From 9fa33b2b7e2fafb98fc9f5c784dd21487a14816a Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Mon, 13 Dec 2021 19:22:34 +0000
Subject: Fix issues found when fuzzing Apache POI via Jazzer

Add some additional allocation limits to avoid OOM in
some more cases with some broken input files

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1895922 13f79535-47bb-0310-9956-ffa450edef68
---
 .../main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java  | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'poi')

diff --git a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java
index 7ac3a2ccdd..eba62568b9 100644
--- a/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java
+++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/POIFSFileSystem.java
@@ -64,6 +64,8 @@ public class POIFSFileSystem extends BlockStore
     private static final int DEFAULT_MAX_RECORD_LENGTH = 100_000;
     private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
 
+    private static final int MAX_ALLOCATION_SIZE = 100_000_000;
+
     private static final Logger LOG = LogManager.getLogger(POIFSFileSystem.class);
 
     /**
@@ -334,6 +336,10 @@ public class POIFSFileSystem extends BlockStore
             if (maxSize > Integer.MAX_VALUE) {
                 throw new IllegalArgumentException("Unable read a >2gb file via an InputStream");
             }
+
+            // don't allow huge allocations with invalid header-values
+            IOUtils.safelyAllocateCheck(maxSize, MAX_ALLOCATION_SIZE);
+
             ByteBuffer data = ByteBuffer.allocate((int) maxSize);
 
             // Copy in the header
-- 
cgit v1.2.3