[gnumeric] xls: fuzzed file fix.

[Morten Welinder <mortenw src gnome org>]

commit 851e3863af29c6be47d35ff06d739fa6948c7705
Author: Morten Welinder <terra gnome org>
Date:   Fri Jan 8 17:30:19 2016 -0500

    xls: fuzzed file fix.

 NEWS                    |    2 +-
 plugins/excel/ChangeLog |    3 +++
 plugins/excel/ms-obj.c  |    1 +
 3 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/NEWS b/NEWS
index 413cc5b..1d51e25 100644
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,7 @@ Morten:
        * Improve test suite.
        * Fuzzed file fixes.  [#760046] [#760085] [#760087] [#760089]
          [#760043] [#760103] [#760102] [#760101] [#760105] [#760106]
-         [#760104] [#760229] [#760231]
+         [#760104] [#760229] [#760231] [#760232]
        * Fix R.DBINOM extreme-value case.  [#760230]
 
 --------------------------------------------------------------------------
diff --git a/plugins/excel/ChangeLog b/plugins/excel/ChangeLog
index fe2a4ad..ae68f79 100644
--- a/plugins/excel/ChangeLog
+++ b/plugins/excel/ChangeLog
@@ -1,5 +1,8 @@
 2016-01-07  Morten Welinder  <terra gnome org>
 
+       * ms-obj.c (ms_obj_read_biff8_obj): Add missing length check for
+       scroll bars.  Fixes #760232.
+
        * ms-excel-read.c (excel_formula_shared): Length check for v0.
        Fixes #760231.
 
diff --git a/plugins/excel/ms-obj.c b/plugins/excel/ms-obj.c
index 79859fd..f1b5952 100644
--- a/plugins/excel/ms-obj.c
+++ b/plugins/excel/ms-obj.c
@@ -1065,6 +1065,7 @@ ms_obj_read_biff8_obj (BiffQuery *q, MSContainer *c, MSObj *obj)
                        break;
 
                case GR_SCROLLBAR :
+                       XL_CHECK_CONDITION_VAL (data_len_left >= 20, TRUE);
                        ms_obj_attr_bag_insert (obj->attrs,
                                ms_obj_attr_new_uint (MS_OBJ_ATTR_SCROLLBAR_VALUE,
                                        GSF_LE_GET_GUINT16 (data+8)));