dittons
commented
2 years ago This appears to be caused by a duplicate String Item in the Shared String Table.
This causes the string table size check in xlsx_consumer::read_shared_string_table to throw as its size is one less than the specified uniqueCount.
musshorn
Hi,
I found that the simple reading example in doc/example.md of commit dbc0ddd crashes with the attached xlsx file(test.xlsx). Additionally, the source code was changed a bit into reading a filename as an argument. The test was ran on Ubuntu 18.04.3 with kernel 4.15.0-72-generic with x86_64.
Here’s the the crash stack trace taken with GDB:
0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
1 0x00007ffff6c0d801 in __GI_abort () at abort.c:79
2 0x0000555556e10021 in abort_message (format=0x5555570ad381 "terminating with %s exception of type %s: %s")
3 0x0000555556e23ae3 in demangling_terminate_handler ()
4 0x0000555556e0eda6 in std::__terminate (func=0x2)
5 0x0000555556e1d6fc in __cxa_rethrow ()
6 0x00005555559f382f in xlnt::workbook::load (this=0x0, stream=...) at /home/chowisely/oss/xlnt/source/workbook/workbook.cpp:882
7 0x00005555559edfd3 in xlnt::workbook::load (this=0x7fffffffe220, filename=...)
8 0x0000555555a4967f in xlnt::workbook::load (this=0x7fffffffe220, filename=...)
9 0x0000555555579292 in main (argc=-6468, argv=0x7fffffffe460) at ex1.cpp:12
This crash was found with Angora fuzzer, and test.xlsx is originated from documentation-print.xlsx in samples/data directory.
Hope this help.