[gnumeric] xlsx: fuzzed file fix re style collection repeats

[Morten Welinder <mortenw src gnome org>]

commit 6244c64c105c9d52c96ae90f55c790383ba6c51b
Author: Morten Welinder <terra gnome org>
Date:   Fri Jun 12 14:25:44 2015 -0400

    xlsx: fuzzed file fix re style collection repeats

 NEWS                      |    2 +-
 plugins/excel/ChangeLog   |    3 +++
 plugins/excel/xlsx-read.c |   30 +++++++++++++++++++-----------
 3 files changed, 23 insertions(+), 12 deletions(-)
---
diff --git a/NEWS b/NEWS
index e38a278..0345c07 100644
--- a/NEWS
+++ b/NEWS
@@ -21,7 +21,7 @@ Morten:
          [#749069] [#748533] [#749118] [#749166] [#749181] [#749184]
          [#749236] [#749240] [#749234] [#749235] [#749271] [#749270]
          [#749424] [#749917] [#749919] [#750043] [#750044] [#750046]
-         [#750811] [#750810] [#750857]
+         [#750811] [#750810] [#750857] [#750864]
        * Make solver check linearity of model.
        * Fix xls saving of marker style.  [#749185]
        * Make compilation with clang work again.  [#749138]
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index 98a2b19..2ac203a 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,5 +1,8 @@
 2015-06-12  Morten Welinder  <terra gnome org>
 
+       * xlsx-read.c (xlsx_collection_begin): Don't reallocation if a
+       collection occurs twice.  Fixes #750864.
+
        * ms-excel-util.c (xls_header_footer_import): Allocate if needed.
        Fixes #750853.
 
diff --git a/plugins/excel/xlsx-read.c b/plugins/excel/xlsx-read.c
index d4f8e04..8a45fde 100644
--- a/plugins/excel/xlsx-read.c
+++ b/plugins/excel/xlsx-read.c
@@ -4179,9 +4179,23 @@ xlsx_collection_begin (GsfXMLIn *xin, xmlChar const **attrs)
 {
        XLSXReadState *state = (XLSXReadState *)xin->user_state;
        unsigned count = 0;
+       GPtrArray **pcollection;
 
        g_return_if_fail (NULL == state->collection);
 
+       switch (xin->node->user_data.v_int) {
+       case XLSX_COLLECT_FONT: pcollection = &state->fonts; break;
+       case XLSX_COLLECT_FILLS: pcollection = &state->fills; break;
+       case XLSX_COLLECT_BORDERS: pcollection = &state->borders; break;
+       case XLSX_COLLECT_XFS: pcollection = &state->xfs; break;
+       case XLSX_COLLECT_STYLE_XFS: pcollection = &state->style_xfs; break;
+       case XLSX_COLLECT_DXFS: pcollection = &state->dxfs; break;
+       case XLSX_COLLECT_TABLE_STYLES: pcollection = &state->table_styles; break;
+       default:
+               g_assert_not_reached ();
+               return;
+       }
+
        state->count = 0;
        for (; attrs != NULL && attrs[0] && attrs[1] ; attrs += 2) {
                if (attr_uint (xin, attrs, "count", &count))
@@ -4191,18 +4205,12 @@ xlsx_collection_begin (GsfXMLIn *xin, xmlChar const **attrs)
        /* Don't trust huge counts. */
        count = MIN (count, 1000u);
 
-       state->collection = g_ptr_array_new ();
-       g_ptr_array_set_size (state->collection, count);
-
-       switch (xin->node->user_data.v_int) {
-       case XLSX_COLLECT_FONT :        state->fonts = state->collection;        break;
-       case XLSX_COLLECT_FILLS :       state->fills = state->collection;        break;
-       case XLSX_COLLECT_BORDERS :     state->borders = state->collection;      break;
-       case XLSX_COLLECT_XFS :         state->xfs = state->collection;          break;
-       case XLSX_COLLECT_STYLE_XFS :   state->style_xfs = state->collection;    break;
-       case XLSX_COLLECT_DXFS :        state->dxfs = state->collection;         break;
-       case XLSX_COLLECT_TABLE_STYLES: state->table_styles = state->collection; break;
+       if (*pcollection == NULL) {
+               *pcollection = g_ptr_array_new ();
+               g_ptr_array_set_size (*pcollection, count);
        }
+
+       state->collection = *pcollection;
 }
 
 static void