[gnumeric] xls: fuzzed file fix re shared formulae.
- From: Morten Welinder <mortenw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnumeric] xls: fuzzed file fix re shared formulae.
- Date: Sun, 3 Jan 2016 00:19:06 +0000 (UTC)
commit ad3c973c436f51324ee89d9a7fa063f30a4043f0
Author: Morten Welinder <terra gnome org>
Date: Sat Jan 2 19:18:50 2016 -0500
xls: fuzzed file fix re shared formulae.
NEWS | 1 +
plugins/excel/ChangeLog | 3 +++
plugins/excel/ms-excel-read.c | 1 +
plugins/excel/ms-excel-read.h | 1 +
plugins/excel/ms-formula-read.c | 10 +++++++++-
5 files changed, 15 insertions(+), 1 deletions(-)
---
diff --git a/NEWS b/NEWS
index 5a9fdc7..0201481 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,7 @@ Morten:
* Teach ssconvert to split sheets into separate .txt files [#694408]
* Improve test suite.
* Fuzzed file fixes. [#760046] [#760085] [#760087] [#760089]
+ [#760043]
--------------------------------------------------------------------------
Gnumeric 1.12.26
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index f707409..557c74d 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,5 +1,8 @@
2016-01-02 Morten Welinder <terra gnome org>
+ * ms-formula-read.c (excel_parse_formula1): Check for recursive
+ shared formulae. Fixes #760043.
+
* ms-biff.c (ms_biff_query_next): Don't handle CONTINUE records
for BOUNDSHEET. Fixes #760089.
diff --git a/plugins/excel/ms-excel-read.c b/plugins/excel/ms-excel-read.c
index 12396dc..84e7b21 100644
--- a/plugins/excel/ms-excel-read.c
+++ b/plugins/excel/ms-excel-read.c
@@ -2860,6 +2860,7 @@ excel_formula_shared (BiffQuery *q, ExcelReadSheet *esheet, GnmCell *cell)
sf->data = data_len > 0 ? g_memdup (data, data_len + array_data_len) : NULL;
sf->data_len = data_len;
sf->array_data_len = array_data_len;
+ sf->being_parsed = FALSE;
d (1, g_printerr ("Shared formula, extent %s\n", range_as_string (&r)););
diff --git a/plugins/excel/ms-excel-read.h b/plugins/excel/ms-excel-read.h
index 0795485..76bb33f 100644
--- a/plugins/excel/ms-excel-read.h
+++ b/plugins/excel/ms-excel-read.h
@@ -57,6 +57,7 @@ typedef struct {
guint8 *data;
guint32 data_len, array_data_len;
gboolean is_array;
+ gboolean being_parsed;
} XLSharedFormula;
typedef struct {
diff --git a/plugins/excel/ms-formula-read.c b/plugins/excel/ms-formula-read.c
index f9112f0..18232f1 100644
--- a/plugins/excel/ms-formula-read.c
+++ b/plugins/excel/ms-formula-read.c
@@ -1081,6 +1081,13 @@ excel_parse_formula1 (MSContainer const *container,
return NULL;
}
+ if (sf->being_parsed) {
+ g_warning ("Recursive shared formula, key = %s\n",
+ cellpos_as_string (&top_left));
+ parse_list_free (&stack);
+ return NULL;
+ }
+
if (sf->is_array) {
if (array_element != NULL)
*array_element = TRUE;
@@ -1092,10 +1099,11 @@ excel_parse_formula1 (MSContainer const *container,
}
d (0, g_printerr ("Parse shared formula\n"););
+ sf->being_parsed = TRUE;
expr = excel_parse_formula1 (container, esheet, fn_col, fn_row,
sf->data, sf->data_len, sf->array_data_len,
TRUE, array_element);
-
+ sf->being_parsed = FALSE;
parse_list_push (&stack, expr);
ptg_length = length; /* Force it to be the only token */
break;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
