[gnumeric] Fix Morten's fuzz #627063

From: Andreas J. Guelzow <guelzow src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnumeric] Fix Morten's fuzz #627063
Date: Tue, 17 Aug 2010 02:04:32 +0000 (UTC)

commit 5ec658e027f88c84dcf09de80a1e0253918b9e35
Author: Andreas J Guelzow <aguelzow pyrshep ca>
Date:   Mon Aug 16 20:03:51 2010 -0600

    Fix Morten's fuzz #627063
    
    2010-08-16  Andreas J. Guelzow <aguelzow pyrshep ca>
    
    	* openoffice-read.c (oo_date_style_end): set accum to NULL after freeing
    	(odf_number_style): set all fields
    	(odf_number_style_end): check for NULL name

 plugins/openoffice/ChangeLog         |    6 ++++++
 plugins/openoffice/openoffice-read.c |   12 ++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)
---
diff --git a/plugins/openoffice/ChangeLog b/plugins/openoffice/ChangeLog
index e8c6bd8..2ddc64c 100644
--- a/plugins/openoffice/ChangeLog
+++ b/plugins/openoffice/ChangeLog
@@ -1,5 +1,11 @@
 2010-08-16  Andreas J. Guelzow <aguelzow pyrshep ca>
 
+	* openoffice-read.c (oo_date_style_end): set accum to NULL after freeing
+	(odf_number_style): set all fields
+	(odf_number_style_end): check for NULL name
+
+2010-08-16  Andreas J. Guelzow <aguelzow pyrshep ca>
+
 	* openoffice-read.c (oo_date_style): set all fields
 	(oo_date_style_end): check for NULL name
 
diff --git a/plugins/openoffice/openoffice-read.c b/plugins/openoffice/openoffice-read.c
index 2362798..34a0531 100644
--- a/plugins/openoffice/openoffice-read.c
+++ b/plugins/openoffice/openoffice-read.c
@@ -1969,8 +1969,10 @@ oo_date_style_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob *blob)
 	int elapsed = state->cur_format.elapsed_set;
 
 	if (state->cur_format.name == NULL) {
-		if (state->cur_format.accum) 
+		if (state->cur_format.accum) {
 			g_string_free (state->cur_format.accum, TRUE);
+			state->cur_format.accum = NULL;
+		}
 		oo_warning (xin, _("Corrupted file: unnamed date style ignored."));
 	} else {
 		if (state->cur_format.magic != GO_FORMAT_MAGIC_NONE)
@@ -2228,7 +2230,6 @@ odf_number_style (GsfXMLIn *xin, xmlChar const **attrs)
 			name = CXML2C (attrs[1]);
 
 	g_return_if_fail (state->cur_format.accum == NULL);
-	g_return_if_fail (name != NULL);
 
 	state->cur_format.accum = g_string_new (NULL);
 	state->cur_format.name = g_strdup (name);
@@ -2243,6 +2244,13 @@ odf_number_style_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob *blob)
 
 	g_return_if_fail (state->cur_format.accum != NULL);
 
+	if (state->cur_format.name == NULL) {
+		g_string_free (state->cur_format.accum, TRUE);
+		state->cur_format.accum = NULL;
+		oo_warning (xin, _("Corrupted file: unnamed number style ignored."));
+		return;
+	}
+
 	if (state->conditions != NULL) {
 		/* We have conditional formats */
 		GSList *lc, *lf;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]