diff options
Diffstat (limited to 'poi')
-rw-r--r-- | poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java index 7ac3a2ccdd..eba62568b9 100644 --- a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java +++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java @@ -64,6 +64,8 @@ public class POIFSFileSystem extends BlockStore private static final int DEFAULT_MAX_RECORD_LENGTH = 100_000; private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH; + private static final int MAX_ALLOCATION_SIZE = 100_000_000; + private static final Logger LOG = LogManager.getLogger(POIFSFileSystem.class); /** @@ -334,6 +336,10 @@ public class POIFSFileSystem extends BlockStore if (maxSize > Integer.MAX_VALUE) { throw new IllegalArgumentException("Unable read a >2gb file via an InputStream"); } + + // don't allow huge allocations with invalid header-values + IOUtils.safelyAllocateCheck(maxSize, MAX_ALLOCATION_SIZE); + ByteBuffer data = ByteBuffer.allocate((int) maxSize); // Copy in the header |