[gnumeric] xls: fix fuzzed file crash.
- From: Morten Welinder <mortenw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnumeric] xls: fix fuzzed file crash.
- Date: Fri, 13 Dec 2013 21:33:29 +0000 (UTC)
commit 8bc9cefa5273ae8897332844d3d5fe23f35d2cfb
Author: Morten Welinder <terra gnome org>
Date: Fri Dec 13 16:33:14 2013 -0500
xls: fix fuzzed file crash.
NEWS | 2 +-
plugins/excel/ChangeLog | 3 +++
plugins/excel/ms-excel-read.c | 3 ++-
3 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/NEWS b/NEWS
index ec79435..d356210 100644
--- a/NEWS
+++ b/NEWS
@@ -14,7 +14,7 @@ Morten:
* Avoid some overflows in IMGAMMA.
* Fix tabulation truncation issue.
* Fix ABR. [#720353]
- * Fix fuzzed file crash. [#720425]
+ * Fix fuzzed file crashes. [#720425] [#720426]
--------------------------------------------------------------------------
Gnumeric 1.12.9
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index c612ebf..5d6cb91 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,5 +1,8 @@
2013-12-13 Morten Welinder <terra gnome org>
+ * ms-excel-read.c (excel_read_WINDOW2): Don't crash of truncated
+ record. Fixes #720426.
+
* xlsx-read.c (xlsx_cell_end): Make sure state->texpr ends up
NULL. Fixes #720425.
diff --git a/plugins/excel/ms-excel-read.c b/plugins/excel/ms-excel-read.c
index e12fc20..9544c8b 100644
--- a/plugins/excel/ms-excel-read.c
+++ b/plugins/excel/ms-excel-read.c
@@ -5069,10 +5069,11 @@ excel_read_WINDOW2 (BiffQuery *q, ExcelReadSheet *esheet, WorkbookView *wb_view)
gboolean set_grid_color;
if (q->opcode == BIFF_WINDOW2_v2) {
- guint16 const options = GSF_LE_GET_GUINT16 (q->data + 0);
+ guint16 options;
XL_CHECK_CONDITION (q->length >= 10);
+ options = GSF_LE_GET_GUINT16 (q->data + 0);
esheet->sheet->display_formulas = ((options & 0x0001) != 0);
esheet->sheet->hide_grid = ((options & 0x0002) == 0);
esheet->sheet->hide_col_header =
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
