reject invalid dbase files with 0 len db_slng right at the start

Change-Id: If4aa5249391ea2d2e475fa3ebaccf4e9fc7442de
author: Caolán McNamara <caolanm@redhat.com> 2014-09-11 15:52:41 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2014-09-11 17:25:43 +0100
commit: e46e041c9050a2a7c3223236100ce49a65f7e5d0 (patch)
tree: 6d94ad201da100100c43a898930e73a7f9a17bb3 /connectivity
parent: e7fb96a1c93f57b1ffc6c0bd2af578d6a3e4f78b (diff)
2 files changed, 11 insertions, 6 deletions
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx
index 845d037f343a..54b540799b86 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -214,6 +214,8 @@ void ODbaseTable::readHeader()
     (*m_pFileStream).ReadUInt16( m_aHeader.db_slng );
     if(ERRCODE_NONE != m_pFileStream->GetErrorCode())
         throwInvalidDbaseFormat();
+    if (m_aHeader.db_slng == 0)
+        throwInvalidDbaseFormat();
     m_pFileStream->Read((char*)(&m_aHeader.db_frei), 20*sizeof(sal_uInt8));
     if(ERRCODE_NONE != m_pFileStream->GetErrorCode())
         throwInvalidDbaseFormat();
@@ -1497,9 +1499,9 @@ bool ODbaseTable::DropImpl()
 bool ODbaseTable::InsertRow(OValueRefVector& rRow, bool bFlush, const Reference<XIndexAccess>& _xCols)
 {
     // fill buffer with blanks
-    AllocBuffer();
-    if (!m_pBuffer)
+    if (!AllocBuffer())
         return false;
+
     memset(m_pBuffer, 0, m_aHeader.db_slng);
     m_pBuffer[0] = ' ';
 
@@ -1556,7 +1558,8 @@ bool ODbaseTable::InsertRow(OValueRefVector& rRow, bool bFlush, const Reference<
 bool ODbaseTable::UpdateRow(OValueRefVector& rRow, OValueRefRow& pOrgRow, const Reference<XIndexAccess>& _xCols)
 {
     // fill buffer with blanks
-    AllocBuffer();
+    if (!AllocBuffer())
+        return false;
 
     // position on desired record:
     sal_Size nPos = m_aHeader.db_kopf + (long)(m_nFilePos-1) * m_aHeader.db_slng;
@@ -2743,10 +2746,10 @@ bool ODbaseTable::ReadMemo(sal_Size nBlockNo, ORowSetValue& aVariable)
     return true;
 }
 
-void ODbaseTable::AllocBuffer()
+bool ODbaseTable::AllocBuffer()
 {
     sal_uInt16 nSize = m_aHeader.db_slng;
-    OSL_ENSURE(nSize > 0, "Size too small");
+    SAL_WARN_IF(nSize == 0, "connectivity.drivers", "Size too small");
 
     if (m_nBufferSize != nSize)
     {
@@ -2760,6 +2763,8 @@ void ODbaseTable::AllocBuffer()
         m_nBufferSize = nSize;
         m_pBuffer = new sal_uInt8[m_nBufferSize+1];
     }
+
+    return m_pBuffer != NULL;
 }
 
 bool ODbaseTable::WriteBuffer()
diff --git a/connectivity/source/inc/dbase/DTable.hxx b/connectivity/source/inc/dbase/DTable.hxx
index 4f2635e2a82c..915503d0cca0 100644
--- a/connectivity/source/inc/dbase/DTable.hxx
+++ b/connectivity/source/inc/dbase/DTable.hxx
@@ -112,7 +112,7 @@ namespace connectivity
             bool WriteBuffer();
             bool UpdateBuffer(OValueRefVector& rRow, OValueRefRow pOrgRow,const ::com::sun::star::uno::Reference< ::com::sun::star::container::XIndexAccess>& _xCols, bool bForceAllFields);
             ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySet> isUniqueByColumnName(sal_Int32 _nColumnPos);
-            void AllocBuffer();
+            bool AllocBuffer();
 
             void throwInvalidDbaseFormat();
             void SAL_CALL renameImpl( const OUString& newName ) throw(::com::sun::star::sdbc::SQLException, ::com::sun::star::container::ElementExistException, ::com::sun::star::uno::RuntimeException);
author	Caolán McNamara <caolanm@redhat.com>	2014-09-11 15:52:41 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2014-09-11 17:25:43 +0100
commit	e46e041c9050a2a7c3223236100ce49a65f7e5d0 (patch)
tree	6d94ad201da100100c43a898930e73a7f9a17bb3 /connectivity
parent	e7fb96a1c93f57b1ffc6c0bd2af578d6a3e4f78b (diff)