Skip to content

Commit

Permalink
add length sanity check for length of embedded OLE10Native (BUG 60256)
Browse files Browse the repository at this point in the history
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1764927 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
tballison committed Oct 14, 2016
1 parent 442815f commit 7f9f8e9
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
5 changes: 4 additions & 1 deletion src/java/org/apache/poi/poifs/filesystem/Ole10Native.java
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,10 @@ public Ole10Native(byte[] data, int offset) throws Ole10NativeException {
dataSize = totalSize;
break;
}


if ((long)dataSize + (long)ofs > (long)data.length) { //cast to avoid overflow
throw new Ole10NativeException("Invalid Ole10Native: declared data length > available data");
}
dataBuffer = new byte[dataSize];
System.arraycopy(data, ofs, dataBuffer, 0, dataSize);
ofs += dataSize;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ Licensed to the Apache Software Foundation (ASF) under one or more
import static org.hamcrest.core.IsEqual.equalTo;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

import java.io.ByteArrayOutputStream;
import java.io.File;
Expand Down Expand Up @@ -110,10 +112,14 @@ void findOle10(List<Entry> entries, DirectoryNode dn, String path, String filena
}

@Test
@Ignore("BUG 60256")
public void testOleNativeOOM() throws IOException, Ole10NativeException {
POIFSFileSystem fs = new POIFSFileSystem(dataSamples.openResourceAsStream("60256.bin"));
Ole10Native ole = Ole10Native.createFromEmbeddedOleObject(fs);
try {
Ole10Native.createFromEmbeddedOleObject(fs);
fail("Should have thrown exception because OLENative lacks a length parameter");
} catch (Ole10NativeException e) {
assertTrue(e.getMessage().indexOf("declared data length") > -1);
}
}

}

0 comments on commit 7f9f8e9

Please sign in to comment.