[bug-65372] allow max entry size to be higher than 4Gb

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1894036 13f79535-47bb-0310-9956-ffa450edef68
author: PJ Fanning <fanningpj@apache.org> 2021-10-08 18:12:18 +0000
committer: PJ Fanning <fanningpj@apache.org> 2021-10-08 18:12:18 +0000
commit: 5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab (patch)
tree: 9a59560fe739f808f76a0740be70430b401222f1
parent: 47118082ffbe065bffca3717f4d53e348c66e8b1 (diff)
download: poi-5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab.tar.gz
poi-5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab.zip
4 files changed, 35 insertions, 4 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
index 290b5fbd8c..e9365b4a74 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
@@ -22,6 +22,8 @@ import java.io.IOException;
 
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipFile;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * This class wraps a {@link ZipFile} in order to check the
@@ -32,6 +34,7 @@ import org.apache.commons.compress.archivers.zip.ZipFile;
  * and {@link #setMinInflateRatio(double)}.
  */
 public class ZipSecureFile extends ZipFile {
+    private static final Logger LOG = LogManager.getLogger(ZipSecureFile.class);
     /* package */ static double MIN_INFLATE_RATIO = 0.01d;
     /* package */ static long MAX_ENTRY_SIZE = 0xFFFFFFFFL;
     
@@ -71,10 +74,13 @@ public class ZipSecureFile extends ZipFile {
      * security vulnerabilities when documents are provided by users.
      *
      * @param maxEntrySize the max. file size of a single zip entry
+     * @throws IllegalArgumentException for negative maxEntrySize
      */
     public static void setMaxEntrySize(long maxEntrySize) {
-        if (maxEntrySize < 0 || maxEntrySize > 0xFFFFFFFFL) {   // don't use MAX_ENTRY_SIZE here!
-            throw new IllegalArgumentException("Max entry size is bounded [0-4GB], but had " + maxEntrySize);
+        if (maxEntrySize < 0) {
+            throw new IllegalArgumentException("Max entry size must be greater than or equal to zero");
+        } else if (maxEntrySize > 0xFFFFFFFFL) {
+            LOG.atWarn().log("setting max entry size greater tahn 4Gb can be risky; set to " + maxEntrySize + " bytes");
         }
         MAX_ENTRY_SIZE = maxEntrySize;
     }
diff --git a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
index 65bdc4bcbf..038dcee86d 100644
--- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
@@ -32,7 +32,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 
 import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
diff --git a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
index d80a44a1d8..2eef717dfa 100644
--- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
@@ -25,7 +25,7 @@ import org.junit.jupiter.api.Test;
 import java.io.InputStream;
 import java.util.Enumeration;
 
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 class TestZipSecureFile {
     @Test
@@ -47,4 +47,20 @@ class TestZipSecureFile {
             }
         }
     }
+
+    @Test
+    void testSettingMaxEntrySizeAsNegative() {
+        assertThrows(IllegalArgumentException.class, () -> ZipSecureFile.setMaxEntrySize(-1));
+    }
+
+    @Test
+    void testSettingMaxEntrySizeAs8Gb() {
+        long approx8Gb = 0xFFFFFFFFL * 2;
+        try {
+            ZipSecureFile.setMaxEntrySize(approx8Gb);
+            assertEquals(approx8Gb, ZipSecureFile.getMaxEntrySize());
+        } finally {
+            ZipSecureFile.setMaxEntrySize(0xFFFFFFFFL);
+        }
+    }
 }
diff --git a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
index b630075831..581b3bbefa 100644
--- a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
@@ -139,4 +139,14 @@ class TestXWPFBugs {
             zf.close();
         }
     }
+
+    @Test
+    void bug65320() throws Exception {
+        try (
+                OPCPackage pkg = OPCPackage.open(samples.getFile("bug65320.docx"));
+                XWPFDocument document = new XWPFDocument(pkg)
+        ){
+            assertEquals(1, document.getAllPictures().size());
+        }
+    }
 }
 \ No newline at end of file
author	PJ Fanning <fanningpj@apache.org>	2021-10-08 18:12:18 +0000
committer	PJ Fanning <fanningpj@apache.org>	2021-10-08 18:12:18 +0000
commit	5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab (patch)
tree	9a59560fe739f808f76a0740be70430b401222f1
parent	47118082ffbe065bffca3717f4d53e348c66e8b1 (diff)
download	poi-5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab.tar.gz poi-5e7d8e85ca47f41eb870c42be6b88fb0ce0f4cab.zip