You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ta...@apache.org on 2017/09/21 14:53:01 UTC
svn commit: r1809169 [1/3] - in /poi/trunk/src:
examples/src/org/apache/poi/poifs/poibrowser/ java/org/apache/poi/ddf/
java/org/apache/poi/hpsf/ java/org/apache/poi/hssf/extractor/
java/org/apache/poi/hssf/record/ java/org/apache/poi/hssf/record/common...
Author: tallison
Date: Thu Sep 21 14:52:59 2017
New Revision: 1809169
URL: http://svn.apache.org/viewvc?rev=1809169&view=rev
Log:
Bug 61349 -- add more sanity checks when allocating byte[]
Modified:
poi/trunk/src/examples/src/org/apache/poi/poifs/poibrowser/DocumentDescriptor.java
poi/trunk/src/java/org/apache/poi/ddf/EscherArrayProperty.java
poi/trunk/src/java/org/apache/poi/ddf/EscherBSERecord.java
poi/trunk/src/java/org/apache/poi/ddf/EscherBlipRecord.java
poi/trunk/src/java/org/apache/poi/ddf/EscherClientAnchorRecord.java
poi/trunk/src/java/org/apache/poi/ddf/EscherClientDataRecord.java
poi/trunk/src/java/org/apache/poi/ddf/EscherMetafileBlip.java
poi/trunk/src/java/org/apache/poi/ddf/EscherPictBlip.java
poi/trunk/src/java/org/apache/poi/ddf/EscherPropertyFactory.java
poi/trunk/src/java/org/apache/poi/ddf/EscherTextboxRecord.java
poi/trunk/src/java/org/apache/poi/ddf/UnknownEscherRecord.java
poi/trunk/src/java/org/apache/poi/hpsf/Blob.java
poi/trunk/src/java/org/apache/poi/hpsf/ClipboardData.java
poi/trunk/src/java/org/apache/poi/hpsf/CodePageString.java
poi/trunk/src/java/org/apache/poi/hpsf/Section.java
poi/trunk/src/java/org/apache/poi/hpsf/UnicodeString.java
poi/trunk/src/java/org/apache/poi/hpsf/VariantSupport.java
poi/trunk/src/java/org/apache/poi/hssf/extractor/OldExcelExtractor.java
poi/trunk/src/java/org/apache/poi/hssf/record/CFRule12Record.java
poi/trunk/src/java/org/apache/poi/hssf/record/DConRefRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/EmbeddedObjectRefSubRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/EscherAggregate.java
poi/trunk/src/java/org/apache/poi/hssf/record/FtCblsSubRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/GroupMarkerSubRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/HyperlinkRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/NoteStructureSubRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/OldLabelRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/OldSheetRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/OldStringRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/RecordInputStream.java
poi/trunk/src/java/org/apache/poi/hssf/record/SubRecord.java
poi/trunk/src/java/org/apache/poi/hssf/record/common/UnicodeString.java
poi/trunk/src/java/org/apache/poi/hssf/record/crypto/Biff8DecryptingStream.java
poi/trunk/src/java/org/apache/poi/hssf/usermodel/HSSFWorkbook.java
poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherInputStream.java
poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java
poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
poi/trunk/src/java/org/apache/poi/poifs/crypt/DataSpaceMapUtils.java
poi/trunk/src/java/org/apache/poi/poifs/dev/POIFSDump.java
poi/trunk/src/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java
poi/trunk/src/java/org/apache/poi/poifs/filesystem/NDocumentInputStream.java
poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSDocument.java
poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java
poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java
poi/trunk/src/java/org/apache/poi/poifs/nio/ByteArrayBackedDataSource.java
poi/trunk/src/java/org/apache/poi/poifs/property/NPropertyTable.java
poi/trunk/src/java/org/apache/poi/poifs/storage/DocumentBlock.java
poi/trunk/src/java/org/apache/poi/poifs/storage/HeaderBlock.java
poi/trunk/src/java/org/apache/poi/poifs/storage/RawDataBlock.java
poi/trunk/src/java/org/apache/poi/ss/formula/Formula.java
poi/trunk/src/java/org/apache/poi/ss/formula/function/FunctionMetadataReader.java
poi/trunk/src/java/org/apache/poi/util/IOUtils.java
poi/trunk/src/java/org/apache/poi/util/LZWDecompresser.java
poi/trunk/src/java/org/apache/poi/util/LittleEndian.java
poi/trunk/src/java/org/apache/poi/util/StringUtil.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java
poi/trunk/src/ooxml/java/org/apache/poi/ss/extractor/EmbeddedExtractor.java
poi/trunk/src/ooxml/java/org/apache/poi/xslf/usermodel/XMLSlideShow.java
poi/trunk/src/ooxml/java/org/apache/poi/xssf/binary/XSSFBParser.java
poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/chunks/ChunkFactory.java
poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/CompressedStreamStore.java
poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/StreamStore.java
poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentEMFPlus.java
poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentPublic.java
poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentRecord.java
poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfHeader.java
poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfText.java
poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java
poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIRtfAttribute.java
poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/TNEFAttribute.java
poi/trunk/src/scratchpad/src/org/apache/poi/hmef/dev/HMEFDumper.java
poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/EscherPart.java
poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/QuillContents.java
poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/qcbits/QCTextBit.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/Bitmap.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/DIB.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/PPTXMLDump.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/SlideShowDumper.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/AnimationInfoAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CString.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Comment2000Atom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CurrentUserAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/DocumentAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExEmbedAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExHyperlinkAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExMediaAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExObjListAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjStg.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/FontEntityAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HSLFEscherClientDataRecord.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HeadersFootersAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/InteractiveInfoAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/MasterTextPropAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/NotesAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawing.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawingGroup.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PersistPtrHolder.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlideAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlidePersistAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SoundData.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextProp9Atom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextPropAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextBytesAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextCharsAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextRulerAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoRun.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxInteractiveInfoAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxMasterStyleAtom.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/UnknownRecordPlaceholder.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShow.java
poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
poi/trunk/src/scratchpad/src/org/apache/poi/hsmf/datatypes/PropertiesChunk.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwmf/record/HwmfText.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocumentCore.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFOldDocument.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/CHPFormattedDiskPage.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ComplexFileTable.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/DocumentProperties.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/Ffn.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/FileInformationBlock.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ListLevel.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldSectionTable.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldTextPieceTable.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PAPFormattedDiskPage.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PlexOfCps.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/SectionTable.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/StyleDescription.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/TextPieceTable.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmBuffer.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmUtils.java
poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/TableSprmCompressor.java
Modified: poi/trunk/src/examples/src/org/apache/poi/poifs/poibrowser/DocumentDescriptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/examples/src/org/apache/poi/poifs/poibrowser/DocumentDescriptor.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/examples/src/org/apache/poi/poifs/poibrowser/DocumentDescriptor.java (original)
+++ poi/trunk/src/examples/src/org/apache/poi/poifs/poibrowser/DocumentDescriptor.java Thu Sep 21 14:52:59 2017
@@ -19,6 +19,7 @@ package org.apache.poi.poifs.poibrowser;
import java.io.*;
import org.apache.poi.poifs.filesystem.*;
+import org.apache.poi.util.IOUtils;
/**
* <p>Describes the most important (whatever that is) features of a
@@ -26,6 +27,10 @@ import org.apache.poi.poifs.filesystem.*
*/
public class DocumentDescriptor
{
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
String name;
POIFSDocumentPath path;
DocumentInputStream stream;
@@ -60,7 +65,7 @@ public class DocumentDescriptor
if (stream.markSupported())
{
stream.mark(nrOfBytes);
- final byte[] b = new byte[nrOfBytes];
+ final byte[] b = IOUtils.safelyAllocate(nrOfBytes, MAX_RECORD_LENGTH);
final int read = stream.read(b, 0, Math.min(size, b.length));
bytes = new byte[read];
System.arraycopy(b, 0, bytes, 0, read);
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherArrayProperty.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherArrayProperty.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherArrayProperty.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherArrayProperty.java Thu Sep 21 14:52:59 2017
@@ -21,6 +21,7 @@ import java.util.Iterator;
import java.util.NoSuchElementException;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
@@ -28,6 +29,10 @@ import org.apache.poi.util.LittleEndian;
* with all sorts of special cases. I'm hopeful I've got them all.
*/
public final class EscherArrayProperty extends EscherComplexProperty implements Iterable<byte[]> {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
/**
* The size of the header that goes at the
* start of the array, before the data
@@ -69,7 +74,7 @@ public final class EscherArrayProperty e
public void setNumberOfElementsInArray(int numberOfElements) {
int expectedArraySize = numberOfElements * getActualSizeOfElements(getSizeOfElements()) + FIXED_SIZE;
if (expectedArraySize != getComplexData().length) {
- byte[] newArray = new byte[expectedArraySize];
+ byte[] newArray = IOUtils.safelyAllocate(expectedArraySize, MAX_RECORD_LENGTH);
System.arraycopy(getComplexData(), 0, newArray, 0, getComplexData().length);
setComplexData(newArray);
}
@@ -83,7 +88,7 @@ public final class EscherArrayProperty e
public void setNumberOfElementsInMemory(int numberOfElements) {
int expectedArraySize = numberOfElements * getActualSizeOfElements(getSizeOfElements()) + FIXED_SIZE;
if (expectedArraySize != getComplexData().length) {
- byte[] newArray = new byte[expectedArraySize];
+ byte[] newArray = IOUtils.safelyAllocate(expectedArraySize, MAX_RECORD_LENGTH);
System.arraycopy(getComplexData(), 0, newArray, 0, expectedArraySize);
setComplexData(newArray);
}
@@ -100,7 +105,7 @@ public final class EscherArrayProperty e
int expectedArraySize = getNumberOfElementsInArray() * getActualSizeOfElements(getSizeOfElements()) + FIXED_SIZE;
if (expectedArraySize != getComplexData().length) {
// Keep just the first 6 bytes. The rest is no good to us anyway.
- byte[] newArray = new byte[expectedArraySize];
+ byte[] newArray = IOUtils.safelyAllocate(expectedArraySize, MAX_RECORD_LENGTH);
System.arraycopy( getComplexData(), 0, newArray, 0, 6 );
setComplexData(newArray);
}
@@ -108,7 +113,7 @@ public final class EscherArrayProperty e
public byte[] getElement(int index) {
int actualSize = getActualSizeOfElements(getSizeOfElements());
- byte[] result = new byte[actualSize];
+ byte[] result = IOUtils.safelyAllocate(actualSize, MAX_RECORD_LENGTH);
System.arraycopy(getComplexData(), FIXED_SIZE + index * actualSize, result, 0, result.length );
return result;
}
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherBSERecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherBSERecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherBSERecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherBSERecord.java Thu Sep 21 14:52:59 2017
@@ -17,6 +17,7 @@
package org.apache.poi.ddf;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
@@ -27,6 +28,10 @@ import org.apache.poi.util.LittleEndian;
* @see EscherBlipRecord
*/
public final class EscherBSERecord extends EscherRecord {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static final short RECORD_ID = (short) 0xF007;
public static final String RECORD_DESCRIPTION = "MsofbtBSE";
@@ -84,7 +89,7 @@ public final class EscherBSERecord exten
pos += 36 + bytesRead;
bytesRemaining -= bytesRead;
- _remainingData = new byte[bytesRemaining];
+ _remainingData = IOUtils.safelyAllocate(bytesRemaining, MAX_RECORD_LENGTH);
System.arraycopy( data, pos, _remainingData, 0, bytesRemaining );
return bytesRemaining + 8 + 36 + (field_12_blipRecord == null ? 0 : field_12_blipRecord.getRecordSize()) ;
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherBlipRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherBlipRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherBlipRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherBlipRecord.java Thu Sep 21 14:52:59 2017
@@ -17,9 +17,14 @@
package org.apache.poi.ddf;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
public class EscherBlipRecord extends EscherRecord {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
+
public static final short RECORD_ID_START = (short) 0xF018;
public static final short RECORD_ID_END = (short) 0xF117;
public static final String RECORD_DESCRIPTION = "msofbtBlip";
@@ -36,7 +41,7 @@ public class EscherBlipRecord extends Es
int bytesAfterHeader = readHeader( data, offset );
int pos = offset + HEADER_SIZE;
- field_pictureData = new byte[bytesAfterHeader];
+ field_pictureData = IOUtils.safelyAllocate(bytesAfterHeader, MAX_RECORD_LENGTH);
System.arraycopy(data, pos, field_pictureData, 0, bytesAfterHeader);
return bytesAfterHeader + 8;
@@ -94,7 +99,7 @@ public class EscherBlipRecord extends Es
if (pictureData == null || offset < 0 || length < 0 || pictureData.length < offset+length) {
throw new IllegalArgumentException("picture data can't be null");
}
- field_pictureData = new byte[length];
+ field_pictureData = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH);
System.arraycopy(pictureData, offset, field_pictureData, 0, length);
}
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherClientAnchorRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherClientAnchorRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherClientAnchorRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherClientAnchorRecord.java Thu Sep 21 14:52:59 2017
@@ -17,6 +17,7 @@
package org.apache.poi.ddf;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
@@ -30,6 +31,9 @@ import org.apache.poi.util.LittleEndian;
public class EscherClientAnchorRecord
extends EscherRecord
{
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static final short RECORD_ID = (short) 0xF010;
public static final String RECORD_DESCRIPTION = "MsofbtClientAnchor";
@@ -83,7 +87,7 @@ public class EscherClientAnchorRecord
}
}
bytesRemaining -= size;
- remainingData = new byte[bytesRemaining];
+ remainingData = IOUtils.safelyAllocate(bytesRemaining, MAX_RECORD_LENGTH);
System.arraycopy( data, pos + size, remainingData, 0, bytesRemaining );
return 8 + size + bytesRemaining;
}
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherClientDataRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherClientDataRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherClientDataRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherClientDataRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.ddf;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
@@ -27,6 +28,9 @@ import org.apache.poi.util.LittleEndian;
public class EscherClientDataRecord
extends EscherRecord
{
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static final short RECORD_ID = (short) 0xF011;
public static final String RECORD_DESCRIPTION = "MsofbtClientData";
@@ -36,7 +40,7 @@ public class EscherClientDataRecord
public int fillFields(byte[] data, int offset, EscherRecordFactory recordFactory) {
int bytesRemaining = readHeader( data, offset );
int pos = offset + 8;
- remainingData = new byte[bytesRemaining];
+ remainingData = IOUtils.safelyAllocate(bytesRemaining, MAX_RECORD_LENGTH);
System.arraycopy( data, pos, remainingData, 0, bytesRemaining );
return 8 + bytesRemaining;
}
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherMetafileBlip.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherMetafileBlip.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherMetafileBlip.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherMetafileBlip.java Thu Sep 21 14:52:59 2017
@@ -26,12 +26,15 @@ import java.util.zip.DeflaterOutputStrea
import java.util.zip.InflaterInputStream;
import org.apache.poi.hssf.usermodel.HSSFPictureData;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
public final class EscherMetafileBlip extends EscherBlipRecord {
private static final POILogger log = POILogFactory.getLogger(EscherMetafileBlip.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
public static final short RECORD_ID_EMF = (short) 0xF018 + 2;
public static final short RECORD_ID_WMF = (short) 0xF018 + 3;
@@ -79,7 +82,7 @@ public final class EscherMetafileBlip ex
field_6_fCompression = data[pos]; pos++;
field_7_fFilter = data[pos]; pos++;
- raw_pictureData = new byte[field_5_cbSave];
+ raw_pictureData = IOUtils.safelyAllocate(field_5_cbSave, MAX_RECORD_LENGTH);
System.arraycopy( data, pos, raw_pictureData, 0, field_5_cbSave );
pos += field_5_cbSave;
@@ -93,7 +96,7 @@ public final class EscherMetafileBlip ex
int remaining = bytesAfterHeader - pos + offset + HEADER_SIZE;
if(remaining > 0) {
- remainingData = new byte[remaining];
+ remainingData = IOUtils.safelyAllocate(remaining, MAX_RECORD_LENGTH);
System.arraycopy( data, pos, remainingData, 0, remaining );
}
return bytesAfterHeader + HEADER_SIZE;
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherPictBlip.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherPictBlip.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherPictBlip.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherPictBlip.java Thu Sep 21 14:52:59 2017
@@ -24,12 +24,15 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.zip.InflaterInputStream;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
public final class EscherPictBlip extends EscherBlipRecord {
private static final POILogger log = POILogFactory.getLogger(EscherPictBlip.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
public static final short RECORD_ID_EMF = (short) 0xF018 + 2;
public static final short RECORD_ID_WMF = (short) 0xF018 + 3;
@@ -68,7 +71,7 @@ public final class EscherPictBlip extend
field_6_fCompression = data[pos]; pos++;
field_7_fFilter = data[pos]; pos++;
- raw_pictureData = new byte[field_5_cbSave];
+ raw_pictureData = IOUtils.safelyAllocate(field_5_cbSave, MAX_RECORD_LENGTH);
System.arraycopy( data, pos, raw_pictureData, 0, field_5_cbSave );
// 0 means DEFLATE compression
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherPropertyFactory.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherPropertyFactory.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherPropertyFactory.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherPropertyFactory.java Thu Sep 21 14:52:59 2017
@@ -20,12 +20,17 @@ package org.apache.poi.ddf;
import java.util.ArrayList;
import java.util.List;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
* Generates a property given a reference into the byte array storing that property.
*/
public final class EscherPropertyFactory {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
+
/**
* Create new properties from a byte array.
*
@@ -64,9 +69,9 @@ public final class EscherPropertyFactory
if ( !isComplex ) {
ep = new EscherSimpleProperty( propId, propData );
} else if ( propertyType == EscherPropertyMetaData.TYPE_ARRAY) {
- ep = new EscherArrayProperty( propId, new byte[propData]);
+ ep = new EscherArrayProperty( propId, IOUtils.safelyAllocate(propData, MAX_RECORD_LENGTH));
} else {
- ep = new EscherComplexProperty( propId, new byte[propData]);
+ ep = new EscherComplexProperty( propId, IOUtils.safelyAllocate(propData, MAX_RECORD_LENGTH));
}
break;
}
Modified: poi/trunk/src/java/org/apache/poi/ddf/EscherTextboxRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/EscherTextboxRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/EscherTextboxRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/EscherTextboxRecord.java Thu Sep 21 14:52:59 2017
@@ -20,6 +20,7 @@ package org.apache.poi.ddf;
import java.util.ArrayList;
import java.util.List;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.RecordFormatException;
@@ -30,6 +31,10 @@ import org.apache.poi.util.RecordFormatE
* they will be in the parent's format, not Escher format.
*/
public final class EscherTextboxRecord extends EscherRecord implements Cloneable {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static final short RECORD_ID = (short)0xF00D;
public static final String RECORD_DESCRIPTION = "msofbtClientTextbox";
@@ -48,7 +53,7 @@ public final class EscherTextboxRecord e
// Save the data, ready for the calling code to do something
// useful with it
- thedata = new byte[bytesRemaining];
+ thedata = IOUtils.safelyAllocate(bytesRemaining, MAX_RECORD_LENGTH);
System.arraycopy( data, offset + 8, thedata, 0, bytesRemaining );
return bytesRemaining + 8;
}
@@ -97,7 +102,7 @@ public final class EscherTextboxRecord e
*/
public void setData(byte[] b, int start, int length)
{
- thedata = new byte[length];
+ thedata = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH);
System.arraycopy(b,start,thedata,0,length);
}
Modified: poi/trunk/src/java/org/apache/poi/ddf/UnknownEscherRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ddf/UnknownEscherRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/ddf/UnknownEscherRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/ddf/UnknownEscherRecord.java Thu Sep 21 14:52:59 2017
@@ -21,6 +21,7 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
@@ -28,6 +29,10 @@ import org.apache.poi.util.LittleEndian;
* we do not explicitly support.
*/
public final class UnknownEscherRecord extends EscherRecord implements Cloneable {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
+
private static final byte[] NO_BYTES = new byte[0];
/** The data for this record not including the the 8 byte header */
@@ -70,7 +75,7 @@ public final class UnknownEscherRecord e
bytesRemaining = 0;
}
- thedata = new byte[bytesRemaining];
+ thedata = IOUtils.safelyAllocate(bytesRemaining, MAX_RECORD_LENGTH);
System.arraycopy( data, offset + 8, thedata, 0, bytesRemaining );
return bytesRemaining + 8;
}
Modified: poi/trunk/src/java/org/apache/poi/hpsf/Blob.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hpsf/Blob.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hpsf/Blob.java (original)
+++ poi/trunk/src/java/org/apache/poi/hpsf/Blob.java Thu Sep 21 14:52:59 2017
@@ -16,18 +16,23 @@
==================================================================== */
package org.apache.poi.hpsf;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndianInput;
@Internal
class Blob {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 1_000_000;
+
private byte[] _value;
Blob() {}
void read( LittleEndianInput lei ) {
int size = lei.readInt();
- _value = new byte[size];
+ _value = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
if ( size > 0 ) {
lei.readFully(_value);
}
Modified: poi/trunk/src/java/org/apache/poi/hpsf/ClipboardData.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hpsf/ClipboardData.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hpsf/ClipboardData.java (original)
+++ poi/trunk/src/java/org/apache/poi/hpsf/ClipboardData.java Thu Sep 21 14:52:59 2017
@@ -26,6 +26,9 @@ import org.apache.poi.util.POILogger;
@Internal
class ClipboardData {
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
+
private static final POILogger LOG = POILogFactory.getLogger( ClipboardData.class );
private int _format;
@@ -48,7 +51,7 @@ class ClipboardData {
}
_format = lei.readInt();
- _value = new byte[size - LittleEndianConsts.INT_SIZE];
+ _value = IOUtils.safelyAllocate(size - LittleEndianConsts.INT_SIZE, MAX_RECORD_LENGTH);
lei.readFully(_value);
}
Modified: poi/trunk/src/java/org/apache/poi/hpsf/CodePageString.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hpsf/CodePageString.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hpsf/CodePageString.java (original)
+++ poi/trunk/src/java/org/apache/poi/hpsf/CodePageString.java Thu Sep 21 14:52:59 2017
@@ -21,6 +21,7 @@ import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import org.apache.poi.util.CodePageUtil;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayInputStream;
@@ -30,6 +31,9 @@ import org.apache.poi.util.POILogger;
@Internal
class CodePageString {
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private final static POILogger LOG = POILogFactory.getLogger( CodePageString.class );
private byte[] _value;
@@ -40,7 +44,7 @@ class CodePageString {
void read( LittleEndianByteArrayInputStream lei ) {
int offset = lei.getReadIndex();
int size = lei.readInt();
- _value = new byte[size];
+ _value = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
if (size == 0) {
return;
}
Modified: poi/trunk/src/java/org/apache/poi/hpsf/Section.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hpsf/Section.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hpsf/Section.java (original)
+++ poi/trunk/src/java/org/apache/poi/hpsf/Section.java Thu Sep 21 14:52:59 2017
@@ -33,6 +33,7 @@ import org.apache.commons.collections4.b
import org.apache.poi.hpsf.wellknown.PropertyIDMap;
import org.apache.poi.hpsf.wellknown.SectionIDMap;
import org.apache.poi.util.CodePageUtil;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayInputStream;
import org.apache.poi.util.LittleEndianConsts;
@@ -43,6 +44,9 @@ import org.apache.poi.util.POILogger;
* Represents a section in a {@link PropertySet}.
*/
public class Section {
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private static final POILogger LOG = POILogFactory.getLogger(Section.class);
/**
@@ -835,7 +839,7 @@ public class Section {
}
try {
- byte buf[] = new byte[nrBytes];
+ byte buf[] = IOUtils.safelyAllocate(nrBytes, MAX_RECORD_LENGTH);
leis.readFully(buf, 0, nrBytes);
final String str = CodePageUtil.getStringFromCodePage(buf, 0, nrBytes, cp);
Modified: poi/trunk/src/java/org/apache/poi/hpsf/UnicodeString.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hpsf/UnicodeString.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hpsf/UnicodeString.java (original)
+++ poi/trunk/src/java/org/apache/poi/hpsf/UnicodeString.java Thu Sep 21 14:52:59 2017
@@ -21,6 +21,7 @@ import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import org.apache.poi.util.CodePageUtil;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayInputStream;
@@ -32,6 +33,8 @@ import org.apache.poi.util.StringUtil;
@Internal
class UnicodeString {
private static final POILogger LOG = POILogFactory.getLogger( UnicodeString.class );
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
private byte[] _value;
@@ -40,7 +43,7 @@ class UnicodeString {
void read(LittleEndianByteArrayInputStream lei) {
final int length = lei.readInt();
final int unicodeBytes = length*2;
- _value = new byte[unicodeBytes];
+ _value = IOUtils.safelyAllocate(unicodeBytes, MAX_RECORD_LENGTH);
// If Length is zero, this field MUST be zero bytes in length. If Length is
// nonzero, this field MUST be a null-terminated array of 16-bit Unicode characters, followed by
Modified: poi/trunk/src/java/org/apache/poi/hpsf/VariantSupport.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hpsf/VariantSupport.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hpsf/VariantSupport.java (original)
+++ poi/trunk/src/java/org/apache/poi/hpsf/VariantSupport.java Thu Sep 21 14:52:59 2017
@@ -25,6 +25,7 @@ import java.util.Date;
import java.util.LinkedList;
import java.util.List;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayInputStream;
import org.apache.poi.util.LittleEndianConsts;
@@ -58,6 +59,9 @@ public class VariantSupport extends Vari
private static final POILogger logger = POILogFactory.getLogger(VariantSupport.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private static boolean logUnsupportedTypes;
/**
@@ -172,7 +176,7 @@ public class VariantSupport extends Vari
typedPropertyValue.readValue(lei);
} catch ( UnsupportedOperationException exc ) {
int propLength = Math.min( length, lei.available() );
- final byte[] v = new byte[propLength];
+ final byte[] v = IOUtils.safelyAllocate(propLength, MAX_RECORD_LENGTH);
lei.readFully(v, 0, propLength);
throw new ReadingNotSupportedException( type, v );
}
@@ -248,7 +252,7 @@ public class VariantSupport extends Vari
default:
final int unpadded = lei.getReadIndex()-offset;
lei.setReadIndex(offset);
- final byte[] v = new byte[unpadded];
+ final byte[] v = IOUtils.safelyAllocate(unpadded, MAX_RECORD_LENGTH);
lei.readFully( v, 0, unpadded );
throw new ReadingNotSupportedException( type, v );
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/extractor/OldExcelExtractor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/extractor/OldExcelExtractor.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/extractor/OldExcelExtractor.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/extractor/OldExcelExtractor.java Thu Sep 21 14:52:59 2017
@@ -57,6 +57,9 @@ import org.apache.poi.util.IOUtils;
public class OldExcelExtractor implements Closeable {
private final static int FILE_PASS_RECORD_SID = 0x2f;
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private RecordInputStream ris;
@@ -278,7 +281,7 @@ public class OldExcelExtractor implement
break;
default:
- ris.readFully(new byte[ris.remaining()]);
+ ris.readFully(IOUtils.safelyAllocate(ris.remaining(), MAX_RECORD_LENGTH));
}
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/CFRule12Record.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/CFRule12Record.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/CFRule12Record.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/CFRule12Record.java Thu Sep 21 14:52:59 2017
@@ -36,6 +36,7 @@ import org.apache.poi.ss.usermodel.Condi
import org.apache.poi.ss.usermodel.IconMultiStateFormatting.IconSet;
import org.apache.poi.ss.util.CellRangeAddress;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianOutput;
import org.apache.poi.util.POILogger;
@@ -50,6 +51,10 @@ import org.apache.poi.util.POILogger;
* this is only used for the other types
*/
public final class CFRule12Record extends CFRuleBase implements FutureRecord, Cloneable {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static final short sid = 0x087A;
private FtrHeader futureHeader;
@@ -92,7 +97,7 @@ public final class CFRule12Record extend
priority = 0;
template_type = getConditionType();
template_param_length = 16;
- template_params = new byte[template_param_length];
+ template_params = IOUtils.safelyAllocate(template_param_length, MAX_RECORD_LENGTH);
}
/**
@@ -236,7 +241,7 @@ public final class CFRule12Record extend
} else {
int len = readFormatOptions(in);
if (len < ext_formatting_length) {
- ext_formatting_data = new byte[ext_formatting_length-len];
+ ext_formatting_data = IOUtils.safelyAllocate(ext_formatting_length-len, MAX_RECORD_LENGTH);
in.readFully(ext_formatting_data);
}
}
@@ -252,7 +257,7 @@ public final class CFRule12Record extend
template_type = in.readUShort();
template_param_length = in.readByte();
if (template_param_length == 0 || template_param_length == 16) {
- template_params = new byte[template_param_length];
+ template_params = IOUtils.safelyAllocate(template_param_length, MAX_RECORD_LENGTH);
in.readFully(template_params);
} else {
logger.log(POILogger.WARN, "CF Rule v12 template params length should be 0 or 16, found " + template_param_length);
@@ -465,7 +470,7 @@ public final class CFRule12Record extend
// use min() to gracefully handle cases where the length-property and the array-length do not match
// we saw some such files in circulation
rec.ext_formatting_length = Math.min(ext_formatting_length, ext_formatting_data.length);
- rec.ext_formatting_data = new byte[ext_formatting_length];
+ rec.ext_formatting_data = IOUtils.safelyAllocate(ext_formatting_length, MAX_RECORD_LENGTH);
System.arraycopy(ext_formatting_data, 0, rec.ext_formatting_data, 0, rec.ext_formatting_length);
rec.formula_scale = formula_scale.copy();
@@ -474,7 +479,7 @@ public final class CFRule12Record extend
rec.priority = priority;
rec.template_type = template_type;
rec.template_param_length = template_param_length;
- rec.template_params = new byte[template_param_length];
+ rec.template_params = IOUtils.safelyAllocate(template_param_length, MAX_RECORD_LENGTH);
System.arraycopy(template_params, 0, rec.template_params, 0, template_param_length);
if (color_gradient != null) {
@@ -487,7 +492,7 @@ public final class CFRule12Record extend
rec.data_bar = (DataBarFormatting)data_bar.clone();
}
if (filter_data != null) {
- rec.filter_data = new byte[filter_data.length];
+ rec.filter_data = IOUtils.safelyAllocate(filter_data.length, MAX_RECORD_LENGTH);
System.arraycopy(filter_data, 0, rec.filter_data, 0, filter_data.length);
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/DConRefRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/DConRefRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/DConRefRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/DConRefRecord.java Thu Sep 21 14:52:59 2017
@@ -20,6 +20,7 @@ package org.apache.poi.hssf.record;
import java.util.Arrays;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianOutput;
import org.apache.poi.util.RecordFormatException;
@@ -69,6 +70,9 @@ import org.apache.poi.util.StringUtil;
public class DConRefRecord extends StandardRecord
{
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
/**
* The id of the record type,
* <code>sid = {@value}</code>
@@ -142,7 +146,7 @@ public class DConRefRecord extends Stand
*/
int byteLength = charCount * ((charType & 1) + 1);
- path = LittleEndian.getByteArray(data, offset, byteLength);
+ path = LittleEndian.getByteArray(data, offset, byteLength, MAX_RECORD_LENGTH);
offset += byteLength;
/*
@@ -150,7 +154,7 @@ public class DConRefRecord extends Stand
* unused field. Not sure If i need to bother with this...
*/
if (path[0] == 0x02)
- _unused = LittleEndian.getByteArray(data, offset, (charType + 1));
+ _unused = LittleEndian.getByteArray(data, offset, (charType + 1), MAX_RECORD_LENGTH);
}
@@ -175,7 +179,7 @@ public class DConRefRecord extends Stand
// byteLength depends on whether we are using single- or double-byte chars.
int byteLength = charCount * (charType + 1);
- path = new byte[byteLength];
+ path = IOUtils.safelyAllocate(byteLength, MAX_RECORD_LENGTH);
inStream.readFully(path);
if (path[0] == 0x02)
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/EmbeddedObjectRefSubRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/EmbeddedObjectRefSubRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/EmbeddedObjectRefSubRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/EmbeddedObjectRefSubRecord.java Thu Sep 21 14:52:59 2017
@@ -25,6 +25,7 @@ import org.apache.poi.ss.formula.ptg.Ptg
import org.apache.poi.ss.formula.ptg.Ref3DPtg;
import org.apache.poi.ss.formula.ptg.RefPtg;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianInputStream;
@@ -41,6 +42,9 @@ import org.apache.poi.util.StringUtil;
*/
public final class EmbeddedObjectRefSubRecord extends SubRecord implements Cloneable {
private static POILogger logger = POILogFactory.getLogger(EmbeddedObjectRefSubRecord.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static final short sid = 0x0009;
private static final byte[] EMPTY_BYTE_ARRAY = { };
@@ -173,7 +177,7 @@ public final class EmbeddedObjectRefSubR
if (size == 0) {
return EMPTY_BYTE_ARRAY;
}
- byte[] result = new byte[size];
+ byte[] result = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
in.readFully(result);
return result;
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/EscherAggregate.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/EscherAggregate.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/EscherAggregate.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/EscherAggregate.java Thu Sep 21 14:52:59 2017
@@ -36,6 +36,7 @@ import org.apache.poi.ddf.EscherSerializ
import org.apache.poi.ddf.EscherSpRecord;
import org.apache.poi.ddf.EscherSpgrRecord;
import org.apache.poi.ddf.EscherTextboxRecord;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.RecordFormatException;
@@ -85,6 +86,9 @@ import org.apache.poi.util.RecordFormatE
public final class EscherAggregate extends AbstractEscherHolderRecord {
public static final short sid = 9876; // not a real sid - dummy value
private static POILogger log = POILogFactory.getLogger(EscherAggregate.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
+
public static final short ST_MIN = (short) 0;
public static final short ST_NOT_PRIMATIVE = ST_MIN;
@@ -592,7 +596,7 @@ public final class EscherAggregate exten
// Determine buffer size
List<EscherRecord> records = getEscherRecords();
int rawEscherSize = getEscherRecordSize(records);
- byte[] buffer = new byte[rawEscherSize];
+ byte[] buffer = IOUtils.safelyAllocate(rawEscherSize, MAX_RECORD_LENGTH);
final List<Integer> spEndingOffsets = new ArrayList<>();
int pos = 0;
for (EscherRecord e : records) {
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/FtCblsSubRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/FtCblsSubRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/FtCblsSubRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/FtCblsSubRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.hssf.record;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianOutput;
import org.apache.poi.util.RecordFormatException;
@@ -48,7 +49,7 @@ public final class FtCblsSubRecord exten
throw new RecordFormatException("Unexpected size (" + size + ")");
}
//just grab the raw data
- byte[] buf = new byte[size];
+ byte[] buf = IOUtils.safelyAllocate(size, ENCODED_SIZE);
in.readFully(buf);
reserved = buf;
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/GroupMarkerSubRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/GroupMarkerSubRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/GroupMarkerSubRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/GroupMarkerSubRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.hssf.record;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianOutput;
@@ -27,6 +28,9 @@ import org.apache.poi.util.LittleEndianO
*/
public final class GroupMarkerSubRecord extends SubRecord implements Cloneable {
public final static short sid = 0x0006;
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private static final byte[] EMPTY_BYTE_ARRAY = { };
@@ -38,7 +42,7 @@ public final class GroupMarkerSubRecord
}
public GroupMarkerSubRecord(LittleEndianInput in, int size) {
- byte[] buf = new byte[size];
+ byte[] buf = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
in.readFully(buf);
reserved = buf;
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/HyperlinkRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/HyperlinkRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/HyperlinkRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/HyperlinkRecord.java Thu Sep 21 14:52:59 2017
@@ -20,6 +20,7 @@ package org.apache.poi.hssf.record;
import org.apache.poi.ss.util.CellRangeAddress;
import org.apache.poi.util.HexDump;
import org.apache.poi.util.HexRead;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianOutput;
@@ -36,6 +37,9 @@ import org.apache.poi.util.StringUtil;
public final class HyperlinkRecord extends StandardRecord implements Cloneable {
public final static short sid = 0x01B8;
private static POILogger logger = POILogFactory.getLogger(HyperlinkRecord.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
static final class GUID {
/*
@@ -525,7 +529,7 @@ public final class HyperlinkRecord exten
int len = in.readInt();
- byte[] path_bytes = new byte[len];
+ byte[] path_bytes = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH);
in.readFully(path_bytes);
_address = new String(path_bytes, StringUtil.UTF8);
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/NoteStructureSubRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/NoteStructureSubRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/NoteStructureSubRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/NoteStructureSubRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.hssf.record;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianOutput;
import org.apache.poi.util.RecordFormatException;
@@ -55,7 +56,7 @@ public final class NoteStructureSubRecor
throw new RecordFormatException("Unexpected size (" + size + ")");
}
//just grab the raw data
- byte[] buf = new byte[size];
+ byte[] buf = IOUtils.safelyAllocate(size, ENCODED_SIZE);
in.readFully(buf);
reserved = buf;
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/OldLabelRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/OldLabelRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/OldLabelRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/OldLabelRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.hssf.record;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.poi.util.RecordFormatException;
@@ -29,6 +30,8 @@ import org.apache.poi.util.RecordFormatE
*/
public final class OldLabelRecord extends OldCellRecord {
private final static POILogger logger = POILogFactory.getLogger(OldLabelRecord.class);
+ //arbitrarily set, may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
public final static short biff2_sid = 0x0004;
public final static short biff345_sid = 0x0204;
@@ -51,7 +54,7 @@ public final class OldLabelRecord extend
}
// Can only decode properly later when you know the codepage
- field_5_bytes = new byte[field_4_string_len];
+ field_5_bytes = IOUtils.safelyAllocate(field_4_string_len, MAX_RECORD_LENGTH);
in.read(field_5_bytes, 0, field_4_string_len);
if (in.remaining() > 0) {
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/OldSheetRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/OldSheetRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/OldSheetRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/OldSheetRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.hssf.record;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
/**
* Title: Bound Sheet Record (aka BundleSheet) (0x0085) for BIFF 5<P>
@@ -26,6 +27,10 @@ import org.apache.poi.util.HexDump;
* file.
*/
public final class OldSheetRecord {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public final static short sid = 0x0085;
private int field_1_position_of_BOF;
@@ -39,7 +44,7 @@ public final class OldSheetRecord {
field_2_visibility = in.readUByte();
field_3_type = in.readUByte();
int field_4_sheetname_length = in.readUByte();
- field_5_sheetname = new byte[field_4_sheetname_length];
+ field_5_sheetname = IOUtils.safelyAllocate(field_4_sheetname_length, MAX_RECORD_LENGTH);
in.read(field_5_sheetname, 0, field_4_sheetname_length);
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/OldStringRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/OldStringRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/OldStringRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/OldStringRecord.java Thu Sep 21 14:52:59 2017
@@ -21,6 +21,7 @@ import java.io.UnsupportedEncodingExcept
import org.apache.poi.hpsf.Property;
import org.apache.poi.util.CodePageUtil;
+import org.apache.poi.util.IOUtils;
/**
@@ -28,6 +29,10 @@ import org.apache.poi.util.CodePageUtil;
* formula string results.
*/
public final class OldStringRecord {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public final static short biff2_sid = 0x0007;
public final static short biff345_sid = 0x0207;
@@ -49,7 +54,7 @@ public final class OldStringRecord {
}
// Can only decode properly later when you know the codepage
- field_2_bytes = new byte[field_1_string_len];
+ field_2_bytes = IOUtils.safelyAllocate(field_1_string_len, MAX_RECORD_LENGTH);
in.read(field_2_bytes, 0, field_1_string_len);
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/RecordInputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/RecordInputStream.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/RecordInputStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/RecordInputStream.java Thu Sep 21 14:52:59 2017
@@ -25,6 +25,7 @@ import java.util.Locale;
import org.apache.poi.hssf.dev.BiffViewer;
import org.apache.poi.hssf.record.crypto.Biff8DecryptingStream;
import org.apache.poi.poifs.crypt.EncryptionInfo;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndianConsts;
import org.apache.poi.util.LittleEndianInput;
@@ -36,9 +37,13 @@ import org.apache.poi.util.RecordFormatE
* Description: Wraps a stream and provides helper methods for the construction of records.<P>
*/
public final class RecordInputStream implements LittleEndianInput {
+
+
/** Maximum size of a single record (minus the 4 byte header) without a continue*/
public final static short MAX_RECORD_DATA_SIZE = 8224;
private static final int INVALID_SID_VALUE = -1;
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
/**
* When {@link #_currentDataLength} has this value, it means that the previous BIFF record is
* finished, the next sid has been properly read, but the data size field has not been read yet.
@@ -441,7 +446,7 @@ public final class RecordInputStream imp
if (size ==0) {
return EMPTY_BYTE_ARRAY;
}
- byte[] result = new byte[size];
+ byte[] result = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
readFully(result);
return result;
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/SubRecord.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/SubRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/SubRecord.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/SubRecord.java Thu Sep 21 14:52:59 2017
@@ -18,6 +18,7 @@
package org.apache.poi.hssf.record;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianOutput;
import org.apache.poi.util.LittleEndianOutputStream;
@@ -28,6 +29,10 @@ import java.io.ByteArrayOutputStream;
* Subrecords are part of the OBJ class.
*/
public abstract class SubRecord {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 1_000_000;
+
protected SubRecord() {
// no fields to initialise
}
@@ -107,7 +112,7 @@ public abstract class SubRecord {
public UnknownSubRecord(LittleEndianInput in, int sid, int size) {
_sid = sid;
- byte[] buf = new byte[size];
+ byte[] buf = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
in.readFully(buf);
_data = buf;
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/common/UnicodeString.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/common/UnicodeString.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/common/UnicodeString.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/common/UnicodeString.java Thu Sep 21 14:52:59 2017
@@ -28,6 +28,7 @@ import org.apache.poi.hssf.record.cont.C
import org.apache.poi.hssf.record.cont.ContinuableRecordOutput;
import org.apache.poi.util.BitField;
import org.apache.poi.util.BitFieldFactory;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.LittleEndianOutput;
import org.apache.poi.util.POILogFactory;
@@ -46,6 +47,10 @@ public class UnicodeString implements Co
// TODO - make this final when the compatibility version is removed
private static POILogger _logger = POILogFactory.getLogger(UnicodeString.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
+
private short field_1_charCount;
private byte field_2_optionflags;
private String field_3_string;
@@ -196,7 +201,7 @@ public class UnicodeString implements Co
_logger.log( POILogger.WARN, "Warning - ExtRst overran by " + (0-extraDataLength) + " bytes");
extraDataLength = 0;
}
- extraData = new byte[extraDataLength];
+ extraData = IOUtils.safelyAllocate(extraDataLength, MAX_RECORD_LENGTH);
for(int i=0; i<extraData.length; i++) {
extraData[i] = in.readByte();
}
Modified: poi/trunk/src/java/org/apache/poi/hssf/record/crypto/Biff8DecryptingStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/record/crypto/Biff8DecryptingStream.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/record/crypto/Biff8DecryptingStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/record/crypto/Biff8DecryptingStream.java Thu Sep 21 14:52:59 2017
@@ -27,6 +27,7 @@ import org.apache.poi.hssf.record.Interf
import org.apache.poi.poifs.crypt.ChunkedCipherInputStream;
import org.apache.poi.poifs.crypt.Decryptor;
import org.apache.poi.poifs.crypt.EncryptionInfo;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianConsts;
import org.apache.poi.util.LittleEndianInput;
@@ -35,6 +36,8 @@ import org.apache.poi.util.RecordFormatE
public final class Biff8DecryptingStream implements BiffHeaderInput, LittleEndianInput {
public static final int RC4_REKEYING_INTERVAL = 1024;
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
private final EncryptionInfo info;
private ChunkedCipherInputStream ccis;
@@ -43,7 +46,7 @@ public final class Biff8DecryptingStream
public Biff8DecryptingStream(InputStream in, int initialOffset, EncryptionInfo info) throws RecordFormatException {
try {
- byte initialBuf[] = new byte[initialOffset];
+ byte initialBuf[] = IOUtils.safelyAllocate(initialOffset, MAX_RECORD_LENGTH);
InputStream stream;
if (initialOffset == 0) {
stream = in;
Modified: poi/trunk/src/java/org/apache/poi/hssf/usermodel/HSSFWorkbook.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/hssf/usermodel/HSSFWorkbook.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/hssf/usermodel/HSSFWorkbook.java (original)
+++ poi/trunk/src/java/org/apache/poi/hssf/usermodel/HSSFWorkbook.java Thu Sep 21 14:52:59 2017
@@ -112,6 +112,7 @@ import org.apache.poi.ss.usermodel.Sheet
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.poi.util.Configurator;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayInputStream;
@@ -128,6 +129,10 @@ import org.apache.poi.util.POILogger;
* @see org.apache.poi.hssf.usermodel.HSSFSheet
*/
public final class HSSFWorkbook extends POIDocument implements org.apache.poi.ss.usermodel.Workbook {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private static final Pattern COMMA_PATTERN = Pattern.compile(",");
/**
@@ -1552,7 +1557,7 @@ public final class HSSFWorkbook extends
if (sid == BoundSheetRecord.sid) {
// special case for the field_1_position_of_BOF (=lbPlyPos) field of
// the BoundSheet8 record which must be unencrypted
- byte bsrBuf[] = new byte[len];
+ byte bsrBuf[] = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH);
plain.readFully(bsrBuf);
os.writePlain(bsrBuf, 0, 4);
os.write(bsrBuf, 4, len-4);
Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherInputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherInputStream.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherInputStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherInputStream.java Thu Sep 21 14:52:59 2017
@@ -27,11 +27,16 @@ import javax.crypto.IllegalBlockSizeExce
import javax.crypto.ShortBufferException;
import org.apache.poi.EncryptedDocumentException;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndianInputStream;
@Internal
public abstract class ChunkedCipherInputStream extends LittleEndianInputStream {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private final int chunkSize;
private final int chunkBits;
@@ -55,8 +60,8 @@ public abstract class ChunkedCipherInput
this.pos = initialPos;
this.chunkSize = chunkSize;
int cs = chunkSize == -1 ? 4096 : chunkSize;
- this.chunk = new byte[cs];
- this.plain = new byte[cs];
+ this.chunk = IOUtils.safelyAllocate(cs, MAX_RECORD_LENGTH);
+ this.plain = IOUtils.safelyAllocate(cs, MAX_RECORD_LENGTH);
this.chunkBits = Integer.bitCount(chunk.length-1);
this.lastIndex = (int)(pos >> chunkBits);
this.cipher = initCipherForBlock(null, lastIndex);
Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java Thu Sep 21 14:52:59 2017
@@ -47,6 +47,9 @@ import org.apache.poi.util.TempFile;
@Internal
public abstract class ChunkedCipherOutputStream extends FilterOutputStream {
private static final POILogger LOG = POILogFactory.getLogger(ChunkedCipherOutputStream.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private static final int STREAMING = -1;
private final int chunkSize;
@@ -70,7 +73,7 @@ public abstract class ChunkedCipherOutpu
super(null);
this.chunkSize = chunkSize;
int cs = chunkSize == STREAMING ? 4096 : chunkSize;
- this.chunk = new byte[cs];
+ this.chunk = IOUtils.safelyAllocate(cs, MAX_RECORD_LENGTH);
this.plainByteFlags = new BitSet(cs);
this.chunkBits = Integer.bitCount(cs-1);
this.fileOut = TempFile.createTempFile("encrypted_package", "crypt");
@@ -84,7 +87,7 @@ public abstract class ChunkedCipherOutpu
super(stream);
this.chunkSize = chunkSize;
int cs = chunkSize == STREAMING ? 4096 : chunkSize;
- this.chunk = new byte[cs];
+ this.chunk = IOUtils.safelyAllocate(cs, MAX_RECORD_LENGTH);
this.plainByteFlags = new BitSet(cs);
this.chunkBits = Integer.bitCount(cs-1);
this.fileOut = null;
Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java Thu Sep 21 14:52:59 2017
@@ -34,6 +34,7 @@ import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.RC2ParameterSpec;
import org.apache.poi.EncryptedDocumentException;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianConsts;
@@ -44,6 +45,10 @@ import org.apache.poi.util.StringUtil;
*/
@Internal
public class CryptoFunctions {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
/**
* <p><cite>2.3.4.7 ECMA-376 Document Encryption Key Generation (Standard Encryption)<br>
* 2.3.4.11 Encryption Key Generation (Agile Encryption)</cite></p>
@@ -280,7 +285,7 @@ public class CryptoFunctions {
private static byte[] getBlockX(byte[] hash, int size, byte fill) {
if (hash.length == size) return hash;
- byte[] result = new byte[size];
+ byte[] result = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
Arrays.fill(result, fill);
System.arraycopy(hash, 0, result, 0, Math.min(result.length, hash.length));
return result;
Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/DataSpaceMapUtils.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/DataSpaceMapUtils.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/DataSpaceMapUtils.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/DataSpaceMapUtils.java Thu Sep 21 14:52:59 2017
@@ -26,6 +26,7 @@ import org.apache.poi.poifs.filesystem.D
import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.POIFSWriterEvent;
import org.apache.poi.poifs.filesystem.POIFSWriterListener;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianByteArrayOutputStream;
import org.apache.poi.util.LittleEndianConsts;
import org.apache.poi.util.LittleEndianInput;
@@ -33,6 +34,10 @@ import org.apache.poi.util.LittleEndianO
import org.apache.poi.util.StringUtil;
public class DataSpaceMapUtils {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static void addDefaultDataSpace(DirectoryEntry dir) throws IOException {
DataSpaceMapEntry dsme = new DataSpaceMapEntry(
new int[]{ 0 }
@@ -332,7 +337,7 @@ public class DataSpaceMapUtils {
return length == 0 ? null : "";
}
- byte data[] = new byte[length];
+ byte data[] = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH);
is.readFully(data);
// Padding (variable): A set of bytes that MUST be of correct size such that the size of the UTF-8-LP-P4
Modified: poi/trunk/src/java/org/apache/poi/poifs/dev/POIFSDump.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/dev/POIFSDump.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/dev/POIFSDump.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/dev/POIFSDump.java Thu Sep 21 14:52:59 2017
@@ -39,6 +39,10 @@ import org.apache.poi.util.IOUtils;
* Dump internal structure of a OLE2 file into file system
*/
public class POIFSDump {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
public static void main(String[] args) throws IOException {
if (args.length == 0) {
System.err.println("Must specify at least one file to dump");
@@ -132,7 +136,7 @@ public class POIFSDump {
try {
NPOIFSStream stream = new NPOIFSStream(fs, startBlock);
- byte[] b = new byte[fs.getBigBlockSize()];
+ byte[] b = IOUtils.safelyAllocate(fs.getBigBlockSize(), MAX_RECORD_LENGTH);
for (ByteBuffer bb : stream) {
int len = bb.remaining();
bb.get(b);
Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java Thu Sep 21 14:52:59 2017
@@ -20,6 +20,7 @@ package org.apache.poi.poifs.filesystem;
import java.io.IOException;
import java.io.InputStream;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianInput;
import org.apache.poi.util.SuppressForbidden;
Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/NDocumentInputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/NDocumentInputStream.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/NDocumentInputStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/NDocumentInputStream.java Thu Sep 21 14:52:59 2017
@@ -22,6 +22,7 @@ import java.nio.ByteBuffer;
import java.util.Iterator;
import org.apache.poi.poifs.property.DocumentProperty;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
/**
@@ -224,7 +225,7 @@ public final class NDocumentInputStream
long rval = new_offset - _current_offset;
// TODO Do this better
- byte[] skip = new byte[(int)rval];
+ byte[] skip = IOUtils.safelyAllocate(rval, Integer.MAX_VALUE);
readFully(skip);
return rval;
}
Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSDocument.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSDocument.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSDocument.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSDocument.java Thu Sep 21 14:52:59 2017
@@ -31,13 +31,18 @@ import org.apache.poi.poifs.common.POIFS
import org.apache.poi.poifs.dev.POIFSViewable;
import org.apache.poi.poifs.property.DocumentProperty;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
/**
* This class manages a document in the NIO POIFS filesystem.
* This is the {@link NPOIFSFileSystem} version.
*/
public final class NPOIFSDocument implements POIFSViewable {
- private DocumentProperty _property;
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
+ private DocumentProperty _property;
private NPOIFSFileSystem _filesystem;
private NPOIFSStream _stream;
@@ -147,7 +152,7 @@ public final class NPOIFSDocument implem
int usedInBlock = length % _block_size;
if (usedInBlock != 0 && usedInBlock != _block_size) {
int toBlockEnd = _block_size - usedInBlock;
- byte[] padding = new byte[toBlockEnd];
+ byte[] padding = IOUtils.safelyAllocate(toBlockEnd, MAX_RECORD_LENGTH);
Arrays.fill(padding, (byte)0xFF);
os.write(padding);
}
@@ -214,7 +219,7 @@ public final class NPOIFSDocument implem
if(getSize() > 0) {
// Get all the data into a single array
- byte[] data = new byte[getSize()];
+ byte[] data = IOUtils.safelyAllocate(getSize(), MAX_RECORD_LENGTH);
int offset = 0;
for(ByteBuffer buffer : _stream) {
int length = Math.min(_block_size, data.length-offset);
Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/NPOIFSFileSystem.java Thu Sep 21 14:52:59 2017
@@ -66,7 +66,10 @@ import org.apache.poi.util.POILogger;
public class NPOIFSFileSystem extends BlockStore
implements POIFSViewable, Closeable
{
- private static final POILogger LOG = POILogFactory.getLogger(NPOIFSFileSystem.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
+ private static final POILogger LOG = POILogFactory.getLogger(NPOIFSFileSystem.class);
/**
* Convenience method for clients that want to avoid the auto-close behaviour of the constructor.
@@ -103,7 +106,8 @@ public class NPOIFSFileSystem extends Bl
if(newFS) {
// Data needs to initially hold just the header block,
// a single bat block, and an empty properties section
- _data = new ByteArrayBackedDataSource(new byte[bigBlockSize.getBigBlockSize()*3]);
+ _data = new ByteArrayBackedDataSource(IOUtils.safelyAllocate(
+ bigBlockSize.getBigBlockSize()*3, MAX_RECORD_LENGTH));
}
}
Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java Thu Sep 21 14:52:59 2017
@@ -21,6 +21,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianConsts;
import org.apache.poi.util.LittleEndianOutputStream;
@@ -34,9 +35,12 @@ import org.apache.poi.util.StringUtil;
*/
public class Ole10Native {
+
public static final String OLE10_NATIVE = "\u0001Ole10Native";
protected static final String ISO1 = "ISO-8859-1";
-
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000_000;
+
// (the fields as they appear in the raw record:)
private int totalSize; // 4 bytes, total size of record not including this field
private short flags1 = 2; // 2 bytes, unknown, mostly [02 00]
@@ -97,7 +101,7 @@ public class Ole10Native {
public static Ole10Native createFromEmbeddedOleObject(DirectoryNode directory) throws IOException, Ole10NativeException {
DocumentEntry nativeEntry =
(DocumentEntry)directory.getEntry(OLE10_NATIVE);
- byte[] data = new byte[nativeEntry.getSize()];
+ byte[] data = IOUtils.safelyAllocate(nativeEntry.getSize(), MAX_RECORD_LENGTH);
int readBytes = directory.createDocumentInputStream(nativeEntry).read(data);
assert(readBytes == data.length);
@@ -196,7 +200,7 @@ public class Ole10Native {
if ((long)dataSize + (long)ofs > (long)data.length) { //cast to avoid overflow
throw new Ole10NativeException("Invalid Ole10Native: declared data length > available data");
}
- dataBuffer = new byte[dataSize];
+ dataBuffer = IOUtils.safelyAllocate(dataSize, MAX_RECORD_LENGTH);
System.arraycopy(data, ofs, dataBuffer, 0, dataSize);
ofs += dataSize;
}
Modified: poi/trunk/src/java/org/apache/poi/poifs/nio/ByteArrayBackedDataSource.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/nio/ByteArrayBackedDataSource.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/nio/ByteArrayBackedDataSource.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/nio/ByteArrayBackedDataSource.java Thu Sep 21 14:52:59 2017
@@ -17,6 +17,8 @@
package org.apache.poi.poifs.nio;
+import org.apache.poi.util.IOUtils;
+
import java.io.IOException;
import java.io.OutputStream;
import java.nio.ByteBuffer;
@@ -25,6 +27,9 @@ import java.nio.ByteBuffer;
* A POIFS {@link DataSource} backed by a byte array.
*/
public class ByteArrayBackedDataSource extends DataSource {
+ //Can we make this shorter?
+ private static final int MAX_RECORD_LENGTH = Integer.MAX_VALUE;
+
private byte[] buffer;
private long size;
@@ -76,7 +81,8 @@ public class ByteArrayBackedDataSource e
difference = 4096;
}
- byte[] nb = new byte[(int)(difference+buffer.length)];
+ long totalLen = difference+buffer.length;
+ byte[] nb = IOUtils.safelyAllocate(totalLen, MAX_RECORD_LENGTH);
System.arraycopy(buffer, 0, nb, 0, (int)size);
buffer = nb;
}
Modified: poi/trunk/src/java/org/apache/poi/poifs/property/NPropertyTable.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/property/NPropertyTable.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/property/NPropertyTable.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/property/NPropertyTable.java Thu Sep 21 14:52:59 2017
@@ -29,6 +29,7 @@ import org.apache.poi.poifs.common.POIFS
import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;
import org.apache.poi.poifs.filesystem.NPOIFSStream;
import org.apache.poi.poifs.storage.HeaderBlock;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
@@ -40,6 +41,9 @@ import org.apache.poi.util.POILogger;
public final class NPropertyTable extends PropertyTableBase {
private static final POILogger _logger =
POILogFactory.getLogger(NPropertyTable.class);
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private POIFSBigBlockSize _bigBigBlockSize;
public NPropertyTable(HeaderBlock headerBlock)
@@ -86,7 +90,7 @@ public final class NPropertyTable extend
bb.array().length == bigBlockSize.getBigBlockSize()) {
data = bb.array();
} else {
- data = new byte[bigBlockSize.getBigBlockSize()];
+ data = IOUtils.safelyAllocate(bigBlockSize.getBigBlockSize(), MAX_RECORD_LENGTH);
int toRead = data.length;
if (bb.remaining() < bigBlockSize.getBigBlockSize()) {
Modified: poi/trunk/src/java/org/apache/poi/poifs/storage/DocumentBlock.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/storage/DocumentBlock.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/storage/DocumentBlock.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/storage/DocumentBlock.java Thu Sep 21 14:52:59 2017
@@ -32,6 +32,10 @@ import org.apache.poi.util.IOUtils;
* @author Marc Johnson (mjohnson at apache dot org)
*/
public final class DocumentBlock extends BigBlock {
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
private static final byte _default_value = ( byte ) 0xFF;
private byte[] _data;
private int _bytes_read;
@@ -81,7 +85,7 @@ public final class DocumentBlock extends
private DocumentBlock(POIFSBigBlockSize bigBlockSize)
{
super(bigBlockSize);
- _data = new byte[ bigBlockSize.getBigBlockSize() ];
+ _data = IOUtils.safelyAllocate(bigBlockSize.getBigBlockSize(), MAX_RECORD_LENGTH);
Arrays.fill(_data, _default_value);
}
Modified: poi/trunk/src/java/org/apache/poi/poifs/storage/HeaderBlock.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/storage/HeaderBlock.java?rev=1809169&r1=1809168&r2=1809169&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/storage/HeaderBlock.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/storage/HeaderBlock.java Thu Sep 21 14:52:59 2017
@@ -41,7 +41,11 @@ import org.apache.poi.util.ShortField;
* The block containing the archive header
*/
public final class HeaderBlock implements HeaderBlockConstants {
- private static final byte _default_value = ( byte ) 0xFF;
+
+ //arbitrarily selected; may need to increase
+ private static final int MAX_RECORD_LENGTH = 100_000;
+
+ private static final byte _default_value = ( byte ) 0xFF;
/**
* What big block size the file uses. Most files
@@ -104,7 +108,7 @@ public final class HeaderBlock implement
// Fetch the rest of the block if needed
if(bigBlockSize.getBigBlockSize() != 512) {
int rest = bigBlockSize.getBigBlockSize() - 512;
- byte[] tmp = new byte[rest];
+ byte[] tmp = IOUtils.safelyAllocate(rest, MAX_RECORD_LENGTH);
IOUtils.readFully(stream, tmp);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org