[Libreoffice-commits] core.git: Branch 'libreoffice-7-2' - connectivity/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Fri Sep 24 09:19:29 UTC 2021
connectivity/source/drivers/dbase/DTable.cxx | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
New commits:
commit e09f85ef08cd315bd5509ae4d47e82f81ac2a8c0
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Sep 23 20:07:21 2021 +0100
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Fri Sep 24 11:18:51 2021 +0200
check if headersize is greater than available data
Change-Id: I5d78da49436c7dfbe7cfb50e52549b61abc00ee9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122444
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx
index 0872ff07e181..34ea6dfe163c 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -500,10 +500,20 @@ void ODbaseTable::construct()
m_pFileStream = createStream_simpleError( sFileName, StreamMode::READ | StreamMode::NOCREATE | StreamMode::SHARE_DENYNONE);
}
- if(!m_pFileStream)
+ if (!m_pFileStream)
return;
readHeader();
+
+ std::size_t nFileSize = lcl_getFileSize(*m_pFileStream);
+
+ if (m_aHeader.headerLength > nFileSize)
+ {
+ SAL_WARN("connectivity.drivers", "Parsing error: " << nFileSize <<
+ " max possible size, but " << m_aHeader.headerLength << " claimed, abandoning");
+ return;
+ }
+
if (HasMemoFields())
{
// Create Memo-Filename (.DBT):
@@ -525,9 +535,9 @@ void ODbaseTable::construct()
if (m_pMemoStream)
ReadMemoHeader();
}
+
fillColumns();
- std::size_t nFileSize = lcl_getFileSize(*m_pFileStream);
m_pFileStream->Seek(STREAM_SEEK_TO_BEGIN);
// seems to be empty or someone wrote bullshit into the dbase file
// try and recover if m_aHeader.db_slng is sane
More information about the Libreoffice-commits
mailing list