#55 infinite while loops with malicious or corrupted excel file

open
nobody
None
5
2007-09-04
2007-09-04
David Fletcher
No

A corrupted or maliciously constructed Excel file can send the phpexcelreader into an infinite loop. Since the Excel format is difficult to check prior to opening with phpexcelreader, this shoftware needs better protection against entering an infinite loop.

One solution is to limit the maximum number of loops which can take place. For example, at the start of oleread.inc add this definition:

define('MAXWHILE', 10000);

The alter the while loops from (for example)
#########################################
while ($sbdBlock != -2) {
.... code
}
#########################################

to this:

#########################################
$maxwhile = 0;
while ($sbdBlock != -2 && $maxwhile < MAXWHILE) {
$maxwhile ++;
.... other code

}
#########################################

This will avoid loops where $this->bigBlockChain never reaches the -2 entry. Also in reader.php where the block of type SPREADSHEET_EXCEL_READER_TYPE_EOF might never be found.

There is probably a better way of doing this, but the 'MAXWHILE' definition will work, as long as the number exceeds anything likely to be seen in a real Excel file.

Discussion