[Libreoffice-commits] core.git: Branch 'libreoffice-7-2' - connectivity/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Fri Sep 24 09:11:45 UTC 2021
connectivity/source/drivers/dbase/DTable.cxx | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
New commits:
commit 28a9bc70536a1319235f868c5f942f73cd5e6b21
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Sep 23 17:14:49 2021 +0100
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Fri Sep 24 11:11:11 2021 +0200
check claimed number of records against max possible with available data
Change-Id: I50d9354da00137c64c83970eb66792b37d7e545a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122443
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx
index 5b1ea452f61a..0872ff07e181 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -273,7 +273,11 @@ void ODbaseTable::readHeader()
void ODbaseTable::fillColumns()
{
m_pFileStream->Seek(STREAM_SEEK_TO_BEGIN);
- m_pFileStream->Seek(32);
+ if (!checkSeek(*m_pFileStream, 32))
+ {
+ SAL_WARN("connectivity.drivers", "ODbaseTable::fillColumns: bad offset!");
+ return;
+ }
if(!m_aColumns.is())
m_aColumns = new OSQLColumns();
@@ -285,8 +289,21 @@ void ODbaseTable::fillColumns()
m_aScales.clear();
// Number of fields:
- const sal_Int32 nFieldCount = (m_aHeader.headerLength - 1) / 32 - 1;
- OSL_ENSURE(nFieldCount,"No columns in table!");
+ sal_Int32 nFieldCount = (m_aHeader.headerLength - 1) / 32 - 1;
+ if (nFieldCount <= 0)
+ {
+ SAL_WARN("connectivity.drivers", "No columns in table!");
+ return;
+ }
+
+ auto nRemainingsize = m_pFileStream->remainingSize();
+ auto nMaxPossibleRecords = nRemainingsize / 32;
+ if (o3tl::make_unsigned(nFieldCount) > nMaxPossibleRecords)
+ {
+ SAL_WARN("connectivity.drivers", "Parsing error: " << nMaxPossibleRecords <<
+ " max possible entries, but " << nFieldCount << " claimed, truncating");
+ nFieldCount = nMaxPossibleRecords;
+ }
m_aColumns->reserve(nFieldCount);
m_aTypes.reserve(nFieldCount);
More information about the Libreoffice-commits
mailing list