summaryrefslogtreecommitdiff
path: root/connectivity/source
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2021-09-23 20:07:21 +0100
committerCaolán McNamara <caolanm@redhat.com>2021-09-23 21:58:58 +0200
commit1516711eb7861a08cc9fd19ec867360737a6d070 (patch)
tree61dfa56e1d95c5f902d29c44665b7a1bbf11a251 /connectivity/source
parentebe57117c470a87a6b4201537616bd1379257c02 (diff)
check if headersize is greater than available data
Change-Id: I5d78da49436c7dfbe7cfb50e52549b61abc00ee9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122542 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'connectivity/source')
-rw-r--r--connectivity/source/drivers/dbase/DTable.cxx14
1 files changed, 12 insertions, 2 deletions
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx
index 51ad6110ec44..5259a4721fc3 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -495,10 +495,20 @@ void ODbaseTable::construct()
m_pFileStream = createStream_simpleError( sFileName, StreamMode::READ | StreamMode::NOCREATE | StreamMode::SHARE_DENYNONE);
}
- if(!m_pFileStream)
+ if (!m_pFileStream)
return;
readHeader();
+
+ std::size_t nFileSize = lcl_getFileSize(*m_pFileStream);
+
+ if (m_aHeader.headerLength > nFileSize)
+ {
+ SAL_WARN("connectivity.drivers", "Parsing error: " << nFileSize <<
+ " max possible size, but " << m_aHeader.headerLength << " claimed, abandoning");
+ return;
+ }
+
if (HasMemoFields())
{
// Create Memo-Filename (.DBT):
@@ -520,9 +530,9 @@ void ODbaseTable::construct()
if (m_pMemoStream)
ReadMemoHeader();
}
+
fillColumns();
- std::size_t nFileSize = lcl_getFileSize(*m_pFileStream);
m_pFileStream->Seek(STREAM_SEEK_TO_BEGIN);
// seems to be empty or someone wrote bullshit into the dbase file
// try and recover if m_aHeader.db_slng is sane
generated by cgit (git 2.34.1) at 2024-07-05 10:58:21 +0000