GNOME Bugzilla – Bug 689706
gsf_input_dup broken for MSOLE input streams
Last modified: 2012-12-17 17:05:24 UTC
Created attachment 230769 [details] [review] patch to fix the bug The gsf_infile_msole_dup function does not set the size of the destination stream. Because of this, the generic test in gsf_input_dup fails: if (dst->size != input->size) { if (err != NULL) *err = g_error_new (gsf_input_error_id (), 0, "Duplicate size mismatch"); g_object_unref (dst); return NULL; } It also fails to set the buffer for small-block files. The attached patch rewrites gsf_infile_msole_dup. If a Signed-off-by tag is needed for the patch, please add it on my behalf. Testcase, segfaults with 1.14.24, prints "test" with the patch: #include <stdbool.h> #include <unistd.h> #include <gsf/gsf.h> #include <gsf/gsf-input.h> #include <gsf/gsf-infile.h> #include <gsf/gsf-output.h> #include <gsf/gsf-outfile.h> #include <gsf/gsf-input-memory.h> #include <gsf/gsf-input-stdio.h> #include <gsf/gsf-output-stdio.h> #include <gsf/gsf-infile-msole.h> #include <gsf/gsf-outfile-msole.h> int main() { g_type_init(); GsfOutput *out = gsf_output_stdio_new("teststg", NULL); GsfOutfile *outf = gsf_outfile_msole_new(out); GsfOutput *outchild = gsf_outfile_new_child(outf, "small", false); gsf_output_puts(outchild, "test\n"); gsf_output_close(outchild); g_object_unref(G_OBJECT(outchild)); gsf_output_close(GSF_OUTPUT(outf)); g_object_unref(G_OBJECT(outf)); g_object_unref(G_OBJECT(out)); GsfInput *in = gsf_input_stdio_new("teststg", NULL); GsfInfile *inf = gsf_infile_msole_new(in, NULL); GsfInput *inchild = gsf_infile_child_by_name(inf, "small"); GsfInput *indup = gsf_input_dup(inchild, NULL); gsize size = gsf_input_size(inchild); write(1, gsf_input_read(indup, size, NULL), size); g_object_unref(G_OBJECT(indup)); g_object_unref(G_OBJECT(inchild)); g_object_unref(G_OBJECT(inf)); g_object_unref(G_OBJECT(in)); }
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.