[Libreoffice-commits] core.git: sc/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Sat Apr 10 19:45:53 UTC 2021
sc/source/filter/excel/impop.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 3748fe3e4fc22a400b3120010192b75754e38b17
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Apr 10 19:52:18 2021 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Sat Apr 10 21:45:17 2021 +0200
Related: cid#1474351 Untrusted loop bound
we read 6 bytes per loop but the guard is for 2 bytes available
(which is the correct amount for for the ImportExcel::Mulblank case
but presumably should be 6 for ImportExcel::Mulrk)
Change-Id: Iba9c59c042c6fdd9794107e95c024f1763337186
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113928
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolanm at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sc/source/filter/excel/impop.cxx b/sc/source/filter/excel/impop.cxx
index 91a3605199ad..b461642a13cd 100644
--- a/sc/source/filter/excel/impop.cxx
+++ b/sc/source/filter/excel/impop.cxx
@@ -861,7 +861,7 @@ void ImportExcel::Mulrk()
XclAddress aXclPos;
aIn >> aXclPos;
- for( XclAddress aCurrXclPos( aXclPos ); (aXclPos.mnCol <= aCurrXclPos.mnCol) && (aIn.GetRecLeft() > 2); ++aCurrXclPos.mnCol )
+ for( XclAddress aCurrXclPos( aXclPos ); (aXclPos.mnCol <= aCurrXclPos.mnCol) && (aIn.GetRecLeft() > 6); ++aCurrXclPos.mnCol )
{
sal_uInt16 nXF = aIn.ReaduInt16();
sal_Int32 nRkNum = aIn.ReadInt32();
More information about the Libreoffice-commits
mailing list