[gnumeric] xml: fuzzed file fix.
- From: Morten Welinder <mortenw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnumeric] xml: fuzzed file fix.
- Date: Fri, 29 Jan 2016 16:10:14 +0000 (UTC)
commit fd83a02d0fa3b8f906908c18d16750a65352b869
Author: Morten Welinder <terra gnome org>
Date: Fri Jan 29 11:09:56 2016 -0500
xml: fuzzed file fix.
ChangeLog | 9 ++++++++-
NEWS | 1 +
src/sheet-filter.c | 11 ++++++++---
src/xml-sax-read.c | 3 ++-
4 files changed, 19 insertions(+), 5 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index af2e1d9..0d21930 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
+2016-01-29 Morten Welinder <terra gnome org>
+
+ * src/sheet-filter.c (gnm_filter_condition_new_single)
+ (gnm_filter_condition_new_double): Plug leak on error.
+ (gnm_filter_op_needs_value): Handle GNM_FILTER_UNUSED.
+
2016-01-28 Jean Brefort <jean brefort normalesup org>
- * src/graph.c (gnm_go_data_vector_get_str): fix for a range value. [#761048]
+ * src/graph.c (gnm_go_data_vector_get_str): fix for a range
+ value. [#761048]
2016-01-27 Morten Welinder <terra gnome org>
diff --git a/NEWS b/NEWS
index 48eed4e..dc8e17a 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ Morten:
* Fuzzed file fixes. [#760046] [#760085] [#760087] [#760089]
[#760043] [#760103] [#760102] [#760101] [#760105] [#760106]
[#760104] [#760229] [#760231] [#760232] [#760544] [#760545]
+ [#761295]
* Fix R.DBINOM extreme-value case. [#760230]
* New function AGM.
* Fix canvas problem leaving grab in place. [#760639]
diff --git a/src/sheet-filter.c b/src/sheet-filter.c
index bd25e5b..4360920 100644
--- a/src/sheet-filter.c
+++ b/src/sheet-filter.c
@@ -47,6 +47,8 @@
static gboolean
gnm_filter_op_needs_value (GnmFilterOp op)
{
+ g_return_val_if_fail (op != GNM_FILTER_UNUSED, FALSE);
+
switch (op & GNM_FILTER_OP_TYPE_MASK) {
case GNM_FILTER_OP_TYPE_OP:
case GNM_FILTER_OP_TYPE_BUCKETS:
@@ -75,7 +77,8 @@ gnm_filter_condition_new_single (GnmFilterOp op, GnmValue *v)
{
GnmFilterCondition *res;
- g_return_val_if_fail ((v != NULL) == gnm_filter_op_needs_value (op), NULL);
+ g_return_val_if_fail ((v != NULL) == gnm_filter_op_needs_value (op),
+ (value_release (v), NULL));
res = g_new0 (GnmFilterCondition, 1);
res->op[0] = op; res->op[1] = GNM_FILTER_UNUSED;
@@ -101,8 +104,10 @@ gnm_filter_condition_new_double (GnmFilterOp op0, GnmValue *v0,
{
GnmFilterCondition *res;
- g_return_val_if_fail ((v0 != NULL) == gnm_filter_op_needs_value (op0), NULL);
- g_return_val_if_fail ((v1 != NULL) == gnm_filter_op_needs_value (op1), NULL);
+ g_return_val_if_fail ((v0 != NULL) == gnm_filter_op_needs_value (op0),
+ (value_release (v0), value_release (v1), NULL));
+ g_return_val_if_fail ((v1 != NULL) == gnm_filter_op_needs_value (op1),
+ (value_release (v0), value_release (v1), NULL));
res = g_new0 (GnmFilterCondition, 1);
res->op[0] = op0; res->op[1] = op1;
diff --git a/src/xml-sax-read.c b/src/xml-sax-read.c
index a7c57bf..4e4d1a8 100644
--- a/src/xml-sax-read.c
+++ b/src/xml-sax-read.c
@@ -2307,7 +2307,7 @@ xml_sax_filter_condition (GsfXMLIn *xin, xmlChar const **attrs)
if (NULL == state->filter) return;
- for (i = 0; attrs != NULL && attrs[i] && attrs[i + 1] ; i += 2)
+ for (i = 0; attrs != NULL && attrs[i] && attrs[i + 1] ; i += 2) {
if (attr_eq (attrs[i], "Type")) type = CXML2C (attrs[i + 1]);
else if (gnm_xml_attr_int (attrs+i, "Index", &cond_num)) ;
else if (gnm_xml_attr_bool (attrs, "Top", &top)) ;
@@ -2326,6 +2326,7 @@ xml_sax_filter_condition (GsfXMLIn *xin, xmlChar const **attrs)
else if (attr_eq (attrs[i], "ValueType1")) val1 = CXML2C (attrs[i + 1]);
else if (gnm_xml_attr_int (attrs+i, "Value0", &tmp)) vtype0 = tmp;
else if (gnm_xml_attr_int (attrs+i, "Value1", &tmp)) vtype1 = tmp;
+ }
if (NULL == type) {
go_io_warning (state->context, _("Missing filter type"));
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
