tdf#84834 sc: stricter type detection for dBASE files

The detection is rather sloppy, the bugdoc gets erroneously detected as
dBASE because it starts with '0', has a not-too-large header size at offset 4,
and a '\r' at a 32-byte alignment towards the start of the the not-too-large
header.

Add a plausibility check for the number of records in the file, which
helps for this bugdoc.

Change-Id: I466dfae18aa32fd62b79b9f524f22bea719721be

1 files changed, 23 insertions, 0 deletions

diff --git a/sc/source/ui/unoobj/scdetect.cxx b/sc/source/ui/unoobj/scdetect.cxx
index 3bd8ffc60ced..bb2c407c3f9a 100644
--- a/sc/source/ui/unoobj/scdetect.cxx
+++ b/sc/source/ui/unoobj/scdetect.cxx
@@ -219,14 +219,37 @@ static bool lcl_MayBeDBase( SvStream& rStream )
     if ( nSize < nEmptyDbf )
         return false;
 
+    // count of records at 4
+    rStream.Seek(4);
+    sal_uInt32 nRecords(0);
+    rStream.ReadUInt32(nRecords);
+
     // length of header starts at 8
     rStream.Seek(8);
     sal_uInt16 nHeaderLen;
     rStream.ReadUInt16( nHeaderLen );
 
+    // size of record at 10
+    sal_uInt16 nRecordSize(0);
+    rStream.ReadUInt16(nRecordSize);
+
     if ( nHeaderLen < nEmptyDbf || nSize < nHeaderLen )
         return false;
 
+    // see DTable.cxx ODbaseTable::readHeader()
+    if (0 == nRecordSize)
+        return false;
+
+    // see DTable.cxx ODbaseTable::construct() line 546
+    if (0 == nRecords)
+    {
+        nRecords = (nSize - nHeaderLen) / nRecordSize;
+    }
+
+    // tdf#84834 sanity check of size
+    if (0 == nRecords || nSize < nHeaderLen + nRecords * sal_uInt64(nRecordSize))
+        return false;
+
     // Last byte of header must be 0x0d, this is how it's specified.
     // #i9581#,#i26407# but some applications don't follow the specification
     // and pad the header with one byte 0x00 to reach an