diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2014-09-11 15:52:41 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2014-09-11 17:25:43 +0100 |
| commit | e46e041c9050a2a7c3223236100ce49a65f7e5d0 (patch) | |
| tree | 6d94ad201da100100c43a898930e73a7f9a17bb3 | |
| parent | e7fb96a1c93f57b1ffc6c0bd2af578d6a3e4f78b (diff) | |
reject invalid dbase files with 0 len db_slng right at the start
Change-Id: If4aa5249391ea2d2e475fa3ebaccf4e9fc7442de
| -rw-r--r-- | connectivity/source/drivers/dbase/DTable.cxx | 15 | ||||
| -rw-r--r-- | connectivity/source/inc/dbase/DTable.hxx | 2 | ||||
| -rw-r--r-- | sc/qa/unit/data/wks/fail/sf_8acee7303920116c1f58c9d0e669855f-7551-minimized.wks | bin | 0 -> 2956 bytes |
3 files changed, 11 insertions, 6 deletions
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx index 845d037f343a..54b540799b86 100644 --- a/connectivity/source/drivers/dbase/DTable.cxx +++ b/connectivity/source/drivers/dbase/DTable.cxx @@ -214,6 +214,8 @@ void ODbaseTable::readHeader() (*m_pFileStream).ReadUInt16( m_aHeader.db_slng ); if(ERRCODE_NONE != m_pFileStream->GetErrorCode()) throwInvalidDbaseFormat(); + if (m_aHeader.db_slng == 0) + throwInvalidDbaseFormat(); m_pFileStream->Read((char*)(&m_aHeader.db_frei), 20*sizeof(sal_uInt8)); if(ERRCODE_NONE != m_pFileStream->GetErrorCode()) throwInvalidDbaseFormat(); @@ -1497,9 +1499,9 @@ bool ODbaseTable::DropImpl() bool ODbaseTable::InsertRow(OValueRefVector& rRow, bool bFlush, const Reference<XIndexAccess>& _xCols) { // fill buffer with blanks - AllocBuffer(); - if (!m_pBuffer) + if (!AllocBuffer()) return false; + memset(m_pBuffer, 0, m_aHeader.db_slng); m_pBuffer[0] = ' '; @@ -1556,7 +1558,8 @@ bool ODbaseTable::InsertRow(OValueRefVector& rRow, bool bFlush, const Reference< bool ODbaseTable::UpdateRow(OValueRefVector& rRow, OValueRefRow& pOrgRow, const Reference<XIndexAccess>& _xCols) { // fill buffer with blanks - AllocBuffer(); + if (!AllocBuffer()) + return false; // position on desired record: sal_Size nPos = m_aHeader.db_kopf + (long)(m_nFilePos-1) * m_aHeader.db_slng; @@ -2743,10 +2746,10 @@ bool ODbaseTable::ReadMemo(sal_Size nBlockNo, ORowSetValue& aVariable) return true; } -void ODbaseTable::AllocBuffer() +bool ODbaseTable::AllocBuffer() { sal_uInt16 nSize = m_aHeader.db_slng; - OSL_ENSURE(nSize > 0, "Size too small"); + SAL_WARN_IF(nSize == 0, "connectivity.drivers", "Size too small"); if (m_nBufferSize != nSize) { @@ -2760,6 +2763,8 @@ void ODbaseTable::AllocBuffer() m_nBufferSize = nSize; m_pBuffer = new sal_uInt8[m_nBufferSize+1]; } + + return m_pBuffer != NULL; } bool ODbaseTable::WriteBuffer() diff --git a/connectivity/source/inc/dbase/DTable.hxx b/connectivity/source/inc/dbase/DTable.hxx index 4f2635e2a82c..915503d0cca0 100644 --- a/connectivity/source/inc/dbase/DTable.hxx +++ b/connectivity/source/inc/dbase/DTable.hxx @@ -112,7 +112,7 @@ namespace connectivity bool WriteBuffer(); bool UpdateBuffer(OValueRefVector& rRow, OValueRefRow pOrgRow,const ::com::sun::star::uno::Reference< ::com::sun::star::container::XIndexAccess>& _xCols, bool bForceAllFields); ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySet> isUniqueByColumnName(sal_Int32 _nColumnPos); - void AllocBuffer(); + bool AllocBuffer(); void throwInvalidDbaseFormat(); void SAL_CALL renameImpl( const OUString& newName ) throw(::com::sun::star::sdbc::SQLException, ::com::sun::star::container::ElementExistException, ::com::sun::star::uno::RuntimeException); diff --git a/sc/qa/unit/data/wks/fail/sf_8acee7303920116c1f58c9d0e669855f-7551-minimized.wks b/sc/qa/unit/data/wks/fail/sf_8acee7303920116c1f58c9d0e669855f-7551-minimized.wks Binary files differnew file mode 100644 index 000000000000..d72176d9123d --- /dev/null +++ b/sc/qa/unit/data/wks/fail/sf_8acee7303920116c1f58c9d0e669855f-7551-minimized.wks |