Hi Martín,
in the patch nLen is compared to OLENAMELENGTH * 2, not to OLENAMELENGTH:
diff --git a/src/ole.c b/src/ole.c
index 807ed5b..dbcda42 100644
--- a/src/ole.c
+++ b/src/ole.c
@@ -337,7 +337,7 @@ FILE *ole_readdir(FILE *f) {
e->blocks=NULL;
nLen=getshort(oleBuf,0x40);
- if (nLen > (OLENAMELENGTH * 2)) {
+ if (nLen > OLENAMELENGTH) {
free(e);
return NULL;
}
I think that the problem is that "nLen" is in bytes, but OLENAMELENGTH is in UCS-2
characters. When processing the LibreOffice document an OLE stream having the name
"SummaryInformation\0" is encountered. The name in bytes of this stream is greater than
OLENAMELENGTH (32) bytes so the parsing is aborted.
Regards,
Robert
On 04/09/17 02:50, Martín Ferrari wrote:
Hi Robert,
On 02/09/17 12:50, Robert Zavalczki wrote:
Package: catdoc
Version: 1:0.95-3
Tags: patch
Create a simple document in LibreOffice Writer 5.2.7.2 containing a single line: "Hello world!" and
save it using the "Microsoft Word 97-2003 (.doc)" format. Run "catdoc" on the created
document. The output is empty.
Details: this bug was introduced in version 1:0.95 and is not reproducible with
previous versions of catdoc. Applying the attached patch to the source code in
version 0.95 (catdoc_0.95.orig.tar.gz) seems to fix the issue.
Thanks for the report, but I am not sure I understand this. The current
code in ole.c reads already like your proposed patch:
if (nLen > OLENAMELENGTH) {
free(e);
return NULL;
}
Although I can reproduce the issue you mention, so there is definitely a
bug. Sadly, catdoc's code is not the easiest to follow :/
