diff options
author | Andreas Beeker <kiwiwings@apache.org> | 2018-04-27 21:38:19 +0000 |
---|---|---|
committer | Andreas Beeker <kiwiwings@apache.org> | 2018-04-27 21:38:19 +0000 |
commit | f94245e9d876c49462bc66bdc573ea11160b617a (patch) | |
tree | b3ad7edff8643e1fdb024a568f1e071f98232537 /src/scratchpad | |
parent | 48f03cd45abcef0ca26e91e2080f430557a2c70b (diff) | |
download | poi-f94245e9d876c49462bc66bdc573ea11160b617a.tar.gz poi-f94245e9d876c49462bc66bdc573ea11160b617a.zip |
#59893 - Forbid calls to InputStream.available
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1830400 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'src/scratchpad')
3 files changed, 67 insertions, 61 deletions
diff --git a/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java b/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java index db3eb5ab7a..c732f39c7b 100644 --- a/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java +++ b/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java @@ -171,7 +171,7 @@ public final class TextSpecInfoAtom extends RecordAtom { public TextSpecInfoRun[] getTextSpecInfoRuns(){ LittleEndianByteArrayInputStream bis = new LittleEndianByteArrayInputStream(_data); // NOSONAR List<TextSpecInfoRun> lst = new ArrayList<>(); - while (bis.available() > 0) { + while (bis.getReadIndex() < _data.length) { lst.add(new TextSpecInfoRun(bis)); } return lst.toArray(new TextSpecInfoRun[lst.size()]); diff --git a/src/scratchpad/src/org/apache/poi/hwmf/usermodel/HwmfPicture.java b/src/scratchpad/src/org/apache/poi/hwmf/usermodel/HwmfPicture.java index 07e7d16cdb..fa59f4bc31 100644 --- a/src/scratchpad/src/org/apache/poi/hwmf/usermodel/HwmfPicture.java +++ b/src/scratchpad/src/org/apache/poi/hwmf/usermodel/HwmfPicture.java @@ -50,52 +50,59 @@ public class HwmfPicture { final HwmfHeader header; public HwmfPicture(InputStream inputStream) throws IOException { - BufferedInputStream bis = new BufferedInputStream(inputStream, 10000); - LittleEndianInputStream leis = new LittleEndianInputStream(bis); - placeableHeader = HwmfPlaceableHeader.readHeader(leis); - header = new HwmfHeader(leis); - - for (;;) { - if (leis.available() < 6) { - logger.log(POILogger.ERROR, "unexpected eof - wmf file was truncated"); - break; - } - // recordSize in DWORDs - long recordSizeLong = leis.readUInt()*2; - if (recordSizeLong > Integer.MAX_VALUE) { - throw new RecordFormatException("record size can't be > "+Integer.MAX_VALUE); - } else if (recordSizeLong < 0L) { - throw new RecordFormatException("record size can't be < 0"); - } - int recordSize = (int)recordSizeLong; - int recordFunction = leis.readShort(); - // 4 bytes (recordSize) + 2 bytes (recordFunction) - int consumedSize = 6; - HwmfRecordType wrt = HwmfRecordType.getById(recordFunction); - if (wrt == null) { - throw new IOException("unexpected record type: "+recordFunction); - } - if (wrt == HwmfRecordType.eof) break; - if (wrt.clazz == null) { - throw new IOException("unsupported record type: "+recordFunction); - } - - HwmfRecord wr; - try { - wr = wrt.clazz.newInstance(); - records.add(wr); - } catch (Exception e) { - throw (IOException)new IOException("can't create wmf record").initCause(e); - } - - consumedSize += wr.init(leis, recordSize, recordFunction); - int remainingSize = recordSize - consumedSize; - if (remainingSize < 0) { - throw new RecordFormatException("read too many bytes. record size: "+recordSize + "; comsumed size: "+consumedSize); - } else if(remainingSize > 0) { - long skipped = IOUtils.skipFully(leis, remainingSize); - if (skipped != (long)remainingSize) { - throw new RecordFormatException("Tried to skip "+remainingSize + " but skipped: "+skipped); + + try (BufferedInputStream bis = new BufferedInputStream(inputStream, 10000); + LittleEndianInputStream leis = new LittleEndianInputStream(bis)) { + placeableHeader = HwmfPlaceableHeader.readHeader(leis); + header = new HwmfHeader(leis); + + for (;;) { + long recordSize; + int recordFunction; + try { + // recordSize in DWORDs + long recordSizeLong = leis.readUInt()*2; + if (recordSizeLong > Integer.MAX_VALUE) { + throw new RecordFormatException("record size can't be > "+Integer.MAX_VALUE); + } else if (recordSizeLong < 0L) { + throw new RecordFormatException("record size can't be < 0"); + } + recordSize = (int)recordSizeLong; + recordFunction = leis.readShort(); + } catch (Exception e) { + logger.log(POILogger.ERROR, "unexpected eof - wmf file was truncated"); + break; + } + // 4 bytes (recordSize) + 2 bytes (recordFunction) + int consumedSize = 6; + HwmfRecordType wrt = HwmfRecordType.getById(recordFunction); + if (wrt == null) { + throw new IOException("unexpected record type: "+recordFunction); + } + if (wrt == HwmfRecordType.eof) { + break; + } + if (wrt.clazz == null) { + throw new IOException("unsupported record type: "+recordFunction); + } + + HwmfRecord wr; + try { + wr = wrt.clazz.newInstance(); + records.add(wr); + } catch (Exception e) { + throw (IOException)new IOException("can't create wmf record").initCause(e); + } + + consumedSize += wr.init(leis, recordSize, recordFunction); + int remainingSize = (int)(recordSize - consumedSize); + if (remainingSize < 0) { + throw new RecordFormatException("read too many bytes. record size: "+recordSize + "; comsumed size: "+consumedSize); + } else if(remainingSize > 0) { + long skipped = IOUtils.skipFully(leis, remainingSize); + if (skipped != (long)remainingSize) { + throw new RecordFormatException("Tried to skip "+remainingSize + " but skipped: "+skipped); + } } } } diff --git a/src/scratchpad/testcases/org/apache/poi/hwmf/TestHwmfParsing.java b/src/scratchpad/testcases/org/apache/poi/hwmf/TestHwmfParsing.java index 97a042c764..1667b67b49 100644 --- a/src/scratchpad/testcases/org/apache/poi/hwmf/TestHwmfParsing.java +++ b/src/scratchpad/testcases/org/apache/poi/hwmf/TestHwmfParsing.java @@ -32,6 +32,7 @@ import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FilterInputStream; import java.io.IOException; +import java.io.InputStream; import java.net.URL; import java.nio.charset.Charset; import java.util.List; @@ -57,32 +58,30 @@ import org.junit.Ignore; import org.junit.Test; public class TestHwmfParsing { + + private static final POIDataSamples samples = POIDataSamples.getSlideShowInstance(); + + @Test public void parse() throws IOException { - File f = POIDataSamples.getSlideShowInstance().getFile("santa.wmf"); - FileInputStream fis = new FileInputStream(f); - HwmfPicture wmf = new HwmfPicture(fis); - fis.close(); - List<HwmfRecord> records = wmf.getRecords(); - assertEquals(581, records.size()); + try (InputStream fis = samples.openResourceAsStream("santa.wmf")) { + HwmfPicture wmf = new HwmfPicture(fis); + List<HwmfRecord> records = wmf.getRecords(); + assertEquals(581, records.size()); + } } @Test(expected = RecordFormatException.class) public void testInfiniteLoop() throws Exception { - File f = POIDataSamples.getSlideShowInstance().getFile("61338.wmf"); - FileInputStream fis = null; - try { - fis = new FileInputStream(f); - HwmfPicture wmf = new HwmfPicture(fis); - } finally { - fis.close(); + try (InputStream is = samples.openResourceAsStream("61338.wmf")) { + new HwmfPicture(is); } } @Test @Ignore("This is work-in-progress and not a real unit test ...") public void paint() throws IOException { - File f = POIDataSamples.getSlideShowInstance().getFile("santa.wmf"); + File f = samples.getFile("santa.wmf"); // File f = new File("bla.wmf"); FileInputStream fis = new FileInputStream(f); HwmfPicture wmf = new HwmfPicture(fis); |