aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Stadler <centic@apache.org>2021-12-30 23:04:16 +0000
committerDominik Stadler <centic@apache.org>2021-12-30 23:04:16 +0000
commit35e96646f4e35d9600ba2a5cd662c1bde99dd0b8 (patch)
tree78ecaf80d30eacd57342683f6d6ccd955e7d0206
parent8f991d52f735e53d9e67427992f8ddce51b43ba2 (diff)
downloadpoi-35e96646f4e35d9600ba2a5cd662c1bde99dd0b8.tar.gz
poi-35e96646f4e35d9600ba2a5cd662c1bde99dd0b8.zip
Limit the maximum number of records that are read for an XLS
To avoid unexpected behavior on some corrupted input-data git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1896555 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--poi/src/main/java/org/apache/poi/hssf/record/RecordFactory.java15
1 files changed, 11 insertions, 4 deletions
diff --git a/poi/src/main/java/org/apache/poi/hssf/record/RecordFactory.java b/poi/src/main/java/org/apache/poi/hssf/record/RecordFactory.java
index e69f8ee42c..3384019fea 100644
--- a/poi/src/main/java/org/apache/poi/hssf/record/RecordFactory.java
+++ b/poi/src/main/java/org/apache/poi/hssf/record/RecordFactory.java
@@ -22,6 +22,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import org.apache.poi.util.IOUtils;
import org.apache.poi.util.RecordFormatException;
/**
@@ -33,6 +34,9 @@ import org.apache.poi.util.RecordFormatException;
public final class RecordFactory {
private static final int NUM_RECORDS = 512;
+ // how many records we read at max by default (can be adjusted via IOUtils)
+ private static final int MAX_NUMBER_OF_RECORDS = 1_000_000;
+
private RecordFactory() {}
/**
@@ -105,12 +109,13 @@ public final class RecordFactory {
* @return the equivalent array of {@link NumberRecord NumberRecords}
*/
public static NumberRecord[] convertRKRecords(MulRKRecord mrk) {
- if (mrk.getNumColumns() < 0) {
- throw new RecordFormatException("Cannot create RKRecords with negative number of columns: " + mrk.getNumColumns());
+ int numColumns = mrk.getNumColumns();
+ if (numColumns < 0) {
+ throw new RecordFormatException("Cannot create RKRecords with negative number of columns: " + numColumns);
}
- NumberRecord[] mulRecs = new NumberRecord[mrk.getNumColumns()];
- for (int k = 0; k < mrk.getNumColumns(); k++) {
+ NumberRecord[] mulRecs = new NumberRecord[numColumns];
+ for (int k = 0; k < numColumns; k++) {
NumberRecord nr = new NumberRecord();
nr.setColumn((short) (k + mrk.getFirstColumn()));
@@ -171,6 +176,8 @@ public final class RecordFactory {
Record record;
while ((record = recStream.nextRecord())!=null) {
records.add(record);
+
+ IOUtils.safelyAllocateCheck(records.size(), MAX_NUMBER_OF_RECORDS);
}
return records;