Fixed one more SST bug - when the string table was broken with a continuation

record in the middle of formatting info, no more strings would be read and a working buffer overflow would occur.
2002-05-27 19:35:00 +00:00 · 2002-05-27 19:35:00 +00:00 · 358e24c07b
commit 358e24c07b
parent d1d97c3b73
3 changed files with 38 additions and 6 deletions
--- a/xlhtml/ChangeLog
+++ b/xlhtml/ChangeLog
@ -20,6 +20,9 @@ HEAD
 	  * Fixed handling of fonts (fixes some segfaults, closes bug 529044)
 	  * Fixed "String Table Error" occurences in some (not all) empty cells
 	  * Fixed non-functioning -xc: option when -xr: was not also specified
+	  * Fixed one more SST bug - when the string table was broken with a
+	    continuation record in the middle of formatting info, no more
+	    strings would be read and a working buffer overflow would occur
 	* Added some Alpha portability fixes.  

 0.5 04/13/02
--- a/xlhtml/xlhtml.c
+++ b/xlhtml/xlhtml.c
@ -225,6 +225,7 @@ int MaxColExceeded = 0;
 int MaxRowExceeded = 0;
 int MaxWorksheetsExceeded = 0;
 int MaxStringsExceeded = 0;
+int WorkingBufferOverflow = 0;
 int MaxFontsExceeded = 0;
 int UnicodeStrings = 0;	/*!< 0==ASCII, 1==windows-1252, 2==uft-8 */
 int CodePage = 0;			/*!< Micosoft CodePage as specified in the Excel file. */
@ -706,6 +707,9 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 	/* On start of record, reset stuff. */
 	if (count == 0)
 	{
+#ifdef DEBUG
+		fprintf(stderr, "opcode 0x%02X, version 0x%02X\n", opcode, version);
+#endif
 		if (opcode != 0x3C)	/* not CONTINUE opcode */
 		{
 			last_opcode = opcode;
@ -723,10 +727,12 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 	/* Abort processing if too big. Next opcode will reset everything. */
 	if (bufidx >= WBUFF_SIZE)
 	{
-		/* this will be printed many times; leave it this way since it's temporary
-		 * anyway - the buffer must be made dynamic
-		 */
-		fprintf(stderr, "Warning: working buffer overflow!\n");
+		/* the buffer should be made dynamic */
+		if (! WorkingBufferOverflow)
+		{
+			WorkingBufferOverflow = 1;
+			fprintf(stderr, "Warning: working buffer overflow!\n");
+		}
 		return;
 	}

@ -961,6 +967,9 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 			 * start of the string) with its bit 0 whether the continuation has
 			 * 8-bit or 16-bit characters. Thus, the strings can start with 8-bit
 			 * characters and continue with 16-bit characters, or vice versa.
+			 * However, when a string is split after the character array (i.e.
+			 * in the rich-text formatting data or, I suppose, in the far-east
+			 * data), the additional byte is NOT present.
 			 */
 			if ((count == 0) && !cont_opcode)
 			{	/* initialize variables */
@ -974,7 +983,7 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 				 *  this would be necessary doesn't seem to occur.
 				 */
 				break;
-			if ((count == 0) && cont_opcode && after_str_header)
+			if ((count == 0) && cont_opcode && after_str_header && (bufidx < (num_chars << buf_16bit)))
 			{
 				now_16bit = data & 0x01;
 				if (now_16bit && !buf_16bit)
@ -1060,11 +1069,19 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 				{	/* the string data is now starting */
 					if (buflast == 0)
 					{	/* special case for empty strings */
+#ifdef DEBUG
+						fprintf(stderr, "SST: adding empty string; next_string: %lu\n",
+							next_string);
+#endif
 						add_str_array(0, (U8 *)0, 0, 0, 0);
 						after_str_header = 0;
 					}
 					else
 					{
+#ifdef DEBUG
+						fprintf(stderr, "SST: adding string; next_string: %lu, options: 0x%02X\n",
+							next_string, str_options);
+#endif
 						memset(working_buffer, 0, WBUFF_SIZE);
 						nonascii = 0;
 					}
@ -1073,7 +1090,7 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 			}
 			else	/* payload processor */
 			{
-				if (data > 127)
+				if ((data > 127) && (bufidx <= (num_chars << buf_16bit)))
 					nonascii = 1;
 				if (bufidx == buflast)
 				{
@ -1093,6 +1110,17 @@ void main_line_processor(U16 opcode, U16 version, U32 count, U16 last, U8 data)
 						add_str_array(uni, working_buffer, len, working_buffer+len, num_fmt_runs);
 					else
 						add_str_array(uni, working_buffer, len, 0, 0);
+#ifdef DEBUG
+					{
+						FILE *old_out = stdout;
+						stdout = stderr;
+						printf("SST: added string; next_string: %lu, len: %u, str='",
+							next_string, len);
+						OutputString(str_array[next_string-1]);
+						printf("'\n");
+						stdout = old_out;
+					}
+#endif
 					if (uni > UnicodeStrings)	/* Try to "upgrade" charset */
 						UnicodeStrings = uni;
 					bufidx = 0;
--- a/xlhtml/xlhtml.h
+++ b/xlhtml/xlhtml.h
@ -179,6 +179,7 @@ extern int MaxRowExceeded;
 extern int MaxWorksheetsExceeded;
 extern int MaxStringsExceeded;
 extern int MaxFontsExceeded;
+extern int WorkingBufferOverflow;
 extern int UnicodeStrings;
 extern int CodePage;