bug 61300 -- prevent really long (infinite?) loop on corrupt file

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1801989 13f79535-47bb-0310-9956-ffa450edef68

src/integrationtest/org/apache/poi/TestAllFiles.java

@@ -331,7 +331,8 @@ public class TestAllFiles {
         // need JDK8+ - https://bugs.openjdk.java.net/browse/JDK-8038081
         "slideshow/42474-2.ppt",
         // OPC handler works / XSSF handler fails
-        "spreadsheet/57181.xlsm"
+        "spreadsheet/57181.xlsm",
+        "spreadsheet/61300.xls"//intentionally fuzzed -- used to cause infinite loop
     );
 
     @Parameters(name="{index}: {0} using {1}")

src/integrationtest/org/apache/poi/stress/HSSFFileHandler.java

@@ -16,6 +16,17 @@
 ==================================================================== */
 package org.apache.poi.stress;
 
+import static org.junit.Assert.assertFalse;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.util.HashSet;
+import java.util.Set;
+
 import org.apache.poi.EncryptedDocumentException;
 import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.hssf.dev.BiffViewer;
@@ -23,12 +34,6 @@ import org.apache.poi.hssf.usermodel.HSSFWorkbook;
 import org.apache.poi.util.RecordFormatException;
 import org.junit.Test;
 
-import java.io.*;
-import java.util.HashSet;
-import java.util.Set;
-
-import static org.junit.Assert.assertFalse;
-
 public class HSSFFileHandler extends SpreadsheetHandler {
 	private final POIFSFileHandler delegate = new POIFSFileHandler();
 	@Override
@@ -61,6 +66,7 @@ public class HSSFFileHandler extends SpreadsheetHandler {
 		EXPECTED_ADDITIONAL_FAILURES.add("spreadsheet/50833.xls");
 		EXPECTED_ADDITIONAL_FAILURES.add("spreadsheet/51832.xls");
 		EXPECTED_ADDITIONAL_FAILURES.add("spreadsheet/XRefCalc.xls");
+		EXPECTED_ADDITIONAL_FAILURES.add("spreadsheet/61300.xls");
 	}
 
 	@Override

src/java/org/apache/poi/poifs/filesystem/NDocumentInputStream.java

@@ -70,6 +70,9 @@ public final class NDocumentInputStream extends DocumentInputStream {
         _document_size = document.getSize();
         _closed = false;
 
+        if (_document_size < 0) {
+            //throw new RecordFormatException("Document size can't be < 0");
+        }
         DocumentNode doc = (DocumentNode)document;
         DocumentProperty property = (DocumentProperty)doc.getProperty();
         _document = new NPOIFSDocument(
@@ -248,6 +251,10 @@ public final class NDocumentInputStream extends DocumentInputStream {
 
    @Override
 	public void readFully(byte[] buf, int off, int len) {
+        if (len < 0) {
+           throw new RuntimeException("Can't read negative number of bytes");
+        }
+
 		checkAvaliable(len);
 
 		int read = 0;

src/java/org/apache/poi/poifs/filesystem/ODocumentInputStream.java

@@ -20,6 +20,7 @@ package org.apache.poi.poifs.filesystem;
 import java.io.IOException;
 
 import org.apache.poi.poifs.storage.DataInputBlock;
+import org.apache.poi.util.RecordFormatException;
 
 /**
  * This class provides methods to read a DocumentEntry managed by a
@@ -64,6 +65,9 @@ public final class ODocumentInputStream extends DocumentInputStream {
 		_current_offset = 0;
 		_marked_offset = 0;
 		_document_size = document.getSize();
+		if (_document_size < 0) {
+			throw new RecordFormatException("document_size cannot be < 0");
+		}
 		_closed = false;
 		_document = documentNode.getDocument();
 		_currentBlock = getDataInputBlock(0);

src/java/org/apache/poi/util/BoundedInputStream.java

@@ -19,8 +19,6 @@ package org.apache.poi.util;
 import java.io.IOException;
 import java.io.InputStream;
 
-import org.apache.poi.util.SuppressForbidden;
-
 /**
  * This is a stream that will only supply bytes up to a certain length - if its
  * position goes above that, it will stop.

src/java/org/apache/poi/util/IOUtils.java

@@ -310,6 +310,9 @@ public final class IOUtils {
         byte[] buff = new byte[4096];
         int count;
         while ((count = inp.read(buff)) != -1) {
+            if (count < -1) {
+                throw new RecordFormatException("Can't have read < -1 bytes");
+            }
             if (count > 0) {
                 out.write(buff, 0, count);
             }

src/testcases/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java

@@ -24,6 +24,7 @@ import java.io.PrintStream;
 import org.apache.poi.EncryptedDocumentException;
 import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.hssf.record.RecordInputStream;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.BeforeClass;
 
 public class TestBiffDrawingToXml extends BaseXLSIteratingTest {
@@ -45,6 +46,7 @@ public class TestBiffDrawingToXml extends BaseXLSIteratingTest {
         EXCLUDED.put("60284.xls", OldExcelFormatException.class); // Biff 5 / Excel 95
         EXCLUDED.put("43493.xls", RecordInputStream.LeftoverDataException.class);  // HSSFWorkbook cannot open it as well
         EXCLUDED.put("44958_1.xls", RecordInputStream.LeftoverDataException.class);
+        EXCLUDED.put("61300.xls", RecordFormatException.class);
     }
 	
 	@Override

src/testcases/org/apache/poi/hssf/dev/TestBiffViewer.java

@@ -28,6 +28,7 @@ import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.hssf.record.RecordInputStream;
 import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;
 import org.apache.poi.util.LocaleUtil;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -53,6 +54,7 @@ public class TestBiffViewer extends BaseXLSIteratingTest {
         // EXCLUDED.put("44958_1.xls", RecordInputStream.LeftoverDataException.class);
         EXCLUDED.put("50833.xls", IllegalArgumentException.class);       // "Name is too long" when setting username
         EXCLUDED.put("XRefCalc.xls", RuntimeException.class);            // "Buffer overrun"
+        EXCLUDED.put("61300.xls", RecordFormatException.class);
     }
 
     @Override

src/testcases/org/apache/poi/hssf/dev/TestEFBiffViewer.java

@@ -24,6 +24,7 @@ import org.apache.poi.EncryptedDocumentException;
 import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.hssf.record.RecordInputStream;
 import org.apache.poi.util.LocaleUtil;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.BeforeClass;
 
 public class TestEFBiffViewer extends BaseXLSIteratingTest {
@@ -46,6 +47,7 @@ public class TestEFBiffViewer extends BaseXLSIteratingTest {
         EXCLUDED.put("43493.xls", RecordInputStream.LeftoverDataException.class);  // HSSFWorkbook cannot open it as well
         EXCLUDED.put("44958_1.xls", RecordInputStream.LeftoverDataException.class);
         EXCLUDED.put("XRefCalc.xls", RuntimeException.class);            // "Buffer overrun"
+        EXCLUDED.put("61300.xls", RecordFormatException.class);
     }
 	
 	@Override

src/testcases/org/apache/poi/hssf/dev/TestFormulaViewer.java

@@ -25,6 +25,7 @@ import org.apache.poi.EncryptedDocumentException;
 import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.hssf.record.RecordInputStream;
 import org.apache.poi.util.LocaleUtil;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.BeforeClass;
 
 public class TestFormulaViewer extends BaseXLSIteratingTest {
@@ -46,6 +47,7 @@ public class TestFormulaViewer extends BaseXLSIteratingTest {
         EXCLUDED.put("60284.xls", OldExcelFormatException.class); // Biff 5 / Excel 95
         EXCLUDED.put("43493.xls", RecordInputStream.LeftoverDataException.class);  // HSSFWorkbook cannot open it as well
         EXCLUDED.put("44958_1.xls", RecordInputStream.LeftoverDataException.class);
+        EXCLUDED.put("61300.xls", RecordFormatException.class);
     }
 	
     @Override

src/testcases/org/apache/poi/hssf/dev/TestReSave.java

@@ -16,20 +16,21 @@
 ==================================================================== */
 package org.apache.poi.hssf.dev;
 
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.PrintStream;
+
 import org.apache.poi.EncryptedDocumentException;
 import org.apache.poi.POIDataSamples;
 import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.hssf.record.RecordInputStream;
 import org.apache.poi.util.LocaleUtil;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 
-import java.io.File;
-import java.io.PrintStream;
-
-import static org.junit.Assert.assertTrue;
-
 public class TestReSave extends BaseXLSIteratingTest {
     @BeforeClass
     public static void setup() {
@@ -50,6 +51,7 @@ public class TestReSave extends BaseXLSIteratingTest {
         EXCLUDED.put("43493.xls", RecordInputStream.LeftoverDataException.class);  // HSSFWorkbook cannot open it as well
         EXCLUDED.put("44958_1.xls", RecordInputStream.LeftoverDataException.class);
         EXCLUDED.put("XRefCalc.xls", RuntimeException.class);            // "Buffer overrun"
+        EXCLUDED.put("61300.xls", RecordFormatException.class);
     }
 
 	@Override

src/testcases/org/apache/poi/hssf/dev/TestRecordLister.java

@@ -22,6 +22,7 @@ import java.io.PrintStream;
 
 import org.apache.poi.hssf.OldExcelFormatException;
 import org.apache.poi.util.LocaleUtil;
+import org.apache.poi.util.RecordFormatException;
 import org.junit.BeforeClass;
 
 public class TestRecordLister extends BaseXLSIteratingTest {
@@ -37,6 +38,7 @@ public class TestRecordLister extends BaseXLSIteratingTest {
         EXCLUDED.put("60284.xls", OldExcelFormatException.class); // Biff 5 / Excel 5
         EXCLUDED.put("testEXCEL_95.xls", OldExcelFormatException.class); // Biff 5 / Excel 95
         EXCLUDED.put("60284.xls", OldExcelFormatException.class); // Biff 5 / Excel 95
+        EXCLUDED.put("61300.xls", RecordFormatException.class);
 
     }
 	

src/testcases/org/apache/poi/hssf/usermodel/TestBugs.java

@@ -45,6 +45,8 @@ import java.util.Locale;
 import java.util.TimeZone;
 
 import org.apache.poi.EncryptedDocumentException;
+import org.apache.poi.hpsf.PropertySet;
+import org.apache.poi.hpsf.SummaryInformation;
 import org.apache.poi.hssf.HSSFITestDataProvider;
 import org.apache.poi.hssf.HSSFTestDataSamples;
 import org.apache.poi.hssf.OldExcelFormatException;
@@ -63,6 +65,8 @@ import org.apache.poi.hssf.record.aggregates.PageSettingsBlock;
 import org.apache.poi.hssf.record.aggregates.RecordAggregate;
 import org.apache.poi.hssf.record.common.UnicodeString;
 import org.apache.poi.hssf.record.crypto.Biff8EncryptionKey;
+import org.apache.poi.poifs.filesystem.DocumentEntry;
+import org.apache.poi.poifs.filesystem.DocumentInputStream;
 import org.apache.poi.poifs.filesystem.NPOIFSFileSystem;
 import org.apache.poi.poifs.filesystem.OPOIFSFileSystem;
 import org.apache.poi.poifs.filesystem.POIFSFileSystem;
@@ -3139,4 +3143,15 @@ public final class TestBugs extends BaseTestBugzillaIssues {
         wb.close();
     }
 
+    @Test(expected = RuntimeException.class)
+    public void test61300() throws Exception {
+        NPOIFSFileSystem npoifs = new NPOIFSFileSystem(HSSFTestDataSamples.openSampleFileStream("61300.xls"));
+
+        DocumentEntry entry =
+                (DocumentEntry) npoifs.getRoot().getEntry(SummaryInformation.DEFAULT_STREAM_NAME);
+        PropertySet properties =
+                new PropertySet(new DocumentInputStream(entry));
+
+    }
+
 }