Commit 9cbad3ce authored by Morten Welinder's avatar Morten Welinder

xls: fix fuzzed pivot reading.

parent 0cbd7a35
2015-05-11 Morten Welinder <terra@gnome.org>
* src/go-data-cache.c (go_data_cache_set_val): Use memcpy for
inline values.
* src/cell.c (gnm_cell_set_array): Improve preconditions.
2015-05-09 Morten Welinder <terra@gnome.org>
......
......@@ -16,7 +16,7 @@ Morten:
* Plug leaks.
* Fuzzed file fixes. [#748595] [#748597] [#749031] [#749030]
[#749069] [#748533] [#749118] [#749166] [#749181] [#749184]
[#749236] [#749240]
[#749236] [#749240] [#749234]
* Make solver check linearity of model.
* Fix xls saving of marker style. [#749185]
......
2015-05-11 Morten Welinder <terra@gnome.org>
* xls-read-pivot.c (xls_read_pivot_cache_values): Set the right
size on error.
2015-05-10 Morten Welinder <terra@gnome.org>
* ms-excel-read.c (excel_read_CONDFMT): Plug leaks.
......
......@@ -177,17 +177,17 @@ xls_read_pivot_cache_values (XLSReadPivot *s, BiffQuery *q, unsigned int n, cons
{
/* TODO : go_val_array_sized_new */
GPtrArray *res = g_ptr_array_sized_new (n);
GnmValue *v;
unsigned int i;
d (1, g_printerr ("/* %u %s items */ ;\n", n, type););
for (i = 0 ; i < n ; i++) {
if (NULL == (v = xls_read_pivot_cache_value (s, q))) {
/* TODO : go_val_array_set_size */
g_ptr_array_set_size (res, i);
GnmValue *v = xls_read_pivot_cache_value (s, q);
if (!v) {
/* TODO : go_val_array_set_size */
g_ptr_array_set_size (res, n);
return res;
}
/* TODO : go_val_array_add */
/* TODO : go_val_array_add */
g_ptr_array_add (res, v);
}
return res;
......
......@@ -100,18 +100,18 @@ static void
go_data_cache_finalize (GObject *obj)
{
GODataCache *cache = (GODataCache *)obj;
unsigned int i, j;
unsigned i;
if (NULL != cache->records) {
GODataCacheField const *f;
gpointer p;
for (i = cache->fields->len ; i-- > 0 ; ) {
f = g_ptr_array_index (cache->fields, i);
GODataCacheField const *f = g_ptr_array_index (cache->fields, i);
if (GO_DATA_CACHE_FIELD_TYPE_INLINE == f->ref_type) {
unsigned j;
for (j = cache->records_len ; j-- > 0 ; ) {
p = go_data_cache_records_index (cache, j) + f->offset;
go_val_free (*((GOVal **)p));
GOVal *v;
gpointer p = go_data_cache_records_index (cache, j) + f->offset;
memcpy (&v, p, sizeof (v));
go_val_free (v);
}
}
}
......@@ -338,7 +338,9 @@ go_data_cache_set_val (GODataCache *cache,
f->indx, f->name->str);
return;
case GO_DATA_CACHE_FIELD_TYPE_INLINE : *((GOVal **)p) = v; return;
case GO_DATA_CACHE_FIELD_TYPE_INLINE:
memcpy (p, &v, sizeof (v));
return;
case GO_DATA_CACHE_FIELD_TYPE_INDEXED_I8 : *((guint8 *)p) = 0; break;
case GO_DATA_CACHE_FIELD_TYPE_INDEXED_I16 : *((guint16 *)p) = 0; break;
......@@ -378,7 +380,11 @@ go_data_cache_set_index (GODataCache *cache,
g_warning ("attempt to get value from grouped/calculated field #%d : '%s'",
f->indx, f->name->str);
return;
case GO_DATA_CACHE_FIELD_TYPE_INLINE : *((GOVal **)p) = go_val_new_empty (); break;
case GO_DATA_CACHE_FIELD_TYPE_INLINE: {
GOVal *v = go_val_new_empty ();
memcpy (p, &v, sizeof (v));
break;
}
case GO_DATA_CACHE_FIELD_TYPE_INDEXED_I8 : *((guint8 *)p) = idx+1; break;
case GO_DATA_CACHE_FIELD_TYPE_INDEXED_I16 : *((guint16 *)p) = idx+1; break;
case GO_DATA_CACHE_FIELD_TYPE_INDEXED_I32 : *((guint32 *)p) = idx+1; break;
......@@ -556,10 +562,10 @@ go_data_cache_dump (GODataCache *cache,
p = go_data_cache_records_index (cache, i) + base->offset;
index_val = TRUE;
switch (base->ref_type) {
case GO_DATA_CACHE_FIELD_TYPE_NONE :
case GO_DATA_CACHE_FIELD_TYPE_NONE:
continue;
case GO_DATA_CACHE_FIELD_TYPE_INLINE :
v = *((GOVal **)p);
case GO_DATA_CACHE_FIELD_TYPE_INLINE:
memcpy (&v, p, sizeof (v));
index_val = FALSE;
break;
case GO_DATA_CACHE_FIELD_TYPE_INDEXED_I8 : idx = *(guint8 *)p; break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment