[tracker/tracker-0.8] Fixes GB#627281: Crash in msoffice extractor

[Martyn James Russell <mr src gnome org>]

commit 0a50fd4c63b736c30c52ab9123a8ee34baf1b389
Author: Aleksander Morgado <aleksander lanedo com>
Date:   Thu Aug 19 17:43:10 2010 +0200

    Fixes GB#627281: Crash in msoffice extractor
    
     * Length of PRC structure was wrongly read when greater than 256 bytes.

 src/tracker-extract/tracker-extract-msoffice.c |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-msoffice.c b/src/tracker-extract/tracker-extract-msoffice.c
index 6811fa8..27934f7 100644
--- a/src/tracker-extract/tracker-extract-msoffice.c
+++ b/src/tracker-extract/tracker-extract-msoffice.c
@@ -936,12 +936,21 @@ extract_msword_content (GsfInfile *infile,
 
 	while (TRUE) {
 		if (clx[i] == 2) {
+			/* Nice, a proper structure with contents, no need to
+			 * iterate more. */
 			lcb_piece_table = read_32bit (clx + (i + 1));
 			piece_table = clx + i + 5;
 			piece_count = (lcb_piece_table - 4) / 12;
 			break;
 		} else if (clx[i] == 1) {
-			i = i + 2 + clx[i + 1];
+			/* Oh, a PRC structure with properties of text, not
+			 * real text, so skip it */
+			guint16 GrpPrl_len;
+
+
+			GrpPrl_len = read_16bit (&clx[i+1]);
+			/* 3 is the length of clxt (1byte) and cbGrpprl(2bytes) */
+			i = i + 3 + GrpPrl_len;
 		} else {
 			break;
 		}