connectivity/source/drivers/dbase/DTable.cxx | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)
New commits: commit e09f85ef08cd315bd5509ae4d47e82f81ac2a8c0 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Sep 23 20:07:21 2021 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Fri Sep 24 11:18:51 2021 +0200 check if headersize is greater than available data Change-Id: I5d78da49436c7dfbe7cfb50e52549b61abc00ee9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122444 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx index 0872ff07e181..34ea6dfe163c 100644 --- a/connectivity/source/drivers/dbase/DTable.cxx +++ b/connectivity/source/drivers/dbase/DTable.cxx @@ -500,10 +500,20 @@ void ODbaseTable::construct() m_pFileStream = createStream_simpleError( sFileName, StreamMode::READ | StreamMode::NOCREATE | StreamMode::SHARE_DENYNONE); } - if(!m_pFileStream) + if (!m_pFileStream) return; readHeader(); + + std::size_t nFileSize = lcl_getFileSize(*m_pFileStream); + + if (m_aHeader.headerLength > nFileSize) + { + SAL_WARN("connectivity.drivers", "Parsing error: " << nFileSize << + " max possible size, but " << m_aHeader.headerLength << " claimed, abandoning"); + return; + } + if (HasMemoFields()) { // Create Memo-Filename (.DBT): @@ -525,9 +535,9 @@ void ODbaseTable::construct() if (m_pMemoStream) ReadMemoHeader(); } + fillColumns(); - std::size_t nFileSize = lcl_getFileSize(*m_pFileStream); m_pFileStream->Seek(STREAM_SEEK_TO_BEGIN); // seems to be empty or someone wrote bullshit into the dbase file // try and recover if m_aHeader.db_slng is sane
