diff options
| -rw-r--r-- | poi/src/main/java/org/apache/poi/hpsf/Array.java | 14 | ||||
| -rw-r--r-- | poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java | 2 | ||||
| -rw-r--r-- | test-data/spreadsheet/poi-fuzz.xls | bin | 0 -> 7680 bytes | |||
| -rw-r--r-- | test-data/spreadsheet/stress.xls | bin | 38912 -> 39424 bytes |
4 files changed, 11 insertions, 5 deletions
diff --git a/poi/src/main/java/org/apache/poi/hpsf/Array.java b/poi/src/main/java/org/apache/poi/hpsf/Array.java index 94af1369f8..eeaf58683f 100644 --- a/poi/src/main/java/org/apache/poi/hpsf/Array.java +++ b/poi/src/main/java/org/apache/poi/hpsf/Array.java @@ -16,12 +16,15 @@ ==================================================================== */ package org.apache.poi.hpsf; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndianByteArrayInputStream; @Internal -public class Array -{ +public class Array { + + private static final int MAX_NUMBER_OF_ARRAY_SCALARS = 100_000; + static class ArrayDimension { private long _size; @SuppressWarnings("unused") @@ -33,8 +36,7 @@ public class Array } } - static class ArrayHeader - { + static class ArrayHeader { private ArrayDimension[] _dimensions; private int _type; @@ -47,7 +49,7 @@ public class Array String msg = "Array dimension number "+numDimensionsUnsigned+" is not in [1; 31] range"; throw new IllegalPropertySetDataException(msg); } - + int numDimensions = (int) numDimensionsUnsigned; _dimensions = new ArrayDimension[numDimensions]; @@ -86,6 +88,8 @@ public class Array } int numberOfScalars = (int) numberOfScalarsLong; + IOUtils.safelyAllocateCheck(numberOfScalars, MAX_NUMBER_OF_ARRAY_SCALARS); + _values = new TypedPropertyValue[numberOfScalars]; int paddedType = (_header._type == Variant.VT_VARIANT) ? 0 : _header._type; for ( int i = 0; i < numberOfScalars; i++ ) { diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java index 1059213502..5013e45258 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java @@ -40,6 +40,8 @@ class TestBiffViewer extends BaseTestIteratingXLS { excludes.put("XRefCalc.xls", RuntimeException.class); excludes.put("61300.xls", IndexOutOfBoundsException.class); + excludes.put("poi-fuzz.xls", RecordFormatException.class); + return excludes; } diff --git a/test-data/spreadsheet/poi-fuzz.xls b/test-data/spreadsheet/poi-fuzz.xls Binary files differnew file mode 100644 index 0000000000..9acb7005e0 --- /dev/null +++ b/test-data/spreadsheet/poi-fuzz.xls diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls Binary files differindex d8237a26ff..ecfae46d48 100644 --- a/test-data/spreadsheet/stress.xls +++ b/test-data/spreadsheet/stress.xls |