[gnumeric] Harden ODF import against fuzzed files. [#747448]

From: Andreas J. Guelzow <guelzow src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnumeric] Harden ODF import against fuzzed files. [#747448]
Date: Wed, 8 Apr 2015 03:03:47 +0000 (UTC)

commit c84bae5ec61c1cec8f4bf26a4f97932c721c5b12
Author: Andreas J. Guelzow <aguelzow pyrshep ca>
Date:   Tue Apr 7 21:00:22 2015 -0600

    Harden ODF import against fuzzed files. [#747448]
    
    2015-04-07  Andreas J. Guelzow <aguelzow pyrshep ca>
    
        * openoffice-read.c (od_draw_frame_start): ensure that the base address
        is still on the sheet.

 NEWS                                 |    2 +-
 plugins/openoffice/ChangeLog         |    5 +++++
 plugins/openoffice/openoffice-read.c |   10 ++++++++++
 3 files changed, 16 insertions(+), 1 deletions(-)
---
diff --git a/NEWS b/NEWS
index 56afd1f..03f65a4 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ Andreas:
        * Improve ODF import/export of additional axes. [#746321]
        * Fix ODF export of styles for additional axes. [#746621]
        * Simplify export of SEC and SECH to ODF. [#747211]
-       * Harden ODF import against fuzzed files. [#747447]
+       * Harden ODF import against fuzzed files. [#747447][#747448]
 
 Jean:
        * Fix signal handling while running Python. [#744638]
diff --git a/plugins/openoffice/ChangeLog b/plugins/openoffice/ChangeLog
index ea3f2d5..e27e37a 100644
--- a/plugins/openoffice/ChangeLog
+++ b/plugins/openoffice/ChangeLog
@@ -1,5 +1,10 @@
 2015-04-07  Andreas J. Guelzow <aguelzow pyrshep ca>
 
+       * openoffice-read.c (od_draw_frame_start): ensure that the base address
+       is still on the sheet.
+
+2015-04-07  Andreas J. Guelzow <aguelzow pyrshep ca>
+
        * openoffice-read.c (oo_cell_content_start): avoid missing
        the odf_push_text_p
 
diff --git a/plugins/openoffice/openoffice-read.c b/plugins/openoffice/openoffice-read.c
index 435a170..22456ec 100644
--- a/plugins/openoffice/openoffice-read.c
+++ b/plugins/openoffice/openoffice-read.c
@@ -7954,6 +7954,9 @@ od_draw_frame_start (GsfXMLIn *xin, xmlChar const **attrs)
        GnmExprTop const *texpr = NULL;
        int z = -1;
        GnmSOAnchorMode mode;
+       int last_row = gnm_sheet_get_last_row (state->pos.sheet);
+       int last_col = gnm_sheet_get_last_col (state->pos.sheet);
+       
 
        height = width = x = y = 0.;
        for (; attrs != NULL && attrs[0] && attrs[1] ; attrs += 2){
@@ -8017,6 +8020,13 @@ od_draw_frame_start (GsfXMLIn *xin, xmlChar const **attrs)
                                       (height > 0) ? height : go_nan,
                                       (width > 0) ? width : go_nan);
 
+       if (cell_base.start.col > last_col || cell_base.start.row > last_row) {
+               oo_warning (xin, _("Moving sheet object from column %i and row %i"),
+                           cell_base.start.col, cell_base.start.row);
+               cell_base.start.col = cell_base.start.row = 0;
+               range_ensure_sanity (&cell_base, state->pos.sheet);
+       }
+       
        sheet_object_anchor_init (&state->chart.anchor, &cell_base, frame_offset,
                                  GOD_ANCHOR_DIR_DOWN_RIGHT, mode);
        state->chart.so = NULL;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]