return toSkip - remain;
}
+ public static byte[] safelyAllocate(long length, int maxLength) {
+ if (length < 0L) {
+ throw new RecordFormatException("Can't allocate an array of length < 0");
+ }
+ if (length > (long)Integer.MAX_VALUE) {
+ throw new RecordFormatException("Can't allocate an array > "+Integer.MAX_VALUE);
+ }
+ if (length > maxLength) {
+ throw new RecordFormatException("Not allowed to allocate an array > "+
+ maxLength+" for this record type." +
+ "If the file is not corrupt, please open an issue on bugzilla to request " +
+ "increasing the maximum allowable size for this record type");
+ }
+ return new byte[(int)length];
+ }
}
import org.apache.poi.hemf.hemfplus.record.HemfPlusRecord;
import org.apache.poi.hemf.hemfplus.record.HemfPlusRecordType;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.RecordFormatException;
@Internal
public class HemfCommentEMFPlus extends AbstractHemfComment {
+ private static final int MAX_RECORD_LENGTH = 1000000;
+
+
long dataSize;
public HemfCommentEMFPlus(byte[] rawBytes) {
//these rawBytes contain only the EMFPlusRecord(s?)
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
}
- byte[] dataBytes = new byte[size];
+ byte[] dataBytes = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH);
System.arraycopy(bytes, offset, dataBytes, 0, size);
try {
record.init(dataBytes, recordId, flags);
import java.util.ArrayList;
import java.util.List;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianConsts;
@Internal
public class HemfCommentPublic {
+ private static final int MAX_RECORD_LENGTH = 1000000;
+
+
/**
* Stub, to be implemented
*/
}
List<HemfMultiFormatsData> list = new ArrayList<HemfMultiFormatsData>();
for (EmrFormat emrFormat : emrFormatList) {
- byte[] data = new byte[emrFormat.size];
+ byte[] data = IOUtils.safelyAllocate(emrFormat.size, MAX_RECORD_LENGTH);
System.arraycopy(rawBytes, emrFormat.offset-4, data, 0, emrFormat.size);
list.add(new HemfMultiFormatsData(emrFormat.signature, emrFormat.version, data));
}
wmfBytes = new byte[0];
return;
}
- if (winMetafileSizeLong > Integer.MAX_VALUE) {
- throw new RecordFormatException("Metafile record length can't be > Integer.MAX_VALUE");
- }
- int winMetafileSize = (int)winMetafileSizeLong;
- wmfBytes = new byte[winMetafileSize];
- System.arraycopy(rawBytes, offset, wmfBytes, 0, winMetafileSize);
+ wmfBytes = IOUtils.safelyAllocate(winMetafileSizeLong, MAX_RECORD_LENGTH);
+ System.arraycopy(rawBytes, offset, wmfBytes, 0, wmfBytes.length);
}
/**
*/
@Internal
public class HemfCommentRecord implements HemfRecord {
+ private static final int MAX_RECORD_LENGTH = 1000000;
public final static long COMMENT_EMFSPOOL = 0x00000000;
public final static long COMMENT_EMFPLUS = 0x2B464D45;
int dataSize = (int)remainingDataSize;
int recordSize = (int)remainingRecordSize;
- byte[] arr = new byte[dataSize+initialBytes.length];
+ byte[] arr = IOUtils.safelyAllocate(dataSize+initialBytes.length, MAX_RECORD_LENGTH);
System.arraycopy(initialBytes,0,arr, 0, initialBytes.length);
long read = IOUtils.readFully(leis, arr, initialBytes.length, dataSize);
if (read != dataSize) {
}
private byte[] readToByteArray(LittleEndianInputStream leis, long dataSize, long recordSize) throws IOException {
- assert dataSize < Integer.MAX_VALUE;
if (recordSize == 0) {
return new byte[0];
}
- byte[] arr = new byte[(int)dataSize];
+ byte[] arr = IOUtils.safelyAllocate(dataSize, MAX_RECORD_LENGTH);
long read = IOUtils.readFully(leis, arr);
if (read != dataSize) {
@Internal
public class HemfHeader implements HemfRecord {
+ private static final int MAX_RECORD_LENGTH = 1000000;
+
+
private Rectangle boundsRectangle;
private Rectangle frameRectangle;
private long bytes;
throw new IOException("Not a valid EMF header. Record type:"+recordId);
}
//read the record--id and size (2 bytes) have already been read
- byte[] data = new byte[(int)recordSize];
+ byte[] data = IOUtils.safelyAllocate(recordSize, MAX_RECORD_LENGTH);
IOUtils.readFully(leis, data);
int offset = 0;
@Internal
public class HemfText {
- private final static Charset UTF16LE = Charset.forName("UTF-16LE");
+ private static final Charset UTF16LE = Charset.forName("UTF-16LE");
+ private static final int MAX_RECORD_LENGTH = 1000000;
public static class ExtCreateFontIndirectW extends UnimplementedHemfRecord {
}
}
//guarantee to read the rest of the EMRTextObjectRecord
//emrtextbytes start after 7*4 bytes read above
- byte[] emrTextBytes = new byte[recordSizeInt-(7*LittleEndian.INT_SIZE)];
+ byte[] emrTextBytes = IOUtils.safelyAllocate(recordSizeInt-(7*LittleEndian.INT_SIZE), MAX_RECORD_LENGTH);
IOUtils.readFully(leis, emrTextBytes);
textObject = new EmrTextObject(emrTextBytes, getEncodingHint(), 20);//should be 28, but recordSizeInt has already subtracted 8
return recordSize;
}
if (numCharsLong > Integer.MAX_VALUE) {
throw new RecordFormatException("Number of characters can't be > Integer.MAX_VALUE");
+ } else if (numCharsLong < 0) {
+ throw new RecordFormatException("Number of characters can't be < 0");
}
+
numChars = (int)numCharsLong;
- rawTextBytes = new byte[emrTextObjBytes.length-start];
+ rawTextBytes = IOUtils.safelyAllocate(emrTextObjBytes.length-start, MAX_RECORD_LENGTH);
System.arraycopy(emrTextObjBytes, start, rawTextBytes, 0, emrTextObjBytes.length-start);
}
package org.apache.poi.hwmf.record;
+import javax.imageio.ImageIO;
import java.awt.Color;
import java.awt.Graphics2D;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.InputStream;
-import javax.imageio.ImageIO;
-
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianConsts;
* The DeviceIndependentBitmap Object defines an image in device-independent bitmap (DIB) format.
*/
public class HwmfBitmapDib {
+
+ private static final int MAX_RECORD_LENGTH = 10000000;
+
public static enum BitCount {
/**
* The image SHOULD be in either JPEG or PNG format. <6> Neither of these formats includes
int imageSize = (int)Math.max(imageData.length, introSize+headerImageSize);
// create the image data and leave the parsing to the ImageIO api
- byte buf[] = new byte[BMP_HEADER_SIZE+imageSize];
+ byte buf[] = IOUtils.safelyAllocate(BMP_HEADER_SIZE+imageSize, MAX_RECORD_LENGTH);
// https://en.wikipedia.org/wiki/BMP_file_format # Bitmap file header
buf[0] = (byte)'B';
import org.apache.poi.hwmf.record.HwmfMisc.WmfSetMapMode;
import org.apache.poi.util.BitField;
import org.apache.poi.util.BitFieldFactory;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndianConsts;
import org.apache.poi.util.LittleEndianInputStream;
import org.apache.poi.util.POILogFactory;
public class HwmfText {
private static final POILogger logger = POILogFactory.getLogger(HwmfText.class);
-
+ private static final int MAX_RECORD_LENGTH = 1000000;
+
/**
* The META_SETTEXTCHAREXTRA record defines inter-character spacing for text justification in the
* playback device context. Spacing is added to the white space between each character, including
@Override
public int init(LittleEndianInputStream leis, long recordSize, int recordFunction) throws IOException {
stringLength = leis.readShort();
- rawTextBytes = new byte[stringLength+(stringLength&1)];
+ rawTextBytes = IOUtils.safelyAllocate(stringLength+(stringLength&1), MAX_RECORD_LENGTH);
leis.readFully(rawTextBytes);
yStart = leis.readShort();
xStart = leis.readShort();
* This does not include the extra optional padding on the byte array.
*/
private byte[] getTextBytes() {
- byte[] ret = new byte[stringLength];
+ byte[] ret = IOUtils.safelyAllocate(stringLength, MAX_RECORD_LENGTH);
System.arraycopy(rawTextBytes, 0, ret, 0, stringLength);
return ret;
}
size += 4*LittleEndianConsts.SHORT_SIZE;
}
- rawTextBytes = new byte[stringLength+(stringLength&1)];
+ rawTextBytes = IOUtils.safelyAllocate(stringLength+(stringLength&1), MAX_RECORD_LENGTH);
leis.readFully(rawTextBytes);
size += rawTextBytes.length;
* This does not include the extra optional padding on the byte array.
*/
private byte[] getTextBytes() {
- byte[] ret = new byte[stringLength];
+ byte[] ret = IOUtils.safelyAllocate(stringLength, MAX_RECORD_LENGTH);
System.arraycopy(rawTextBytes, 0, ret, 0, stringLength);
return ret;
}
projects / poi.git / commitdiff