Commit a878cb00 authored by Morten Welinder's avatar Morten Welinder

xls: fix fuzzed file issue.

parent d4783c9a
......@@ -14,7 +14,7 @@ Morten:
* Avoid some overflows in IMGAMMA.
* Fix tabulation truncation issue.
* Fix ABR. [#720353]
* Fix fuzzed file crashes. [#720425] [#720426]
* Fix fuzzed file crashes. [#720425] [#720426] [#720358]
--------------------------------------------------------------------------
Gnumeric 1.12.9
......
2013-12-21 Morten Welinder <terra@gnome.org>
* ms-obj.c (read_pre_biff8_read_name_and_fmla): Fix and improve
length check. Fixes #720358.
2013-12-13 Morten Welinder <terra@gnome.org>
* ms-excel-read.c (excel_read_WINDOW2): Don't crash of truncated
......
......@@ -635,9 +635,10 @@ read_pre_biff8_read_name_and_fmla (BiffQuery *q, MSContainer *c, MSObj *obj,
guint8 const *data;
gboolean fmla_len;
XL_CHECK_CONDITION_VAL (q->length >= offset, NULL);
XL_CHECK_CONDITION_VAL (q->length >= offset + 2, NULL);
data = q->data + offset;
fmla_len = GSF_LE_GET_GUINT16 (q->data+26);
XL_CHECK_CONDITION_VAL (q->length >= offset + 2 + fmla_len, NULL);
if (has_name) {
guint8 const *last = q->data + q->length;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment