From 358ca9eaa3d85236047a7a2781e38f57209c2858 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Wed, 30 Sep 2015 17:01:23 +0100 Subject: don't believe xls wrt size to reserve Change-Id: Id9864f199e270d13d801348b12f1e94dd80558c7 --- sc/qa/unit/data/xls/pass/crash-1.xls | Bin 0 -> 4096 bytes sc/source/filter/excel/xicontent.cxx | 11 ++++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 sc/qa/unit/data/xls/pass/crash-1.xls diff --git a/sc/qa/unit/data/xls/pass/crash-1.xls b/sc/qa/unit/data/xls/pass/crash-1.xls new file mode 100644 index 000000000000..724bfc1a6f14 Binary files /dev/null and b/sc/qa/unit/data/xls/pass/crash-1.xls differ diff --git a/sc/source/filter/excel/xicontent.cxx b/sc/source/filter/excel/xicontent.cxx index d821a8ad5266..6b0f688a8f9e 100644 --- a/sc/source/filter/excel/xicontent.cxx +++ b/sc/source/filter/excel/xicontent.cxx @@ -75,10 +75,15 @@ XclImpSst::XclImpSst( const XclImpRoot& rRoot ) : void XclImpSst::ReadSst( XclImpStream& rStrm ) { rStrm.Ignore( 4 ); - sal_uInt32 nStrCount(0); - nStrCount = rStrm.ReaduInt32(); + sal_uInt32 nStrCount = rStrm.ReaduInt32(); + auto nBytesAvailable = rStrm.GetRecLeft(); + if (nStrCount > nBytesAvailable) + { + SAL_WARN("sc.filter", "xls claimed to have " << nStrCount << " strings, but only " << nBytesAvailable << " bytes available, truncating"); + nStrCount = nBytesAvailable; + } maStrings.clear(); - maStrings.reserve( static_cast< size_t >( nStrCount ) ); + maStrings.reserve(nStrCount); while( (nStrCount > 0) && rStrm.IsValid() ) { XclImpString aString; -- cgit