[gnumeric] xls: fix fuzzed file issue.

[Morten Welinder <mortenw src gnome org>]

commit a5577602fceadb771f4e5bcec4fff17253e625f5
Author: Morten Welinder <terra gnome org>
Date:   Sat Dec 21 14:56:37 2013 -0500

    xls: fix fuzzed file issue.

 NEWS                          |    1 +
 plugins/excel/ChangeLog       |    5 ++++-
 plugins/excel/ms-excel-read.c |    5 ++++-
 3 files changed, 9 insertions(+), 2 deletions(-)
---
diff --git a/NEWS b/NEWS
index ec1e068..99cb1c4 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ Morten:
        * Fix tabulation truncation issue.
        * Fix ABR.  [#720353]
        * Fix fuzzed file crashes.  [#720425] [#720426] [#720358] [#719349]
+       [#715002]
 
 --------------------------------------------------------------------------
 Gnumeric 1.12.9
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index 94bf4ab..b608af1 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,7 +1,10 @@
 2013-12-21  Morten Welinder  <terra gnome org>
 
+       * ms-excel-read.c (excel_read_XF): Fix length check.  Fixes
+       #715002.
+
        * ms-obj.c (read_pre_biff8_read_name_and_fmla): Fix and improve
-       length check.  Fixes #720358.
+       length check.  Fixes #720358 and #719349.
 
 2013-12-13  Morten Welinder  <terra gnome org>
 
diff --git a/plugins/excel/ms-excel-read.c b/plugins/excel/ms-excel-read.c
index 9544c8b..9d94e0c 100644
--- a/plugins/excel/ms-excel-read.c
+++ b/plugins/excel/ms-excel-read.c
@@ -2533,7 +2533,10 @@ excel_read_XF (BiffQuery *q, GnmXLImporter *importer)
        BiffXFData *xf;
        guint32 data, subdata;
 
-       XL_CHECK_CONDITION (q->length >= 8);  /* Check this */
+       if (importer->ver >= MS_BIFF_V8)
+               XL_CHECK_CONDITION (q->length >= 20);
+       else
+               XL_CHECK_CONDITION (q->length >= 16);
 
        xf = g_new (BiffXFData, 1);
        xf->font_idx = GSF_LE_GET_GUINT16 (q->data);