FreeXL: Diff

Differences From Artifact [4f9408c216]:

File src/freexl.c — part of check-in [31132605d4] at 2015-03-22 11:39:50 on branch trunk — fixing a regression and switching to 1.0.1 (user: sandro size: 119248)

To Artifact [44802d385b]:

File src/freexl.c — part of check-in [acfda2fa74] at 2015-07-14 07:39:24 on branch trunk — fixing a critical bug (32 bit multiplication overflow) reported by RHEL maintainers (user: sandro size: 119639)

  1072   1072   
  1073   1073   static int
  1074   1074   allocate_cells (biff_workbook * workbook)
  1075   1075   {
  1076   1076   /* allocating the rows and cells for the active Worksheet */
  1077   1077       unsigned int row;
  1078   1078       unsigned int col;
         1079  +    double dsize;
  1079   1080       biff_cell_value *p_cell;
  1080   1081   
  1081   1082       if (workbook == NULL)
  1082   1083   	return FREEXL_NULL_ARGUMENT;
  1083   1084       if (workbook->active_sheet == NULL)
  1084   1085   	return FREEXL_NULL_ARGUMENT;
         1086  +
         1087  +/* testing for an unrealistically high memory size > 256MB */
         1088  +    dsize =
         1089  +	(double) sizeof (biff_cell_value) *
         1090  +	(double) (workbook->active_sheet->rows) *
         1091  +	(double) (workbook->active_sheet->columns);
         1092  +    if (dsize > 256.0 * 1024.0 * 1024.0)
         1093  +	return FREEXL_INSUFFICIENT_MEMORY;
  1085   1094   
  1086   1095   /* allocating the cell values array */
  1087   1096       workbook->active_sheet->cell_values =
  1088   1097   	malloc (sizeof (biff_cell_value) *
  1089   1098   		(workbook->active_sheet->rows *
  1090   1099   		 workbook->active_sheet->columns));
  1091   1100       if (workbook->active_sheet->cell_values == NULL)
................................................................................
  1731   1740   	  if (workbook->shared_strings.string_count > 1024 * 1024)
  1732   1741   	    {
  1733   1742   		/* unexpected huge count ... cowardly giving up ... */
  1734   1743   		return FREEXL_INSUFFICIENT_MEMORY;
  1735   1744   	    }
  1736   1745   	  workbook->shared_strings.utf8_strings =
  1737   1746   	      malloc (sizeof (char **) * workbook->shared_strings.string_count);
         1747  +	  if (workbook->shared_strings.utf8_strings == NULL)
         1748  +	      return FREEXL_INSUFFICIENT_MEMORY;
  1738   1749   	  for (i_string = 0; i_string < workbook->shared_strings.string_count;
  1739   1750   	       i_string++)
  1740   1751   	      *(workbook->shared_strings.utf8_strings + i_string) = NULL;
  1741   1752         }
  1742   1753       else
  1743   1754         {
  1744   1755   	  /* SST-CONTINUE */