[Libreoffice-commits] core.git: Branch 'libreoffice-5-2' - sc/source

[Michael Stahl]

 sc/source/ui/unoobj/scdetect.cxx |   23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

New commits:
commit eb7364fffe39c1aecddcab6b9cf238475fa2013c
Author: Michael Stahl <mstahl at redhat.com>
Date:   Fri Jun 24 18:24:24 2016 +0200

    tdf#84834 sc: stricter type detection for dBASE files
    
    The detection is rather sloppy, the bugdoc gets erroneously detected as
    dBASE because it starts with '0', has a not-too-large header size at offset 4,
    and a '\r' at a 32-byte alignment towards the start of the the not-too-large
    header.
    
    Add a plausibility check for the number of records in the file, which
    helps for this bugdoc.
    
    Change-Id: I466dfae18aa32fd62b79b9f524f22bea719721be
    (cherry picked from commit 4e3ff19b33c84557fd20e68960499933b4e52638)
    Reviewed-on: https://gerrit.libreoffice.org/26644
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sc/source/ui/unoobj/scdetect.cxx b/sc/source/ui/unoobj/scdetect.cxx
index 3bd8ffc..bb2c407 100644
--- a/sc/source/ui/unoobj/scdetect.cxx
+++ b/sc/source/ui/unoobj/scdetect.cxx
@@ -219,14 +219,37 @@ static bool lcl_MayBeDBase( SvStream& rStream )
     if ( nSize < nEmptyDbf )
         return false;
 
+    // count of records at 4
+    rStream.Seek(4);
+    sal_uInt32 nRecords(0);
+    rStream.ReadUInt32(nRecords);
+
     // length of header starts at 8
     rStream.Seek(8);
     sal_uInt16 nHeaderLen;
     rStream.ReadUInt16( nHeaderLen );
 
+    // size of record at 10
+    sal_uInt16 nRecordSize(0);
+    rStream.ReadUInt16(nRecordSize);
+
     if ( nHeaderLen < nEmptyDbf || nSize < nHeaderLen )
         return false;
 
+    // see DTable.cxx ODbaseTable::readHeader()
+    if (0 == nRecordSize)
+        return false;
+
+    // see DTable.cxx ODbaseTable::construct() line 546
+    if (0 == nRecords)
+    {
+        nRecords = (nSize - nHeaderLen) / nRecordSize;
+    }
+
+    // tdf#84834 sanity check of size
+    if (0 == nRecords || nSize < nHeaderLen + nRecords * sal_uInt64(nRecordSize))
+        return false;
+
     // Last byte of header must be 0x0d, this is how it's specified.
     // #i9581#,#i26407# but some applications don't follow the specification
     // and pad the header with one byte 0x00 to reach an