svn commit: r1764927 - in /poi/trunk/src: java/org/apache/poi/poifs/filesystem/Ole10Native.java testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java

[tallison]

Author: tallison
Date: Fri Oct 14 14:57:29 2016
New Revision: 1764927

URL: http://svn.apache.org/viewvc?rev=1764927&view=rev
Log:
add length sanity check for length of embedded OLE10Native (BUG 60256)

Modified:
    poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java
    poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java

Modified: poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java?rev=1764927&r1=1764926&r2=1764927&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java 
(original)
+++ poi/trunk/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java Fri Oct 
14 14:57:29 2016
@@ -192,7 +192,10 @@ public class Ole10Native {
             dataSize = totalSize;
             break;
         }
-        
+
+        if ((long)dataSize + (long)ofs > (long)data.length) { //cast to avoid 
overflow
+            throw new Ole10NativeException("Invalid Ole10Native: declared data 
length > available data");
+        }
         dataBuffer = new byte[dataSize];
         System.arraycopy(data, ofs, dataBuffer, 0, dataSize);
         ofs += dataSize;

Modified: 
poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java?rev=1764927&r1=1764926&r2=1764927&view=diff
==============================================================================
--- 
poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java 
(original)
+++ 
poi/trunk/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java 
Fri Oct 14 14:57:29 2016
@@ -20,6 +20,8 @@ package org.apache.poi.poifs.filesystem;
 import static org.hamcrest.core.IsEqual.equalTo;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -110,10 +112,14 @@ public class TestOle10Native {
     }
 
     @Test
-    @Ignore("BUG 60256")
     public void testOleNativeOOM() throws IOException, Ole10NativeException {
         POIFSFileSystem fs = new 
POIFSFileSystem(dataSamples.openResourceAsStream("60256.bin"));
-        Ole10Native ole = Ole10Native.createFromEmbeddedOleObject(fs);
+        try {
+            Ole10Native.createFromEmbeddedOleObject(fs);
+            fail("Should have thrown exception because OLENative lacks a 
length parameter");
+        } catch (Ole10NativeException e) {
+            assertTrue(e.getMessage().indexOf("declared data length") > -1);
+        }
     }
 
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@poi.apache.org
For additional commands, e-mail: commits-h...@poi.apache.org