aboutsummaryrefslogtreecommitdiffstats
path: root/src/java/org
diff options
context:
space:
mode:
Diffstat (limited to 'src/java/org')
-rw-r--r--src/java/org/apache/poi/hpsf/UnicodeString.java62
1 files changed, 49 insertions, 13 deletions
diff --git a/src/java/org/apache/poi/hpsf/UnicodeString.java b/src/java/org/apache/poi/hpsf/UnicodeString.java
index 38c3ad4945..0d3cdbf292 100644
--- a/src/java/org/apache/poi/hpsf/UnicodeString.java
+++ b/src/java/org/apache/poi/hpsf/UnicodeString.java
@@ -23,17 +23,36 @@ import org.apache.poi.util.POILogger;
import org.apache.poi.util.StringUtil;
@Internal
-class UnicodeString
-{
-
- private final static POILogger logger = POILogFactory
- .getLogger( UnicodeString.class );
+class UnicodeString {
+ private final static POILogger logger =
+ POILogFactory.getLogger( UnicodeString.class );
private byte[] _value;
- UnicodeString( byte[] data, int offset )
- {
+ UnicodeString(byte[] data, int offset) {
int length = LittleEndian.getInt( data, offset );
+ int dataOffset = offset + LittleEndian.INT_SIZE;
+
+ if (! validLength(length, data, dataOffset)) {
+ // If the length looks wrong, this might be because the offset is sometimes expected
+ // to be on a 4 byte boundary. Try checking with that if so, rather than blowing up with
+ // and ArrayIndexOutOfBoundsException below
+ boolean valid = false;
+ int past4byte = offset % 4;
+ if (past4byte != 0) {
+ offset = offset + past4byte;
+ length = LittleEndian.getInt( data, offset );
+ dataOffset = offset + LittleEndian.INT_SIZE;
+
+ valid = validLength(length, data, dataOffset);
+ }
+
+ if (!valid) {
+ throw new IllegalPropertySetDataException(
+ "UnicodeString started at offset #" + offset +
+ " is not NULL-terminated" );
+ }
+ }
if ( length == 0 )
{
@@ -41,13 +60,30 @@ class UnicodeString
return;
}
- _value = LittleEndian.getByteArray( data, offset
- + LittleEndian.INT_SIZE, length * 2 );
+ _value = LittleEndian.getByteArray( data, dataOffset, length * 2 );
+ }
+
+ /**
+ * Checks to see if the specified length seems valid,
+ * given the amount of data available still to read,
+ * and the requirement that the string be NULL-terminated
+ */
+ boolean validLength(int length, byte[] data, int offset) {
+ if (length == 0) {
+ return true;
+ }
+
+ int endOffset = offset + (length * 2);
+ if (endOffset <= data.length) {
+ // Data Length is OK, ensure it's null terminated too
+ if (data[endOffset-1] == 0 && data[endOffset-2] == 0) {
+ // Length looks plausible
+ return true;
+ }
+ }
- if ( _value[length * 2 - 1] != 0 || _value[length * 2 - 2] != 0 )
- throw new IllegalPropertySetDataException(
- "UnicodeString started at offset #" + offset
- + " is not NULL-terminated" );
+ // Something's up/invalid with that length for the given data+offset
+ return false;
}
int getSize()