChartHandler const *handle,
 		  XLChartReadState *s, BiffQuery *q)
 {
-	double const min = GSF_LE_GET_DOUBLE (q->data);
-	double const max = GSF_LE_GET_DOUBLE (q->data+8);
-	guint8 const skip_invalid = GSF_LE_GET_GUINT8  (q->data+16);
+	double min, max;
+	gboolean skip_invalid;
+
+	XL_CHECK_CONDITION_VAL (q->length >= 17, FALSE);
+	min = GSF_LE_GET_DOUBLE (q->data);
+	max = GSF_LE_GET_DOUBLE (q->data + 8);
+	skip_invalid = GSF_LE_GET_GUINT8 (q->data + 16);
+
 	d (1, {
 		g_printerr ("skip invalid data: %s\n", (skip_invalid)? "yes": "no");
 		g_printerr ("min: %g\n", min);
@@ -1850,6 +1858,7 @@
 		     GogMSDimType purpose,
 		     int type_offset, int count_offset, char const *name)
 {
+	XL_CHECK_CONDITION (q->length >= 2 + (unsigned)count_offset);
 #if 0
 	switch (GSF_LE_GET_GUINT16 (q->data + type_offset)) {
 	case 0 : /* date */ break;
@@ -1871,7 +1880,7 @@
 {
 	XLChartSeries *series;
 
-	g_return_val_if_fail (s->currentSeries == NULL, TRUE);
+	XL_CHECK_CONDITION_VAL (s->currentSeries == NULL, TRUE);
 
 	d (2, g_printerr ("SERIES = %d\n", s->series->len););
 
@@ -1909,12 +1918,15 @@
 BC_R(seriestext)(XLChartHandler const *handle,
 		 XLChartReadState *s, BiffQuery *q)
 {
-	guint16 const id = GSF_LE_GET_GUINT16 (q->data);	/* must be 0 */
-	int const slen = GSF_LE_GET_GUINT8 (q->data + 2);
+	guint16 id;
+	int slen;
 	char *str;
 	GnmValue *value;
 
-	g_return_val_if_fail (id == 0, FALSE);
+	XL_CHECK_CONDITION_VAL (q->length >= 3, FALSE);
+	id = GSF_LE_GET_GUINT16 (q->data);	/* must be 0 */
+	slen = GSF_LE_GET_GUINT8 (q->data + 2);
+	XL_CHECK_CONDITION_VAL (id == 0, FALSE);
 
 	if (slen == 0)
 		return FALSE;
@@ -1949,7 +1961,10 @@
 BC_R(serparent)(XLChartHandler const *handle,
 		XLChartReadState *s, BiffQuery *q)
 {
-	guint16 const index = GSF_LE_GET_GUINT16 (q->data) - 1;
+	guint16 index;
+
+	XL_CHECK_CONDITION_VAL (q->length >= 2, FALSE);
+	index = GSF_LE_GET_GUINT16 (q->data) - 1;
 	d (1, g_printerr ("Parent series index is %hd\n", index););
 	s->parent_index = index;
 
@@ -1962,9 +1977,11 @@
 BC_R(sertocrt)(XLChartHandler const *handle,
 	       XLChartReadState *s, BiffQuery *q)
 {
-	guint16 const index = GSF_LE_GET_GUINT16 (q->data);
+	guint16 index;
 
-	g_return_val_if_fail (s->currentSeries != NULL, FALSE);
+	XL_CHECK_CONDITION_VAL (q->length >= 2, FALSE);
+	XL_CHECK_CONDITION_VAL (s->currentSeries != NULL, FALSE);
+	index = GSF_LE_GET_GUINT16 (q->data);
 
 	s->currentSeries->chart_group = index;
 
@@ -2025,6 +2042,7 @@
 BC_R(siindex)(XLChartHandler const *handle,
 	      XLChartReadState *s, BiffQuery *q)
 {
+	XL_CHECK_CONDITION_VAL (q->length >= 2, FALSE);
 	/* UNDOCUMENTED : Docs says this is long
 	 * Biff record is only length 2 */
 	s->cur_role = GSF_LE_GET_GUINT16 (q->data);
@@ -2037,6 +2055,8 @@
 BC_R(surf)(XLChartHandler const *handle,
 	   XLChartReadState *s, BiffQuery *q)
 {
+	XL_CHECK_CONDITION_VAL (q->length >= 6, FALSE);
+
 #warning implement wireframe (aka use-color)
 #if 0
 	guint16 const flags = GSF_LE_GET_GUINT16 (q->data+4);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]