You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ce...@apache.org on 2015/07/20 16:03:36 UTC
svn commit: r1691948 - in /poi: site/src/documentation/content/xdocs/
trunk/src/java/org/apache/poi/poifs/filesystem/
trunk/src/java/org/apache/poi/util/ trunk/src/ooxml/java/org/apache/poi/
trunk/src/ooxml/testcases/org/apache/poi/ trunk/src/testcases...
Author: centic
Date: Mon Jul 20 14:03:35 2015
New Revision: 1691948
URL: http://svn.apache.org/r1691948
Log:
Bug 58156: Possible data corruption in hasPOIFSHeader and hasOOXMLHeader
Modified:
poi/site/src/documentation/content/xdocs/status.xml
poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java
poi/trunk/src/java/org/apache/poi/util/IOUtils.java
poi/trunk/src/ooxml/java/org/apache/poi/POIXMLDocument.java
poi/trunk/src/ooxml/testcases/org/apache/poi/TestDetectAsOOXML.java
poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOffice2007XMLException.java
Modified: poi/site/src/documentation/content/xdocs/status.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/status.xml?rev=1691948&r1=1691947&r2=1691948&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/status.xml (original)
+++ poi/site/src/documentation/content/xdocs/status.xml Mon Jul 20 14:03:35 2015
@@ -39,6 +39,7 @@
</devs>
<release version="3.13-beta2" date="2015-10-??">
+ <action dev="PD" type="fix" fixes-bug="58156">Possible data corruption in hasPOIFSHeader and hasOOXMLHeader</action>
<action dev="PD" type="add" fixes-bug="58130">Conditional Formatting support for DataBars, Icon Sets / Multi-States, and Color Scales</action>
</release>
Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java?rev=1691948&r1=1691947&r2=1691948&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java Mon Jul 20 14:03:35 2015
@@ -354,7 +354,11 @@ public class NPOIFSFileSystem extends Bl
* has a POIFS (OLE2) header at the start of it.
* If your InputStream does not support mark / reset,
* then wrap it in a PushBackInputStream, then be
- * sure to always use that, and not the original!
+ * sure to always use that and not the original!
+ *
+ * After the method call, the InputStream is at the
+ * same position as of the time of entering the method.
+ *
* @param inp An InputStream which supports either mark/reset, or is a PushbackInputStream
*/
public static boolean hasPOIFSHeader(InputStream inp) throws IOException {
@@ -362,13 +366,13 @@ public class NPOIFSFileSystem extends Bl
inp.mark(8);
byte[] header = new byte[8];
- IOUtils.readFully(inp, header);
+ int bytesRead = IOUtils.readFully(inp, header);
LongField signature = new LongField(HeaderBlockConstants._signature_offset, header);
// Wind back those 8 bytes
if(inp instanceof PushbackInputStream) {
PushbackInputStream pin = (PushbackInputStream)inp;
- pin.unread(header);
+ pin.unread(header, 0, bytesRead);
} else {
inp.reset();
}
Modified: poi/trunk/src/java/org/apache/poi/util/IOUtils.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/IOUtils.java?rev=1691948&r1=1691947&r2=1691948&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/util/IOUtils.java (original)
+++ poi/trunk/src/java/org/apache/poi/util/IOUtils.java Mon Jul 20 14:03:35 2015
@@ -57,7 +57,7 @@ public final class IOUtils {
// Wind back those 8 bytes
if(stream instanceof PushbackInputStream) {
PushbackInputStream pin = (PushbackInputStream)stream;
- pin.unread(header);
+ pin.unread(header, 0, read);
} else {
stream.reset();
}
Modified: poi/trunk/src/ooxml/java/org/apache/poi/POIXMLDocument.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/POIXMLDocument.java?rev=1691948&r1=1691947&r2=1691948&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/POIXMLDocument.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/POIXMLDocument.java Mon Jul 20 14:03:35 2015
@@ -127,18 +127,19 @@ public abstract class POIXMLDocument ext
inp.mark(4);
byte[] header = new byte[4];
- IOUtils.readFully(inp, header);
+ int bytesRead = IOUtils.readFully(inp, header);
// Wind back those 4 bytes
if(inp instanceof PushbackInputStream) {
PushbackInputStream pin = (PushbackInputStream)inp;
- pin.unread(header);
+ pin.unread(header, 0, bytesRead);
} else {
inp.reset();
}
// Did it match the ooxml zip signature?
return (
+ bytesRead == 4 &&
header[0] == POIFSConstants.OOXML_FILE_HEADER[0] &&
header[1] == POIFSConstants.OOXML_FILE_HEADER[1] &&
header[2] == POIFSConstants.OOXML_FILE_HEADER[2] &&
Modified: poi/trunk/src/ooxml/testcases/org/apache/poi/TestDetectAsOOXML.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/TestDetectAsOOXML.java?rev=1691948&r1=1691947&r2=1691948&view=diff
==============================================================================
--- poi/trunk/src/ooxml/testcases/org/apache/poi/TestDetectAsOOXML.java (original)
+++ poi/trunk/src/ooxml/testcases/org/apache/poi/TestDetectAsOOXML.java Mon Jul 20 14:03:35 2015
@@ -19,8 +19,10 @@
package org.apache.poi;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.PushbackInputStream;
+import java.util.Arrays;
import junit.framework.TestCase;
@@ -62,4 +64,22 @@ public class TestDetectAsOOXML extends T
assertFalse(POIXMLDocument.hasOOXMLHeader(in));
in.close();
}
+
+ public void testFileCorruption() throws Exception {
+
+ // create test InputStream
+ byte[] testData = { (byte)1, (byte)2, (byte)3 };
+ ByteArrayInputStream testInput = new ByteArrayInputStream(testData);
+
+ // detect header
+ InputStream in = new PushbackInputStream(testInput, 10);
+ assertFalse(POIXMLDocument.hasOOXMLHeader(in));
+
+ // check if InputStream is still intact
+ byte[] test = new byte[3];
+ in.read(test);
+ assertTrue(Arrays.equals(testData, test));
+ assertEquals(-1, in.read());
+ }
+
}
Modified: poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOffice2007XMLException.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOffice2007XMLException.java?rev=1691948&r1=1691947&r2=1691948&view=diff
==============================================================================
--- poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOffice2007XMLException.java (original)
+++ poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOffice2007XMLException.java Mon Jul 20 14:03:35 2015
@@ -17,12 +17,16 @@
package org.apache.poi.poifs.filesystem;
-import junit.framework.TestCase;
-
-import java.io.*;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PushbackInputStream;
+import java.util.Arrays;
import org.apache.poi.hssf.HSSFTestDataSamples;
+import junit.framework.TestCase;
+
/**
* Class to test that POIFS complains when given an Office 2007 XML document
*
@@ -38,7 +42,7 @@ public class TestOffice2007XMLException
InputStream in = openSampleStream("sample.xlsx");
try {
- new POIFSFileSystem(in);
+ new POIFSFileSystem(in).close();
fail("expected exception was not thrown");
} catch(OfficeXmlFileException e) {
// expected during successful test
@@ -72,4 +76,39 @@ public class TestOffice2007XMLException
in.close();
}
}
+
+ public void testFileCorruption() throws Exception {
+
+ // create test InputStream
+ byte[] testData = { (byte)1, (byte)2, (byte)3 };
+ InputStream testInput = new ByteArrayInputStream(testData);
+
+ // detect header
+ InputStream in = new PushbackInputStream(testInput, 10);
+ assertFalse(POIFSFileSystem.hasPOIFSHeader(in));
+
+ // check if InputStream is still intact
+ byte[] test = new byte[3];
+ in.read(test);
+ assertTrue(Arrays.equals(testData, test));
+ assertEquals(-1, in.read());
+ }
+
+
+ public void testFileCorruptionOPOIFS() throws Exception {
+
+ // create test InputStream
+ byte[] testData = { (byte)1, (byte)2, (byte)3 };
+ InputStream testInput = new ByteArrayInputStream(testData);
+
+ // detect header
+ InputStream in = new PushbackInputStream(testInput, 10);
+ assertFalse(OPOIFSFileSystem.hasPOIFSHeader(in));
+
+ // check if InputStream is still intact
+ byte[] test = new byte[3];
+ in.read(test);
+ assertTrue(Arrays.equals(testData, test));
+ assertEquals(-1, in.read());
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org