]> source.dussan.org Git - poi.git/commitdiff
projects / poi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4711808)
[bug-65372] allow max entry size to be higher than 4Gb
authorPJ Fanning <fanningpj@apache.org>
Fri, 8 Oct 2021 18:12:18 +0000 (18:12 +0000)
committerPJ Fanning <fanningpj@apache.org>
Fri, 8 Oct 2021 18:12:18 +0000 (18:12 +0000)
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1894036 13f79535-47bb-0310-9956-ffa450edef68

poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java patch | blob | history
poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java patch | blob | history
poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java patch | blob | history
poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java patch | blob | history

diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
index 290b5fbd8c55a41e3c2c8b1d2f84dbc58da64677..e9365b4a74ed919d64c25bb88f86377e1afcfcb7 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
@@ -22,6 +22,8 @@ import java.io.IOException;
 
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipFile;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * This class wraps a {@link ZipFile} in order to check the
@@ -32,6 +34,7 @@ import org.apache.commons.compress.archivers.zip.ZipFile;
  * and {@link #setMinInflateRatio(double)}.
  */
 public class ZipSecureFile extends ZipFile {
+    private static final Logger LOG = LogManager.getLogger(ZipSecureFile.class);
     /* package */ static double MIN_INFLATE_RATIO = 0.01d;
     /* package */ static long MAX_ENTRY_SIZE = 0xFFFFFFFFL;
     
@@ -71,10 +74,13 @@ public class ZipSecureFile extends ZipFile {
      * security vulnerabilities when documents are provided by users.
      *
      * @param maxEntrySize the max. file size of a single zip entry
+     * @throws IllegalArgumentException for negative maxEntrySize
      */
     public static void setMaxEntrySize(long maxEntrySize) {
-        if (maxEntrySize < 0 || maxEntrySize > 0xFFFFFFFFL) {   // don't use MAX_ENTRY_SIZE here!
-            throw new IllegalArgumentException("Max entry size is bounded [0-4GB], but had " + maxEntrySize);
+        if (maxEntrySize < 0) {
+            throw new IllegalArgumentException("Max entry size must be greater than or equal to zero");
+        } else if (maxEntrySize > 0xFFFFFFFFL) {
+            LOG.atWarn().log("setting max entry size greater tahn 4Gb can be risky; set to " + maxEntrySize + " bytes");
         }
         MAX_ENTRY_SIZE = maxEntrySize;
     }
diff --git a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
index 65bdc4bcbf4284b22084f31a43307844a326f9ec..038dcee86d312bfb9496a4f62e13614503cc845e 100644 (file)
--- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
@@ -32,7 +32,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 
 import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
diff --git a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
index d80a44a1d8777afa0e5d7f7ac103c2c28c427ff2..2eef717dfa709faa2d03f7117c9ffc7a467139b9 100644 (file)
--- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
@@ -25,7 +25,7 @@ import org.junit.jupiter.api.Test;
 import java.io.InputStream;
 import java.util.Enumeration;
 
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 class TestZipSecureFile {
     @Test
@@ -47,4 +47,20 @@ class TestZipSecureFile {
             }
         }
     }
+
+    @Test
+    void testSettingMaxEntrySizeAsNegative() {
+        assertThrows(IllegalArgumentException.class, () -> ZipSecureFile.setMaxEntrySize(-1));
+    }
+
+    @Test
+    void testSettingMaxEntrySizeAs8Gb() {
+        long approx8Gb = 0xFFFFFFFFL * 2;
+        try {
+            ZipSecureFile.setMaxEntrySize(approx8Gb);
+            assertEquals(approx8Gb, ZipSecureFile.getMaxEntrySize());
+        } finally {
+            ZipSecureFile.setMaxEntrySize(0xFFFFFFFFL);
+        }
+    }
 }
diff --git a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
index b630075831f701601327a9c333a1362b64341a2e..581b3bbefa1e24211de504f75a5df9546bb0d4e1 100644 (file)
--- a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
@@ -139,4 +139,14 @@ class TestXWPFBugs {
             zf.close();
         }
     }
+
+    @Test
+    void bug65320() throws Exception {
+        try (
+                OPCPackage pkg = OPCPackage.open(samples.getFile("bug65320.docx"));
+                XWPFDocument document = new XWPFDocument(pkg)
+        ){
+            assertEquals(1, document.getAllPictures().size());
+        }
+    }
 }
\ No newline at end of file
Mirror of Apache POI: https://github.com/apache/poi