[Libreoffice-commits] core.git: sc/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Tue Dec 22 12:58:13 UTC 2020


 sc/source/filter/excel/xistream.cxx |   60 ++++++++++++++++++++----------------
 1 file changed, 34 insertions(+), 26 deletions(-)

New commits:
commit 901e5e7c9170184e286ea3e46fce406136aa9572
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Dec 22 10:23:22 2020 +0000
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Dec 22 13:57:19 2020 +0100

    oss-fuzz: xlsfuzzer doesn't pass sanity check
    
    Step #5:     #6 0xc1f57ef in __cxa_throw (/tmp/not-out/xlsfuzzer+0xc1f57ef)
    Step #5:     #7 0x520a3ea in SvStream::ReadUInt16(unsigned short&) (/tmp/not-out/xlsfuzzer+0x520a3ea)
    Step #5:     #8 0x7bae80 in XclImpStream::DetectBiffVersion(SvStream&) (/tmp/not-out/xlsfuzzer+0x7bae80)
    Step #5:     #9 0x53bde9 in ScFormatFilterPluginImpl::ScImportExcel(SfxMedium&, ScDocument*, EXCIMPFORMAT) (/tmp/not-out/xlsfuzzer+0x53bde9)
    
    Change-Id: I5c6aee844c62967fb06142992fa67fbc0f3b3725
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108155
    Tested-by: Caolán McNamara <caolanm at redhat.com>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sc/source/filter/excel/xistream.cxx b/sc/source/filter/excel/xistream.cxx
index f9c79325f39f..0736a55d152f 100644
--- a/sc/source/filter/excel/xistream.cxx
+++ b/sc/source/filter/excel/xistream.cxx
@@ -388,38 +388,46 @@ XclBiff XclImpStream::DetectBiffVersion( SvStream& rStrm )
     XclBiff eBiff = EXC_BIFF_UNKNOWN;
 
     rStrm.Seek( STREAM_SEEK_TO_BEGIN );
-    sal_uInt16 nBofId, nBofSize;
-    rStrm.ReadUInt16( nBofId ).ReadUInt16( nBofSize );
-
-    if( (4 <= nBofSize) && (nBofSize <= 16) ) switch( nBofId )
+    try
     {
-        case EXC_ID2_BOF:
-            eBiff = EXC_BIFF2;
-        break;
-        case EXC_ID3_BOF:
-            eBiff = EXC_BIFF3;
-        break;
-        case EXC_ID4_BOF:
-            eBiff = EXC_BIFF4;
-        break;
-        case EXC_ID5_BOF:
+        sal_uInt16 nBofId, nBofSize;
+        rStrm.ReadUInt16( nBofId ).ReadUInt16( nBofSize );
+
+        if( (4 <= nBofSize) && (nBofSize <= 16) ) switch( nBofId )
         {
-            sal_uInt16 nVersion;
-            rStrm.ReadUInt16( nVersion );
-            // #i23425# #i44031# #i62752# there are some *really* broken documents out there...
-            switch( nVersion & 0xFF00 )
+            case EXC_ID2_BOF:
+                eBiff = EXC_BIFF2;
+            break;
+            case EXC_ID3_BOF:
+                eBiff = EXC_BIFF3;
+            break;
+            case EXC_ID4_BOF:
+                eBiff = EXC_BIFF4;
+            break;
+            case EXC_ID5_BOF:
             {
-                case 0:             eBiff = EXC_BIFF5;  break;  // #i44031# #i62752#
-                case EXC_BOF_BIFF2: eBiff = EXC_BIFF2;  break;
-                case EXC_BOF_BIFF3: eBiff = EXC_BIFF3;  break;
-                case EXC_BOF_BIFF4: eBiff = EXC_BIFF4;  break;
-                case EXC_BOF_BIFF5: eBiff = EXC_BIFF5;  break;
-                case EXC_BOF_BIFF8: eBiff = EXC_BIFF8;  break;
-                default:    SAL_WARN("sc",  "XclImpStream::DetectBiffVersion - unknown BIFF version: 0x" << std::hex << nVersion );
+                sal_uInt16 nVersion;
+                rStrm.ReadUInt16( nVersion );
+                // #i23425# #i44031# #i62752# there are some *really* broken documents out there...
+                switch( nVersion & 0xFF00 )
+                {
+                    case 0:             eBiff = EXC_BIFF5;  break;  // #i44031# #i62752#
+                    case EXC_BOF_BIFF2: eBiff = EXC_BIFF2;  break;
+                    case EXC_BOF_BIFF3: eBiff = EXC_BIFF3;  break;
+                    case EXC_BOF_BIFF4: eBiff = EXC_BIFF4;  break;
+                    case EXC_BOF_BIFF5: eBiff = EXC_BIFF5;  break;
+                    case EXC_BOF_BIFF8: eBiff = EXC_BIFF8;  break;
+                    default:    SAL_WARN("sc",  "XclImpStream::DetectBiffVersion - unknown BIFF version: 0x" << std::hex << nVersion );
+                }
             }
+            break;
         }
-        break;
     }
+    catch (const SvStreamEOFException&)
+    {
+        SAL_WARN("sc", "EOF");
+    }
+
     return eBiff;
 }
 


More information about the Libreoffice-commits mailing list