You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@poi.apache.org by bu...@apache.org on 2015/06/20 17:39:26 UTC

[Bug 50090] 'zip' bomb prevention

https://bz.apache.org/bugzilla/show_bug.cgi?id=50090

--- Comment #3 from Andreas Beeker <ki...@apache.org> ---
Created attachment 32839
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32839&action=edit
[Patch] Zip bomb patch

Here is my zip bomb patch.
I had to reflect into the ZipFile class to get to the raw bits,
which might be a problem with Java 9.
Furthermore there might be a slight decrease in OOXML processing performance,
which I haven't profiled.

Should there be an option to bypass the new handling?

If nobody complaints, I'll apply the patch on 24.06.2015 and check the jenkins
results for other runtimes.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org