After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 689706 - gsf_input_dup broken for MSOLE input streams
gsf_input_dup broken for MSOLE input streams
Status: RESOLVED FIXED
Product: libgsf
Classification: Core
Component: MS OLE2 & Properties
1.14.x
Other All
: Normal major
: ---
Assigned To: Stepan Kasal
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2012-12-05 15:35 UTC by Paolo Bonzini
Modified: 2012-12-17 17:05 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
patch to fix the bug (846 bytes, patch)
2012-12-05 15:35 UTC, Paolo Bonzini
none Details | Review

Description Paolo Bonzini 2012-12-05 15:35:53 UTC
Created attachment 230769 [details] [review]
patch to fix the bug

The gsf_infile_msole_dup function does not set the size of the destination stream.  Because of this, the generic test in gsf_input_dup fails:

                if (dst->size != input->size) {
                        if (err != NULL)
                                *err = g_error_new (gsf_input_error_id (), 0,
                                                    "Duplicate size mismatch");
                        g_object_unref (dst);
                        return NULL;
                }

It also fails to set the buffer for small-block files.  The attached patch rewrites gsf_infile_msole_dup.

If a Signed-off-by tag is needed for the patch, please add it on my behalf.

Testcase, segfaults with 1.14.24, prints "test" with the patch:

#include <stdbool.h>
#include <unistd.h>
#include <gsf/gsf.h>
#include <gsf/gsf-input.h>
#include <gsf/gsf-infile.h>
#include <gsf/gsf-output.h>
#include <gsf/gsf-outfile.h>
#include <gsf/gsf-input-memory.h>
#include <gsf/gsf-input-stdio.h>
#include <gsf/gsf-output-stdio.h>
#include <gsf/gsf-infile-msole.h>
#include <gsf/gsf-outfile-msole.h>

int main()
{
	g_type_init();

	GsfOutput *out = gsf_output_stdio_new("teststg", NULL);
	GsfOutfile *outf = gsf_outfile_msole_new(out);
	GsfOutput *outchild = gsf_outfile_new_child(outf, "small", false);
	gsf_output_puts(outchild, "test\n");
	gsf_output_close(outchild);
	g_object_unref(G_OBJECT(outchild));
	gsf_output_close(GSF_OUTPUT(outf));
	g_object_unref(G_OBJECT(outf));
	g_object_unref(G_OBJECT(out));

	GsfInput *in = gsf_input_stdio_new("teststg", NULL);
	GsfInfile *inf = gsf_infile_msole_new(in, NULL);
	GsfInput *inchild = gsf_infile_child_by_name(inf, "small");
	GsfInput *indup = gsf_input_dup(inchild, NULL);
	gsize size = gsf_input_size(inchild);

	write(1, gsf_input_read(indup, size, NULL), size);
	g_object_unref(G_OBJECT(indup));
	g_object_unref(G_OBJECT(inchild));
	g_object_unref(G_OBJECT(inf));
	g_object_unref(G_OBJECT(in));
}
Comment 1 Morten Welinder 2012-12-05 16:02:20 UTC
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.