[goffice] GOFormat: fuzzed file fix.

[Morten Welinder <mortenw src gnome org>]

commit 43a92edb21e09594453f9b63c5f386a32dec9ed0
Author: Morten Welinder <terra gnome org>
Date:   Sun May 31 18:03:27 2015 -0400

    GOFormat: fuzzed file fix.

 ChangeLog                 |    5 +++++
 NEWS                      |    1 +
 goffice/utils/go-format.c |    9 +++++++++
 3 files changed, 15 insertions(+), 0 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 48f7949..ec6c5ab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-05-31  Morten Welinder  <terra gnome org>
+
+       * goffice/utils/go-format.c (go_format_parse_number_new_1):
+       Prevent ABR.
+
 2015-05-27  Morten Welinder  <terra gnome org>
 
        * goffice/utils/go-style.c (go_style_set_cairo_line): Plug leak.
diff --git a/NEWS b/NEWS
index 8a460d9..e19f5f5 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ Morten:
        * Shield Cairo from image sizes it cannot handle.  [#749274]
        * Plug leak.  [#749395]
        * Portability problem affecting macs.  [#749463]
+       * Fuzzed file fix.  [#750047]
 
 --------------------------------------------------------------------------
 goffice 0.10.22:
diff --git a/goffice/utils/go-format.c b/goffice/utils/go-format.c
index 5d558ad..ef472ed 100644
--- a/goffice/utils/go-format.c
+++ b/goffice/utils/go-format.c
@@ -1960,6 +1960,15 @@ go_format_parse_number_new_1 (GString *prg, GOFormatParseState *pstate,
                }
 #endif
        } else {
+               /*
+                * It's unclear whether this is the correct action, but it
+                * happens for
+                *   "_($* /,##0.00_);_($* (#,##0.00);_($* \"-\"??_);_(@_)"
+                * in bug 750047.
+                */
+               if (tno_numstart == -1)
+                       goto error;
+
                if (scale && !frac_part && E_part != 2)
                        ADD_OP2 (OP_NUM_SCALE, scale);
                ADD_OP2 (OP_NUM_PRINTF_F, decimals);