Avoid a possible StackOverflowException
This adds support of counting of the "nesting level" into the base
EscherRecord and thus makes this existing limitation much more effective
as it kicks in for more types of nested records.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66374
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@
1919256 13f79535-47bb-0310-9956-
ffa450edef68
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt", FileNotFoundException.class);
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-4624961081573376.ppt", FileNotFoundException.class);
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5018229722382336.ppt", RuntimeException.class);
+ EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6192650357112832.ppt", RuntimeException.class);
}
public static Stream<Arguments> files() {
return fillFields(data, pOffset, recordFactory, 0);
}
- int fillFields(byte[] data, int pOffset, EscherRecordFactory recordFactory, int nesting) {
+ @Override
+ protected int fillFields(byte[] data, int pOffset, EscherRecordFactory recordFactory, int nesting) {
if (nesting > MAX_NESTED_CHILD_NODES) {
throw new IllegalStateException("Had more than the limit of " + MAX_NESTED_CHILD_NODES + " nested child notes");
}
} else if (child instanceof UnknownEscherRecord) {
childBytesWritten = ((UnknownEscherRecord)child).fillFields(data, offset, recordFactory, nesting + 1);
} else {
- childBytesWritten = child.fillFields(data, offset, recordFactory);
+ childBytesWritten = child.fillFields(data, offset, recordFactory, nesting + 1);
}
bytesWritten += childBytesWritten;
*/
public abstract int fillFields( byte[] data, int offset, EscherRecordFactory recordFactory );
+ /**
+ * Internal method to prevent too deep nesting/using too much memory.
+ *
+ * This is done by counting the level of "nesting" via the parameter.
+ *
+ * The default method just forwards to fillFields() so it does not properly
+ * handle nesting. Subclasses which do recursive calls need to pass
+ * around the nesting-level properly.
+ *
+ * Usually both fillFields() methods should be overwritten by subclasses,
+ * the one without the "nesting"-parameter should routes to this one in
+ * classes which overwrite this method and this method should be overwritten
+ * with the actual functionality to fill fields.
+ *
+ * @param data The byte array containing the serialized escher
+ * records.
+ * @param offset The offset into the byte array.
+ * @param recordFactory A factory for creating new escher records.
+ * @param nesting The current nesting factor, usually increased by one on each recursive call
+ * @return The number of bytes written.
+ */
+ protected int fillFields(byte[] data, int offset, EscherRecordFactory recordFactory, int nesting) {
+ return fillFields(data, offset, recordFactory);
+ }
+
/**
* Reads the 8 byte header information and populates the <code>options</code>
* and <code>recordId</code> records.
return fillFields(data, offset, recordFactory, 0);
}
- int fillFields(byte[] data, int offset, EscherRecordFactory recordFactory, int nesting) {
+ @Override
+ protected int fillFields(byte[] data, int offset, EscherRecordFactory recordFactory, int nesting) {
if (nesting > MAX_NESTED_CHILD_NODES) {
throw new IllegalStateException("Had more than the limit of " + MAX_NESTED_CHILD_NODES + " nested child notes");
}
if (child instanceof EscherContainerRecord) {
childBytesWritten = ((EscherContainerRecord)child).fillFields(data, offset, recordFactory, nesting + 1);
} else {
- childBytesWritten = child.fillFields(data, offset, recordFactory);
+ childBytesWritten = child.fillFields(data, offset, recordFactory, nesting + 1);
}
bytesWritten += childBytesWritten;
offset += childBytesWritten;
projects / poi.git / commitdiff