Skip to content
Commit 58fb5814 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso
Browse files

CVE-2017-1210{8,9} were adressed in 1.0.0-2 upload 

Note for reviewes, double check, but the patched code is at

	@@ -995,12 +1127,20 @@ void xls_preparseWorkSheet(xlsWorkSheet*
	         /* If the ROW record is incorrect or missing, infer the information from
	          * cell data. */
	         case XLS_RECORD_MULRK:
	+            if (tmp.size < sizeof(MULRK)) {
	+                retval = LIBXLS_ERROR_PARSE;
	+                goto cleanup;
	+            }
	             if (pWS->rows.lastcol<xlsShortVal(((MULRK*)buf)->col) + (tmp.size - 6)/6 - 1)
	                 pWS->rows.lastcol=xlsShortVal(((MULRK*)buf)->col) + (tmp.size - 6)/6 - 1;
	             if (pWS->rows.lastrow<xlsShortVal(((MULRK*)buf)->row))
	                 pWS->rows.lastrow=xlsShortVal(((MULRK*)buf)->row);
	             break;
	         case XLS_RECORD_MULBLANK:
	+            if (tmp.size < sizeof(MULBLANK)) {
	+                retval = LIBXLS_ERROR_PARSE;
	+                goto cleanup;
	+            }
	             if (pWS->rows.lastcol<xlsShortVal(((MULBLANK*)buf)->col) + (tmp.size - 6)/2 - 1)
	                 pWS->rows.lastcol=xlsShortVal(((MULBLANK*)buf)->col) + (tmp.size - 6)/2 - 1;
	             if (pWS->rows.lastrow<xlsShortVal(((MULBLANK*)buf)->row))
parent 4e915fc2
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment