[gnumeric] xml: fuzzed file fix.
- From: Morten Welinder <mortenw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnumeric] xml: fuzzed file fix.
- Date: Tue, 28 Apr 2015 17:35:15 +0000 (UTC)
commit ea41a40ed55fb5af5e499d058c99e1599ab5896f
Author: Morten Welinder <terra gnome org>
Date: Tue Apr 28 13:34:57 2015 -0400
xml: fuzzed file fix.
ChangeLog | 2 ++
NEWS | 1 +
src/xml-sax-read.c | 5 ++++-
3 files changed, 7 insertions(+), 1 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index aec0d70..84c1ce3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
* src/xml-sax-read.c (read_file_free_state): Plug leaks related to
malformed documents. Fixes #748596.
+ (xml_sax_unknown): Don't rely on xin->user_state here. Fixes
+ #748595.
2015-04-16 Morten Welinder <terra gnome org>
diff --git a/NEWS b/NEWS
index f89dc15..e347f7b 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ Morten:
* Fix xlsx save crash related to shared strings. [#748477]
* Solver code refactoring.
* Plug leaks.
+ * Fuzzed file fixes. [#748595]
--------------------------------------------------------------------------
Gnumeric 1.12.22
diff --git a/src/xml-sax-read.c b/src/xml-sax-read.c
index 468774d..ed4d0a4 100644
--- a/src/xml-sax-read.c
+++ b/src/xml-sax-read.c
@@ -3243,8 +3243,11 @@ xml_sax_unknown (GsfXMLIn *xin, xmlChar const *elem, xmlChar const **attrs)
0 == strcmp (xin->node->id, "SHEET_OBJECTS")) {
char const *type_name = gsf_xml_in_check_ns (xin, CXML2C (elem), GNM);
if (type_name != NULL) {
+ XMLSaxParseState *state = (XMLSaxParseState *)xin->user_state;
+ /* This may change xin->user_state. */
xml_sax_read_obj (xin, TRUE, type_name, attrs);
- return gnm_xml_in_cur_obj (xin) != NULL;
+ /* xin->user_state hasn't been restored yet. */
+ return state->so != NULL;
}
}
return FALSE;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
