gnumeric r16382 - in trunk: . plugins/qpro

[mortenw svn gnome org]

Author: mortenw
Date: Tue Feb 19 14:24:47 2008
New Revision: 16382
URL: http://svn.gnome.org/viewvc/gnumeric?rev=16382&view=rev

Log:
2008-02-19  Morten Welinder  <terra gnome org>

	* qpro-read.c (qpro_parse_formula): Survive even more bogus files
	and plug a leak in the error case.  Fixes #517376.



Modified:
   trunk/NEWS
   trunk/plugins/qpro/ChangeLog
   trunk/plugins/qpro/qpro-read.c

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS	(original)
+++ trunk/NEWS	Tue Feb 19 14:24:47 2008
@@ -32,7 +32,7 @@
 	* Work around Qt theme bug.  [#512752]
 	* Fix paste-as-text bug.  [#514438]
 	* Fix corrupted-mps-bug.  [#517141]
-	* Fix corrupted-qpro-bug.  [#517144]
+	* Fix corrupted-qpro-bugs.  [#517144] [#517376]
 
 --------------------------------------------------------------------------
 Gnumeric 1.8.0

Modified: trunk/plugins/qpro/qpro-read.c
==============================================================================
--- trunk/plugins/qpro/qpro-read.c	(original)
+++ trunk/plugins/qpro/qpro-read.c	Tue Feb 19 14:24:47 2008
@@ -374,7 +374,7 @@
 	guint16 ref_offset = GSF_LE_GET_GUINT16 (data + 12);
 	GnmValue   *val;
 	GSList  *stack = NULL;
-	GnmExprTop const *texpr;
+	GnmExprTop const *texpr = NULL;
 	guint8 const *refs, *fmla;
 
 #ifdef DEBUG_MISSING
@@ -570,9 +570,22 @@
 					fmla++;
 				}
 
-				while (args-- > 0)
+				while (stack && args > 0) {
 					arglist = g_slist_prepend (arglist,
 								   (gpointer)expr_stack_pop (&stack));
+					args--;
+				}
+				if (args > 0) {
+					g_warning ("File is probably corrupted.\n"
+						   "(Expression stack is short by %d arguments)",
+						   args);
+					while (args > 0) {
+						GnmExpr const *e = gnm_expr_new_constant (value_new_empty ());
+						arglist = g_slist_prepend (arglist,
+									   (gpointer)e);
+						args--;
+					}
+				}
 				expr = gnm_expr_new_funcall (f, arglist);
 				break;
 			} else {
@@ -587,8 +600,7 @@
 	Q_CHECK_CONDITION (stack != NULL);
 	Q_CHECK_CONDITION (stack->next == NULL);
 
-	texpr = gnm_expr_top_new (stack->data);
-	g_slist_free (stack);
+	texpr = gnm_expr_top_new (expr_stack_pop (&stack));
 
 	switch (magic) {
 	case 0x7ff0:
@@ -612,14 +624,14 @@
 			goto again;
 		}
 
-		g_return_if_fail (id == QPRO_FORMULA_STRING);
+		Q_CHECK_CONDITION (id == QPRO_FORMULA_STRING);
+		Q_CHECK_CONDITION (len >= 7);
 
 		new_col = data[0];
 		new_row = GSF_LE_GET_GUINT16 (data + 2);
 
 		/* Be anal */
-		g_return_if_fail (col == new_col);
-		g_return_if_fail (row == new_row);
+		Q_CHECK_CONDITION (col == new_col && row == new_row);
 
 		val = qpro_new_string (state, data + 7);
 		break;
@@ -657,6 +669,9 @@
 		}
 		g_slist_free (stack);
 	}
+
+	if (texpr)
+		gnm_expr_top_unref (texpr);
 }
 
 static GnmStyle *