[gnumeric] xls: fix ABR.

[Morten Welinder <mortenw src gnome org>]

commit 7f1ca94d98757d1f1e207fd4212fd812e9876104
Author: Morten Welinder <terra gnome org>
Date:   Thu Nov 21 18:30:34 2013 -0500

    xls: fix ABR.

 NEWS                    |    2 +-
 plugins/excel/ChangeLog |    3 +++
 plugins/excel/ms-obj.c  |    4 ++++
 3 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/NEWS b/NEWS
index ccd2f6b..511b67c 100644
--- a/NEWS
+++ b/NEWS
@@ -14,7 +14,7 @@ Morten:
        * Improve accuracy of bessel functions with large non-integer alpha.
        * Improve accuracy of ACOTH.
        * Fix fuzzed file crash.  [#708091] [#712662] [#712685] [#712700]
-         [#712708] [#712772] [#712788]
+         [#712708] [#712772] [#712788] [#712731]
        * Restore sheet reordering by drag.
        * Fix BETA on win32.
        * Fix win32 registry initialization.
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index 5fccde0..c25e5d0 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,5 +1,8 @@
 2013-11-21  Morten Welinder  <terra gnome org>
 
+       * ms-obj.c (read_pre_biff8_read_text): Fix fuzzed file problem
+       #712731.
+
        * xlsx-read.c (xlsx_file_open): A severely malformed document can
        leave an expression in the state.  Free that.  Fixes #712788.
 
diff --git a/plugins/excel/ms-obj.c b/plugins/excel/ms-obj.c
index f6afe43..629e08c 100644
--- a/plugins/excel/ms-obj.c
+++ b/plugins/excel/ms-obj.c
@@ -565,6 +565,10 @@ read_pre_biff8_read_text (BiffQuery *q, MSContainer *c, MSObj *obj,
                        len -= q->length;
                }
                str = g_string_free (accum, FALSE);
+               if (len > q->length) {
+                       g_free (str);
+                       return TRUE;
+               }
                first = q->data + len;
        } else
                first += len;