gnumeric r17255 - in trunk: . plugins/excel

From: mortenw svn gnome org
To: svn-commits-list gnome org
Subject: gnumeric r17255 - in trunk: . plugins/excel
Date: Mon, 30 Mar 2009 17:31:38 +0000 (UTC)

Author: mortenw
Date: Mon Mar 30 17:31:38 2009
New Revision: 17255
URL: http://svn.gnome.org/viewvc/gnumeric?rev=17255&view=rev

Log:
2009-03-30  Morten Welinder  <terra gnome org>

	* ms-container.c (ms_container_get_blip): Add sanity check.  Fixes
	#577260.

	* ms-excel-read.c (excel_read_MULBLANK): Add sanity checks.  Fixes
	#577259.



Modified:
   trunk/NEWS
   trunk/plugins/excel/ChangeLog
   trunk/plugins/excel/ms-container.c
   trunk/plugins/excel/ms-excel-read.c

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS	(original)
+++ trunk/NEWS	Mon Mar 30 17:31:38 2009
@@ -7,7 +7,7 @@
 	* Improve XIRR a bit.
 	* Fix Applix loading crash.  [#577145]
 	* Fix Lotus loading crash.  [#577156]
-	* Fix XLS loading crash.  [#577208, #577205]
+	* Fix XLS loading crashes.  [#577205, #577208, #577259, #577260]
 	* Add sorted sheet list to tab menu.
 
 --------------------------------------------------------------------------

Modified: trunk/plugins/excel/ms-container.c
==============================================================================
--- trunk/plugins/excel/ms-container.c	(original)
+++ trunk/plugins/excel/ms-container.c	Mon Mar 30 17:31:38 2009
@@ -105,6 +105,7 @@
 	    (container->blips == NULL || container->blips->len == 0))
 		    return ms_container_get_blip (container->parent, blip_id);
 
+	g_return_val_if_fail (container->blips != NULL, NULL);
 	g_return_val_if_fail (blip_id < (int)container->blips->len, NULL);
 
 	return g_ptr_array_index (container->blips, blip_id);

Modified: trunk/plugins/excel/ms-excel-read.c
==============================================================================
--- trunk/plugins/excel/ms-excel-read.c	(original)
+++ trunk/plugins/excel/ms-excel-read.c	Mon Mar 30 17:31:38 2009
@@ -4409,11 +4409,14 @@
 excel_read_MULBLANK (BiffQuery *q, ExcelReadSheet *esheet)
 {
 	/* This is an educated guess, docs are not terribly clear */
-	int firstcol = XL_GETCOL (q);
-	int const row = XL_GETROW (q);
+	int firstcol, lastcol, row;
 	guint8 const *ptr = (q->data + q->length - 2);
-	int lastcol = GSF_LE_GET_GUINT16 (ptr);
 	int i, range_end, prev_xf, xf_index;
+
+	XL_CHECK_CONDITION (q->length >= 6);
+	firstcol = XL_GETCOL (q);
+	row = XL_GETROW (q);
+	lastcol = GSF_LE_GET_GUINT16 (ptr);
 	d (0, {
 		fprintf (stderr,"Cells in row %d are blank starting at col %s until col ",
 			row + 1, col_name (firstcol));
@@ -4426,6 +4429,7 @@
 		firstcol = lastcol;
 		lastcol = tmp;
 	}
+	XL_CHECK_CONDITION (q->length >= 4u + 2u * (lastcol - firstcol + 1));
 
 	range_end = i = lastcol;
 	prev_xf = -1;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]