You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "Maxim Valyanskiy (JIRA)" <ji...@apache.org> on 2011/05/18 15:57:48 UTC

[jira] [Created] (TIKA-662) Prevent creating of ZipInputStreamZipEntrySource when reading files from disk

Prevent creating of ZipInputStreamZipEntrySource when reading files from disk
-----------------------------------------------------------------------------

                 Key: TIKA-662
                 URL: https://issues.apache.org/jira/browse/TIKA-662
             Project: Tika
          Issue Type: Improvement
            Reporter: Maxim Valyanskiy


POI provides two ways to open OPCPackage - via InputStream and via File. Creating OPCPackage from InputStream casuses creation of ZipInputStreamZipEntrySource, that buffers all uncompressed data in memory. This takes a lot of memory and it is not needed when we are reading files from disk or when we already copied stream into temporary file.

This patch removes usage of ZipInputStreamZipEntrySource in this case.

Unfortunately, it breaks ZIP-bomb prevention for OOXML parser (and other parsers that uses TikaInputStream.getFile()). I think that ZIP-bomb prevention should be additionally implemented for that formats before committing this to SVN.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (TIKA-662) Prevent creating of ZipInputStreamZipEntrySource when reading files from disk

Posted by "Maxim Valyanskiy (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TIKA-662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maxim Valyanskiy resolved TIKA-662.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 1.0

This issue almost duplicates TIKA-645. The rest few lines is commited in r1124577.

> Prevent creating of ZipInputStreamZipEntrySource when reading files from disk
> -----------------------------------------------------------------------------
>
>                 Key: TIKA-662
>                 URL: https://issues.apache.org/jira/browse/TIKA-662
>             Project: Tika
>          Issue Type: Improvement
>            Reporter: Maxim Valyanskiy
>             Fix For: 1.0
>
>         Attachments: TIKA-662.patch
>
>
> POI provides two ways to open OPCPackage - via InputStream and via File. Creating OPCPackage from InputStream casuses creation of ZipInputStreamZipEntrySource, that buffers all uncompressed data in memory. This takes a lot of memory and it is not needed when we are reading files from disk or when we already copied stream into temporary file.
> This patch removes usage of ZipInputStreamZipEntrySource in this case.
> Unfortunately, it breaks ZIP-bomb prevention for OOXML parser (and other parsers that uses TikaInputStream.getFile()). I think that ZIP-bomb prevention should be additionally implemented for that formats before committing this to SVN.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (TIKA-662) Prevent creating of ZipInputStreamZipEntrySource when reading files from disk

Posted by "Maxim Valyanskiy (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/TIKA-662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Maxim Valyanskiy updated TIKA-662:
----------------------------------

    Attachment: TIKA-662.patch

patch

> Prevent creating of ZipInputStreamZipEntrySource when reading files from disk
> -----------------------------------------------------------------------------
>
>                 Key: TIKA-662
>                 URL: https://issues.apache.org/jira/browse/TIKA-662
>             Project: Tika
>          Issue Type: Improvement
>            Reporter: Maxim Valyanskiy
>         Attachments: TIKA-662.patch
>
>
> POI provides two ways to open OPCPackage - via InputStream and via File. Creating OPCPackage from InputStream casuses creation of ZipInputStreamZipEntrySource, that buffers all uncompressed data in memory. This takes a lot of memory and it is not needed when we are reading files from disk or when we already copied stream into temporary file.
> This patch removes usage of ZipInputStreamZipEntrySource in this case.
> Unfortunately, it breaks ZIP-bomb prevention for OOXML parser (and other parsers that uses TikaInputStream.getFile()). I think that ZIP-bomb prevention should be additionally implemented for that formats before committing this to SVN.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira