[gnumeric] xls: fix fuzzed crash.

[Morten Welinder <mortenw src gnome org>]

commit 792d40480e54c523be6446c7c354e2ff2f49889b
Author: Morten Welinder <terra gnome org>
Date:   Thu Aug 1 20:42:06 2013 -0400

    xls: fix fuzzed crash.

 NEWS                          |    2 +-
 plugins/excel/ChangeLog       |    5 +++++
 plugins/excel/ms-excel-read.c |    5 +++--
 3 files changed, 9 insertions(+), 3 deletions(-)
---
diff --git a/NEWS b/NEWS
index 5a99539..10d343c 100644
--- a/NEWS
+++ b/NEWS
@@ -21,7 +21,7 @@ Jean:
 Morten:
        * Fix crazy parsing problem.  [#704109] [#704140]
        * Fix crashes on corrupted files.  [#704102] [#704004] [#704325]
-       [#704562]
+       [#704562] [#705319]
        * Fix conditional format problem.  [#704445]
        * Plug leak.  [#704820]
 
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index 49c723d..39287c7 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,3 +1,8 @@
+2013-08-01  Morten Welinder  <terra gnome org>
+
+       * ms-excel-read.c (excel_read_MULRK): Fix sanity check.  Fixes
+       #705319.
+
 2013-07-29  Andreas J. Guelzow <aguelzow pyrshep ca>
 
        * xlsx-write.c (xlsx_write_borders): check for NULL borders
diff --git a/plugins/excel/ms-excel-read.c b/plugins/excel/ms-excel-read.c
index 1453ee4..59ac10f 100644
--- a/plugins/excel/ms-excel-read.c
+++ b/plugins/excel/ms-excel-read.c
@@ -4739,8 +4739,9 @@ excel_read_MULRK (BiffQuery *q, ExcelReadSheet *esheet)
        XL_CHECK_CONDITION (lastcol >= col);
 
        if (q->length != 4 + 6 * (lastcol - col + 1) + 2) {
-               g_warning ("MULRK with strange size.");
-               lastcol = col + (q->length - (4 + 6 + 2)) / 6 - 1;
+               int guess = col + (q->length - (4 + 2)) / 6 - 1;
+               g_warning ("MULRK with strange size: %d vs %d", lastcol, guess);
+               lastcol = MIN (lastcol, (guint32)MAX (guess, 0));
        }
 
        for (; col <= lastcol ; col++) {