From 86a51e4b9bb3dbb041814e74a939762197132165 Mon Sep 17 00:00:00 2001 From: Tim Allison Date: Wed, 8 Aug 2018 16:06:18 +0000 Subject: [PATCH] bug 62592 -- prevent StackOverflowError on corrupt thmx git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1837658 13f79535-47bb-0310-9956-ffa450edef68 --- .../org/apache/poi/openxml4j/opc/ZipPackage.java | 3 +++ .../apache/poi/openxml4j/opc/TestPackage.java | 15 +++++++++++++++ test-data/openxml4j/62592.thmx | Bin 0 -> 3671 bytes 3 files changed, 18 insertions(+) create mode 100644 test-data/openxml4j/62592.thmx diff --git a/src/ooxml/java/org/apache/poi/openxml4j/opc/ZipPackage.java b/src/ooxml/java/org/apache/poi/openxml4j/opc/ZipPackage.java index 40fc2139f5..975e21d981 100644 --- a/src/ooxml/java/org/apache/poi/openxml4j/opc/ZipPackage.java +++ b/src/ooxml/java/org/apache/poi/openxml4j/opc/ZipPackage.java @@ -250,6 +250,9 @@ public final class ZipPackage extends OPCPackage { final ZipArchiveEntry contentTypeEntry = zipArchive.getEntry(CONTENT_TYPES_PART_NAME); if (contentTypeEntry != null) { + if (this.contentTypeManager != null) { + throw new InvalidFormatException("ContentTypeManager can only be created once. This must be a cyclic relation?"); + } try { this.contentTypeManager = new ZipContentTypeManager( zipArchive.getInputStream(contentTypeEntry), this); diff --git a/src/ooxml/testcases/org/apache/poi/openxml4j/opc/TestPackage.java b/src/ooxml/testcases/org/apache/poi/openxml4j/opc/TestPackage.java index a92906b765..ad7fe80c84 100644 --- a/src/ooxml/testcases/org/apache/poi/openxml4j/opc/TestPackage.java +++ b/src/ooxml/testcases/org/apache/poi/openxml4j/opc/TestPackage.java @@ -1090,6 +1090,21 @@ public final class TestPackage { openInvalidFile("SampleSS.txt", true); } + @Test(expected = InvalidFormatException.class) + public void testBug62592() throws Exception { + InputStream is = OpenXML4JTestDataSamples.openSampleStream("62592.thmx"); + OPCPackage p = OPCPackage.open(is); + } + + @Test + public void testBug62592SequentialCallsToGetParts() throws Exception { + //make absolutely certain that sequential calls don't throw InvalidFormatExceptions + String originalFile = OpenXML4JTestDataSamples.getSampleFileName("TestPackageCommon.docx"); + OPCPackage p2 = OPCPackage.open(originalFile, PackageAccess.READ); + p2.getParts(); + p2.getParts(); + } + @Test public void testDoNotCloseStream() throws IOException { OutputStream os = Mockito.mock(OutputStream.class); diff --git a/test-data/openxml4j/62592.thmx b/test-data/openxml4j/62592.thmx new file mode 100644 index 0000000000000000000000000000000000000000..74489e3475a752cf8df69fb6133829455889e462 GIT binary patch literal 3671 zcmeHKi8qvOA0C52k)>uVW6Rc9hsa(jGuA>`O7?Z68H8+=Y*~uN5cS$3yci>*5VA!o z@02}-Mx_yBjLJ5e%s2YZcf#p=|AF_tpL6c>Jm=ik^*q1l{{61&ciUL9bL;_t0Nel> zkd>B8(-?&U0078r0KjelH_*vAFd)E zbznWQe>n4++_O{V1VIgi>rJB31(gPh$$LZ9pT?L-;-;D&xAUzB$a*QEXa_$)^^&ks)mFU(ta@ z>a|LVCk^ws2YF16S`^o{%g4M+vWmoek_@iet$cI!wWftKyD^5*ANw zD@0A#evnJ$?dzviv>Fkp^6BfR2WIJ(RAHMfH3G)O4LxFQ{61EV>}1u5Td)s01g^F* z|63dX;DXo``sG*mcXX-?fF@lQBs!_f_`+l@s!Uw`^&u|qnTLGZ=FgG$0|Wbz63zj7 z^UX{+K1rf09|)z%snm&c=ux2`^?7cs)r`hXmOB@NXl9)VUVFVeV3e5MG1Ku}9P*^N zGJc+#m`e4yMh}+}<=) z^}|<9yH|W^OT>)pJhnx}u)TlABuITLaee`*wd1H!S*UcSb8OA@jfnoI^Wv=gP(L4x z4}8;n+#|pP`G_#inV4?I@NTp_MeJ6B3%kjF&ep9kQL%=bTNZTXp+1#*sv>S6Zc*NUYt z;xl(dnq)`ghvv~*87C}4WJsSJHpIz{v$Z z9N8~rXQPnD`82MR)zW&fueTtyD&3Dq{k4xnNT3|!D>(k(?u2mb(E$<)`PYihV)Iwi z#1EGcFIDu++-IdLdwtDgRa^6Qg}TGMkRZy;%=4^X)Y*rPds~;f^%;#p^xH~jW3dQ9 zRWW?iepDqgLhnK(bTRvi*|NVO)EcS}U9V>ZwUY-cdwV1MvfKuo=!0zQ-4Tb{M8fHo zQN4$ulXqNQ2@c=Xu9yeXr`Z{lH#5V8q_z^S^_xE3RKSYJ`pCIcO~!mJJg6(;?rwnZ zcRen}v$35UG&)y^Rk3sPBt#bFwLE*SqZU*(k|&r2E{GcKPe7!fP|gTMm?%*-W?<)+ zC(_K8(S^~fdO;=yV63IDXmS{*;gMkDU9%Z6kDeYFag404KBT~t<{T(5>eW>HLs25h z{AFzfpHnG+zj4#E6S-fT_pC2fUX}w$Dci;Z5lLzDP}`!DLWAsMh|3?&GY_5dD?N3h z`(bu=;S&des)l`yYdIB*`tksfWQL_bQWCiaulph|n)=T!@)5yjp3Yeb(`IEKBp`GlsDWODA_Ak6K0tnOQo z;iO({-)J4(KFUne2Qhl%(_xLygzh5{4$zK5)1Ve^a^LrUHEWZEei1>(W#8SegzCYK zZi3J9$1%l|B~*ztO<|4@jK7bR=YxH*ME}F-4;u<_so1ybMw4P1XLBP7f~BctWwOi9 zUYqp@Blb%UQ`K*aA{%CEI>(GXk6Gn0xCX+qbRy;|iIDU9c2(pU*aT0-z2sxZbNjh; z2GYS7fMOU0&2m3TN_ExoMu5%ZTJ6tcVTJATMSp+3c4;k19*Y0uEr{JS6Y(^lRk zPNcv&@Kd~r2w2W}h2a66`!R5!c4%?MWe=nGuKene;;28Y%tzJa71jpTxvkNQl`=k7 zAF?gwgdO247JfiNFiYp|aCM~QuV2XRlKElxok%#cQ|xJ0ZjfT! zPJ*-~d17GtXsI~pflChZ9NX?nnmnUbGpu8Z+|ho6B01i*R92YtQlW8Is@^!brxt^6 z^>(uM?hBO_*qfX{_q{Fv9D?N!J%YQN;Op}>E7GEi!TCN9snQ9iZT2|JRnux{HHo{fY_?C=GcPpA#d+s zyaUw;MZ*&&IA1D)FQwcR)ba?r6DyqG6s#zL?&WiEW7=%x3H%TZk| zJSKc9g%sdt;qFUmfBJq$xM98sy>lKhqKF2}@x57WVA7_0><<(6sD0%d9fx)-KGFe( z=-s1e!XkA2&Lqhy>3R>gVV-;oJb;1w8%hmd^`**&qACJ7M%o(Bkl@4y-^c6nwCTfa z&sJ@Q3mz-4tT^29iXCU>kQF{=s>j&WVSW6bgrt6M2^Qy{vT9xTmM(5AfW-HjFGZ)$ zl+1{=*~ZG!$sOIbn83x-x8fTRi)xwMX2My25z8a#x!dZ6nxW_9_yL73~F z(Wo-%S909JPa8&-c1RMbL2Ml-njNt3aB){f@WE}$^IEgFj~b5t!E!id5zoBpWHcy8 z3zd1GqmJh3%Sfoxww~B6S!!5h=(P$d98bO*08VHk9?|N}i(;QyU+SRrp2zd7@4C)nBoZbr+o0|1*E!tKC~rJEh~ z7jzfs@BMW<({_LT#boh2rk`%Ron!mX|KeEOx%F%QCJ$^ZIax0R061Bf3oC`DcsHK@ E12_M0?*IS* literal 0 HcmV?d00001 -- 2.39.5