@@ -1800,8 +1800,14 @@
 		      /* 'stripped' UTF-16: requires padding */
 		      unsigned int i;
 		      for (i = 0; i < len; i++)
 			{
+			    if (p_string - workbook->record >=
+				workbook->record_size)
+			      {
+				  /* buffer overflow: it's a preasumable crafted file intended to crash FreeXL */
+				  return FREEXL_CRAFTED_FILE;
+			      }
 			    *(utf16_buf + (utf16_off * 2) + (i * 2)) =
 				*p_string;
 			    p_string++;
 			    *(utf16_buf + (utf16_off * 2) + ((i * 2) + 1)) =
@@ -1911,8 +1917,13 @@
 		  }
 		return FREEXL_OK;
 	    }
 
+	  if (len <= 0)
+	    {
+		/* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		return FREEXL_CRAFTED_FILE;
+	    }
 	  if (!parse_unicode_string
 	      (workbook->utf16_converter, len, utf16, p_string, &utf8_string))
 	      return FREEXL_INVALID_CHARACTER;
 
@@ -3069,8 +3080,13 @@
 	  memcpy (offset.bytes, workbook->record, 4);
 	  if (swap)
 	      swap32 (&offset);
 	  len = workbook->record[6];
+	  if (len <= 0)
+	    {
+		/* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		return FREEXL_CRAFTED_FILE;
+	    }
 	  if (workbook->biff_version == FREEXL_BIFF_VER_5)
 	    {
 		/* BIFF5: codepage text */
 		memcpy (name, workbook->record + 7, len);
@@ -3228,8 +3244,13 @@
 		p_string = workbook->record + 4;
 		get_unicode_params (p_string, swap, &start_offset, &utf16,
 				    &extra_skip);
 		p_string += start_offset;
+		if (len <= 0)
+		  {
+		      /* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		      return FREEXL_CRAFTED_FILE;
+		  }
 		if (!parse_unicode_string
 		    (workbook->utf16_converter, len, utf16, p_string,
 		     &utf8_string))
 		    return FREEXL_INVALID_CHARACTER;
@@ -3622,8 +3643,13 @@
 		unsigned int extra_skip;
 		get_unicode_params (p_string, swap, &start_offset, &utf16,
 				    &extra_skip);
 		p_string += start_offset;
+		if (len <= 0)
+		  {
+		      /* zero length - it's a preasumable crafted file intended to crash FreeXL */
+		      return FREEXL_CRAFTED_FILE;
+		  }
 		if (!parse_unicode_string
 		    (workbook->utf16_converter, len, utf16, p_string,
 		     &utf8_string))
 		    return FREEXL_INVALID_CHARACTER;
@@ -3904,8 +3930,11 @@
 /* saving the current record */
     workbook->record_type = record_type.value;
     workbook->record_size = record_size.value;
 
+    if (workbook->record_size >= 8192)
+	return 0;		/* malformed or crafted file */
+
     if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size >
 	(int) workbook->size)
 	return 0;		/* unexpected EOF */