heap-buffer-overflow(read) at xlsparse.c:493

[yangzao]

A heap-buffer-overflow(read) bug when testing xls2csv 0.95 on x86-64 Ubuntu 22.04.

Files:

3.zip

Commandline:

./xls2csv ./3

Crash line:

    "    489    \tlen = count;",
    "    490    \t*dest=0;l=0;",
    "    491    \tfor (s=*src,d=dest,i=0;i<count;i++,s+=charsize) {",
    "    492    \t\t/* \t\tfprintf(stderr,\"l=%d len=%d count=%d charsize=%d\\n\",l,len,count,charsize); */",
    "--->493    \t\tif ( (charsize == 1 && (*s == 1 || *s == 0)) ||",
    "    494    \t\t\t\t (charsize == 2 && (*s == 1 || *s == 0) && *(s+1) != 4)) {",
    "    495    \t\t\t/* \t\t\tfprintf(stderr,\"extchar (unicode)=%02x %02x\\n\",*s, *(s+1)); */",
    "    496    \t\t\tcharsize=(*s &0x01) ? 2 : 1;",
    "    497    \t\t\tif (charsize == 2)",
    "    498    \t\t\t\ts-=1;"

Stacktrace:

    "    #0 0x555555643e34 in copy_unicode_string catdoc/src/xlsparse.c:493:27",
    "    #1 0x555555642f4d in parse_sst catdoc/src/xlsparse.c:775:19",
    "    #2 0x55555564153f in process_item catdoc/src/xlsparse.c:142:3",
    "    #3 0x55555564113b in do_table catdoc/src/xlsparse.c:116:3",
    "    #4 0x55555563e8ba in main catdoc/src/xls2csv.c:167:7",