[gnumeric] stf: fix crash.

From: Morten Welinder <mortenw src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnumeric] stf: fix crash.
Date: Fri, 21 May 2010 13:13:20 +0000 (UTC)

commit 32046efc4961bc7c9e1bb7180a8496081c522ab3
Author: Morten Welinder <terra gnome org>
Date:   Fri May 21 09:13:08 2010 -0400

    stf: fix crash.

 ChangeLog       |    5 +++++
 NEWS            |    3 +++
 src/stf-parse.c |   18 ++++++++++--------
 3 files changed, 18 insertions(+), 8 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index d7c8fec..4d32e5a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-05-21  Morten Welinder  <terra gnome org>
+
+	* src/stf-parse.c (stf_parse_region): Avoid reading beyond the end
+	of the format array.  Fixes #619283.
+
 2010-05-20  Morten Welinder <terra gnome org>
 
 	* configure.in: Post-release bump.
diff --git a/NEWS b/NEWS
index b2702ba..0cd615a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
 Gnumeric 1.10.5
 
+Morten:
+	* Fix stf crash.  [#619283]
+
 --------------------------------------------------------------------------
 Gnumeric 1.10.4
 
diff --git a/src/stf-parse.c b/src/stf-parse.c
index b47d590..3e32712 100644
--- a/src/stf-parse.c
+++ b/src/stf-parse.c
@@ -1329,12 +1329,8 @@ stf_parse_region (StfParseOptions_t *parseoptions, char const *data, char const
 
 	GnmCellRegion *cr;
 	unsigned int row, colhigh = 0;
-	char *text;
 	GStringChunk *lines_chunk;
 	GPtrArray *lines;
-	GnmCellCopy	*cc;
-	GOFormat	*fmt;
-	GnmValue	*v;
 
 	SETUP_LOCALE_SWITCH;
 
@@ -1356,10 +1352,16 @@ stf_parse_region (StfParseOptions_t *parseoptions, char const *data, char const
 			if (parseoptions->col_import_array == NULL ||
 			    parseoptions->col_import_array_len <= col ||
 			    parseoptions->col_import_array[col]) {
-				if (NULL != (text = g_ptr_array_index (line, col))) {
-					fmt = g_ptr_array_index (
-						parseoptions->formats, col);
-					if (NULL == (v = format_match (text, fmt, date_conv)))
+				const char *text = g_ptr_array_index (line, col);
+				if (text) {
+					GOFormat *fmt = NULL;
+					GnmValue *v;
+					GnmCellCopy *cc;
+
+					if (col < parseoptions->formats->len)
+						fmt = g_ptr_array_index (parseoptions->formats, col);
+					v = format_match (text, fmt, date_conv);
+					if (!v)
 						v = value_new_string (text);
 
 					cc = gnm_cell_copy_new (cr, targetcol, row);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]