diff options
| author | Dominik Stadler <centic@apache.org> | 2021-12-13 19:22:34 +0000 |
|---|---|---|
| committer | Dominik Stadler <centic@apache.org> | 2021-12-13 19:22:34 +0000 |
| commit | 9fa33b2b7e2fafb98fc9f5c784dd21487a14816a (patch) | |
| tree | 94a16a0e39db095d729c514f510bbd73bae4997e /poi | |
| parent | 8ef0b9d29a740cf9eefab1d6250130683dd7cf5e (diff) | |
| download | poi-9fa33b2b7e2fafb98fc9f5c784dd21487a14816a.tar.gz poi-9fa33b2b7e2fafb98fc9f5c784dd21487a14816a.zip | |
Fix issues found when fuzzing Apache POI via Jazzer
Add some additional allocation limits to avoid OOM in
some more cases with some broken input files
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1895922 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi')
| -rw-r--r-- | poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java index 7ac3a2ccdd..eba62568b9 100644 --- a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java +++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java @@ -64,6 +64,8 @@ public class POIFSFileSystem extends BlockStore private static final int DEFAULT_MAX_RECORD_LENGTH = 100_000; private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH; + private static final int MAX_ALLOCATION_SIZE = 100_000_000; + private static final Logger LOG = LogManager.getLogger(POIFSFileSystem.class); /** @@ -334,6 +336,10 @@ public class POIFSFileSystem extends BlockStore if (maxSize > Integer.MAX_VALUE) { throw new IllegalArgumentException("Unable read a >2gb file via an InputStream"); } + + // don't allow huge allocations with invalid header-values + IOUtils.safelyAllocateCheck(maxSize, MAX_ALLOCATION_SIZE); + ByteBuffer data = ByteBuffer.allocate((int) maxSize); // Copy in the header |