boundary handling and decompression limits in CompressedRTF#1071
boundary handling and decompression limits in CompressedRTF#1071jmestwa-coder wants to merge 1 commit into
Conversation
jmestwa-coder
force-pushed
the
compressed-rtf-boundary-validation
branch
from
a90480a to
fc05283
Compare
| "\\fmodern \\fscript \\fdecor MS Sans SerifSymbolArialTimes New RomanCourier" + | ||
| "{\\colortbl\\red0\\green0\\blue0\n\r\\par \\pard\\plain\\f0\\fs20\\b\\i\\u\\tab\\tx"; | ||
|
|
||
| private static final int DEFAULT_MAX_RECORD_LENGTH = 50_000_000; |
There was a problem hiding this comment.
why this length as opposed to some other value?
There was a problem hiding this comment.
I mainly wanted a limit that was large enough to avoid rejecting legitimate larger RTF payloads, while still enforcing a reasonable upper bound for malformed or inconsistent size declarations.
The 50MB value was meant as a conservative default rather than a format-defined maximum. Happy to align it with an existing POI-wide limit pattern, or reduce/remove the configurable default if you’d prefer.
jmestwa-coder
force-pushed
the
compressed-rtf-boundary-validation
branch
from
fc05283 to
63cf1a3
Compare
| // Nope, nothing fancy to do | ||
| IOUtils.copy(src, res); | ||
| copyCompressedPayload(src, limited); | ||
| return; |
There was a problem hiding this comment.
don't use return like this - also copyCompressedPayload has its own limit checks, quite untidy to do this
| } | ||
| } | ||
|
|
||
| private static final class LimitedOutputStream extends OutputStream { |
There was a problem hiding this comment.
https://github.com/apache/commons-io/blob/master/src/main/java/org/apache/commons/io/output/CountingOutputStream.java should be usable - don't really like declaring our own class for this
2 participants
Summary
This patch strengthens
CompressedRTFboundary handling and decompression validation for both compressed and uncompressed RTF streams.Changes
IOUtils.safelyAllocateCheck.BoundedInputStream.Tests
Added tests covering: