Bug: workbook_validate_sheet_name buffer-overflow

[wxie7]

hello, maybe there exist a bug in workbook_validate_sheet_name. When sheetname is an empty string (""), the workbook_validate_sheet_name function does not check if the string length is 0, leading to a buffer overflow.The following is the relevant code, the crash occurs at workbook.c:workbook_validate_sheet_name.

#include "xlsxwriter.h"

int main() {

    lxw_workbook  *workbook  = workbook_new("demo.xlsx");
    lxw_worksheet *worksheet = workbook_add_worksheet(workbook, NULL);
    const char* name = "";
    lxw_error le = workbook_validate_sheet_name(workbook, name);
    if (le == LXW_NO_ERROR) {
      lxw_worksheet *worksheet = workbook_add_worksheet(workbook, name);
    }

    return 0;
}

[jmcnamara]

Thanks for the report. That is omission/bug. I'll add a fix.

[jmcnamara]

I've pushed a fix for this to main. There is now a new error code called LXW_ERROR_SHEETNAME_IS_BLANK for this condition.

[wxie7]

Should verify in advance that name is NULL?

[jmcnamara]

Should verify in advance that name is NULL?

My initial thought was that the end user should check for NULL and that workbook_validate_sheet_name() should validate the name and not the string. However, most libxlsxwriter functions check for NULL so I've added a LXW_ERROR_NULL_PARAMETER_IGNORED error as well.

I've force pushed that change to main.