global-buffer-overflow(write) at xlsparse.c:716

[yangzao]

A global-buffer-overflow(write) bug when testing xls2csv 0.95 on x86-64 Ubuntu 22.04.

Files:

8.zip

Commandline:

./xls2csv ./8

Crash line:

    "    712    char* format_rk(unsigned char *rec,short int format_code) {",
    "    713    \tdouble value=0.0;",
    "    714    \tint i;",
    "    715    ",
    "--->716    \tif ( *(rec) & 0x02 )",
    "    717    \t{",
    "    718    \t\tvalue=(double)(getlong(rec,0)>>2);",
    "    719    \t}",
    "    720    \telse {",
    "    721    \t\tunion { unsigned char cc[8];"

Stacktrace:

    "    #0 0x555555644486 in format_rk catdoc/src/xlsparse.c:716:7",
    "    #1 0x5555556421a3 in process_item catdoc/src/xlsparse.c:325:35",
    "    #2 0x55555564113b in do_table catdoc/src/xlsparse.c:116:3",
    "    #3 0x55555563e8ba in main catdoc/src/xls2csv.c:167:7",