From: Nick Burch Date: Mon, 6 Feb 2006 13:12:02 +0000 (+0000) Subject: Fix for bug 38526 - If the record claims to be longer than the remaining data, just... X-Git-Tag: REL_3_0_ALPHA3~185 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=770a5bffa84202cc2b08cbc867e4396161c15a4a;p=poi.git Fix for bug 38526 - If the record claims to be longer than the remaining data, just return null and ignore it git-svn-id: https://svn.apache.org/repos/asf/jakarta/poi/trunk@375274 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/scratchpad/src/org/apache/poi/hslf/record/Record.java b/src/scratchpad/src/org/apache/poi/hslf/record/Record.java index 1e6778a5dc..0a8906d8b9 100644 --- a/src/scratchpad/src/org/apache/poi/hslf/record/Record.java +++ b/src/scratchpad/src/org/apache/poi/hslf/record/Record.java @@ -105,9 +105,12 @@ public abstract class Record throw new CorruptPowerPointFileException("Corrupt document - starts with record of type 0000 and length 0xFFFF"); } -//System.out.println("Found a " + type + " at pos " + pos + " (" + Integer.toHexString(pos) + "), len " + rlen); Record r = createRecordForType(type,b,pos,8+rleni); - children.add(r); + if(r != null) { + children.add(r); + } else { + // Record was horribly corrupt + } pos += 8; pos += rlen; } @@ -132,6 +135,13 @@ public abstract class Record public static Record createRecordForType(long type, byte[] b, int start, int len) { Record toReturn = null; + // Handle case of a corrupt last record, whose claimed length + // would take us passed the end of the file + if(start + len > b.length) { + System.err.println("Warning: Skipping record of type " + type + " at position " + start + " which claims to be longer than the file! (" + len + " vs " + (b.length-start) + ")"); + return null; + } + // We use the RecordTypes class to provide us with the right // class to use for a given type // A spot of reflection gets us the (byte[],int,int) constructor