heap-buffer-overflow(read) at numutils.c:22 #11
Description
A heap-buffer-overflow(read) bug when testing xls2csv 0.95 on x86-64 Ubuntu 22.04.
Files:
Commandline:
./xls2csv ./6
Crash line:
" 18 /* Reads 4-byte LSB int from buffer at given offset almost platfom-indepent",
" 19 * way",
" 20 *********************************************************************/",
" 21 int32_t getlong(unsigned char *buffer,int offset) {",
"--->22 \treturn (long)buffer[offset]|((long)buffer[offset+1]<<8L)",
" 23 \t\t|((long)buffer[offset+2]<<16L)|((long)buffer[offset+3]<<24L);",
" 24 }",
" 25 ",
" 26 uint32_t getulong(unsigned char *buffer,int offset) {",
" 27 \treturn (unsigned long)buffer[offset]|((unsigned long)buffer[offset+1]<<8L)"
Stacktrace:
" #0 0x55555564b874 in getlong catdoc/src/numutils.c:22:15",
" #1 0x55555564c414 in ole_init catdoc/src/ole.c:158:10",
" #2 0x55555563e879 in main catdoc/src/xls2csv.c:159:17",