diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2020-12-22 10:23:22 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2020-12-22 13:57:19 +0100 |
| commit | 901e5e7c9170184e286ea3e46fce406136aa9572 (patch) | |
| tree | cdabd20d3022d5c50cc40515a572728c217ad5f4 /sc | |
| parent | 127bfab61c297df06fd8e71e709bc4362cb89d21 (diff) | |
oss-fuzz: xlsfuzzer doesn't pass sanity check
Step #5: #6 0xc1f57ef in __cxa_throw (/tmp/not-out/xlsfuzzer+0xc1f57ef)
Step #5: #7 0x520a3ea in SvStream::ReadUInt16(unsigned short&) (/tmp/not-out/xlsfuzzer+0x520a3ea)
Step #5: #8 0x7bae80 in XclImpStream::DetectBiffVersion(SvStream&) (/tmp/not-out/xlsfuzzer+0x7bae80)
Step #5: #9 0x53bde9 in ScFormatFilterPluginImpl::ScImportExcel(SfxMedium&, ScDocument*, EXCIMPFORMAT) (/tmp/not-out/xlsfuzzer+0x53bde9)
Change-Id: I5c6aee844c62967fb06142992fa67fbc0f3b3725
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108155
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'sc')
| -rw-r--r-- | sc/source/filter/excel/xistream.cxx | 60 |
1 files changed, 34 insertions, 26 deletions
diff --git a/sc/source/filter/excel/xistream.cxx b/sc/source/filter/excel/xistream.cxx index f9c79325f39f..0736a55d152f 100644 --- a/sc/source/filter/excel/xistream.cxx +++ b/sc/source/filter/excel/xistream.cxx @@ -388,38 +388,46 @@ XclBiff XclImpStream::DetectBiffVersion( SvStream& rStrm ) XclBiff eBiff = EXC_BIFF_UNKNOWN; rStrm.Seek( STREAM_SEEK_TO_BEGIN ); - sal_uInt16 nBofId, nBofSize; - rStrm.ReadUInt16( nBofId ).ReadUInt16( nBofSize ); - - if( (4 <= nBofSize) && (nBofSize <= 16) ) switch( nBofId ) + try { - case EXC_ID2_BOF: - eBiff = EXC_BIFF2; - break; - case EXC_ID3_BOF: - eBiff = EXC_BIFF3; - break; - case EXC_ID4_BOF: - eBiff = EXC_BIFF4; - break; - case EXC_ID5_BOF: + sal_uInt16 nBofId, nBofSize; + rStrm.ReadUInt16( nBofId ).ReadUInt16( nBofSize ); + + if( (4 <= nBofSize) && (nBofSize <= 16) ) switch( nBofId ) { - sal_uInt16 nVersion; - rStrm.ReadUInt16( nVersion ); - // #i23425# #i44031# #i62752# there are some *really* broken documents out there... - switch( nVersion & 0xFF00 ) + case EXC_ID2_BOF: + eBiff = EXC_BIFF2; + break; + case EXC_ID3_BOF: + eBiff = EXC_BIFF3; + break; + case EXC_ID4_BOF: + eBiff = EXC_BIFF4; + break; + case EXC_ID5_BOF: { - case 0: eBiff = EXC_BIFF5; break; // #i44031# #i62752# - case EXC_BOF_BIFF2: eBiff = EXC_BIFF2; break; - case EXC_BOF_BIFF3: eBiff = EXC_BIFF3; break; - case EXC_BOF_BIFF4: eBiff = EXC_BIFF4; break; - case EXC_BOF_BIFF5: eBiff = EXC_BIFF5; break; - case EXC_BOF_BIFF8: eBiff = EXC_BIFF8; break; - default: SAL_WARN("sc", "XclImpStream::DetectBiffVersion - unknown BIFF version: 0x" << std::hex << nVersion ); + sal_uInt16 nVersion; + rStrm.ReadUInt16( nVersion ); + // #i23425# #i44031# #i62752# there are some *really* broken documents out there... + switch( nVersion & 0xFF00 ) + { + case 0: eBiff = EXC_BIFF5; break; // #i44031# #i62752# + case EXC_BOF_BIFF2: eBiff = EXC_BIFF2; break; + case EXC_BOF_BIFF3: eBiff = EXC_BIFF3; break; + case EXC_BOF_BIFF4: eBiff = EXC_BIFF4; break; + case EXC_BOF_BIFF5: eBiff = EXC_BIFF5; break; + case EXC_BOF_BIFF8: eBiff = EXC_BIFF8; break; + default: SAL_WARN("sc", "XclImpStream::DetectBiffVersion - unknown BIFF version: 0x" << std::hex << nVersion ); + } } + break; } - break; } + catch (const SvStreamEOFException&) + { + SAL_WARN("sc", "EOF"); + } + return eBiff; } |