[libgsf] Fix fuzzed-file crash.

From: Morten Welinder <mortenw src gnome org>
To: commits-list gnome org
Cc:
Subject: [libgsf] Fix fuzzed-file crash.
Date: Thu, 20 Feb 2020 13:42:41 +0000 (UTC)

commit 7c095d68c383234bee2110e67ad596987c8a1909
Author: Morten Welinder <terra gnome org>
Date:   Thu Feb 20 08:41:36 2020 -0500

    Fix fuzzed-file crash.
    
    See #19.

 ChangeLog              | 7 +++++++
 NEWS                   | 3 +++
 gsf/gsf-infile-msole.c | 2 ++
 thumbnailer/main.c     | 3 +++
 4 files changed, 15 insertions(+)
---
diff --git a/ChangeLog b/ChangeLog
index e44438b..0c3fa26 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2020-02-20  Morten Welinder  <terra gnome org>
+
+       * thumbnailer/main.c (main): Plug leak.
+
+       * gsf/gsf-infile-msole.c (datetime_from_filetime): Propagate NULL
+       datetime.  Fixes #19.
+
 2020-01-28  Morten Welinder  <terra gnome org>
 
        * gsf/gsf-docprop-vector.c: ignore deprecation warnings only very
diff --git a/NEWS b/NEWS
index c634bed..984573d 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ Allin Cottrell:
 Marc-Andr� Lureau:
        * Cleanups.  See merge request 5.
 
+Morten:
+       * Fix fuzzed-file crash.  [#19]
+
 --------------------------------------------------------------------------
 libgsf 1.14.46
 
diff --git a/gsf/gsf-infile-msole.c b/gsf/gsf-infile-msole.c
index 312599d..1e6fd9d 100644
--- a/gsf/gsf-infile-msole.c
+++ b/gsf/gsf-infile-msole.c
@@ -289,6 +289,8 @@ datetime_from_filetime (guint64 ft)
        /* ft is number of 100ns since Jan 1 1601 */
 
        dt = g_date_time_new_from_unix_local (ft / 10000000u - epoch);
+       if (!dt)
+               return NULL;
        res = g_date_time_add (dt, (ft % 10000000u) / 10);
        g_date_time_unref (dt);
 
diff --git a/thumbnailer/main.c b/thumbnailer/main.c
index 4e8121d..99643fd 100644
--- a/thumbnailer/main.c
+++ b/thumbnailer/main.c
@@ -305,11 +305,14 @@ main (int argc, char **argv)
            || option_input_filename == NULL
            || option_output_filename == NULL) {
                g_printerr ("Invalid usage; type \"%s --help\" for instructions.  All the options must be 
used.\n", argv[0]);
+               g_option_context_free (option_ctx);
                exit (EXIT_FAILURE);
        }
 
        gsf_init ();
        read_thumbnail_and_write (option_input_filename, option_output_filename, option_size);
 
+       g_option_context_free (option_ctx);
+
        return 0;
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]