Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoRun.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoRun.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoRun.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoRun.java Thu Sep 21 14:52:59 2017 @@ -23,6 +23,10 @@ import java.io.OutputStream; import org.apache.poi.util.*; public class TextSpecInfoRun { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * A enum that specifies the spelling status of a run of text. */ @@ -153,7 +157,7 @@ public class TextSpecInfoRun { if (smartTagFld.isSet(mask)) { // An unsigned integer specifies the count of items in rgSmartTagIndex. int count = source.readInt(); - smartTagsBytes = new byte[4+count*4]; + smartTagsBytes = IOUtils.safelyAllocate(4+count*4, MAX_RECORD_LENGTH); LittleEndian.putInt(smartTagsBytes, 0, count); // An array of SmartTagIndex that specifies the indices. // The count of items in the array is specified by count.
Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxInteractiveInfoAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxInteractiveInfoAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxInteractiveInfoAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxInteractiveInfoAtom.java Thu Sep 21 14:52:59 2017 @@ -17,6 +17,7 @@ package org.apache.poi.hslf.record; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.OutputStream; @@ -28,6 +29,10 @@ import java.io.IOException; * @author Yegor Kozlov */ public final class TxInteractiveInfoAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Record header. */ @@ -63,7 +68,7 @@ public final class TxInteractiveInfoAtom System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxMasterStyleAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxMasterStyleAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxMasterStyleAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TxMasterStyleAtom.java Thu Sep 21 14:52:59 2017 @@ -26,6 +26,7 @@ import java.util.List; import org.apache.poi.hslf.exceptions.HSLFException; import org.apache.poi.hslf.model.textproperties.TextPropCollection; import org.apache.poi.hslf.model.textproperties.TextPropCollection.TextPropType; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndianOutputStream; import org.apache.poi.util.POILogFactory; @@ -49,6 +50,8 @@ import org.apache.poi.util.POILogger; */ public final class TxMasterStyleAtom extends RecordAtom { private static final POILogger LOG = POILogFactory.getLogger(TxMasterStyleAtom.class); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; /** * Maximum number of indentation levels allowed in PowerPoint documents @@ -66,7 +69,7 @@ public final class TxMasterStyleAtom ext _header = new byte[8]; System.arraycopy(source,start,_header,0,8); - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,_data.length); //read available styles Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/UnknownRecordPlaceholder.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/UnknownRecordPlaceholder.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/UnknownRecordPlaceholder.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/UnknownRecordPlaceholder.java Thu Sep 21 14:52:59 2017 @@ -17,6 +17,7 @@ package org.apache.poi.hslf.record; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.IOException; import java.io.OutputStream; @@ -31,6 +32,10 @@ import java.io.OutputStream; public final class UnknownRecordPlaceholder extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _contents; private long _type; @@ -43,7 +48,7 @@ public final class UnknownRecordPlacehol if(len < 0) { len = 0; } // Treat as an atom, grab and hold everything - _contents = new byte[len]; + _contents = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); System.arraycopy(source,start,_contents,0,len); _type = LittleEndian.getUShort(_contents,2); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShow.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShow.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShow.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShow.java Thu Sep 21 14:52:59 2017 @@ -90,7 +90,11 @@ import org.apache.poi.util.Units; * understanding DocSlideList and DocNotesList) - handle Slide creation cleaner */ public final class HSLFSlideShow implements SlideShow<HSLFShape,HSLFTextParagraph>, Closeable { - /** Powerpoint document entry/stream name */ + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 10_000_000; + + /** Powerpoint document entry/stream name */ public static final String POWERPOINT_DOCUMENT = "PowerPoint Document"; enum LoadSavePhase { @@ -867,8 +871,7 @@ public final class HSLFSlideShow impleme if (format == null || format.nativeId == -1) { // fail early throw new IllegalArgumentException("Unsupported picture format: " + format); } - int length = (int) pict.length(); - byte[] data = new byte[length]; + byte[] data = IOUtils.safelyAllocate(pict.length(), MAX_RECORD_LENGTH); FileInputStream is = new FileInputStream(pict); try { IOUtils.readFully(is, data); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java Thu Sep 21 14:52:59 2017 @@ -65,6 +65,9 @@ import org.apache.poi.util.POILogger; public final class HSLFSlideShowImpl extends POIDocument implements Closeable { public static final int UNSET_OFFSET = -1; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 10_000_000; + // For logging private POILogger logger = POILogFactory.getLogger(this.getClass()); @@ -412,7 +415,7 @@ public final class HSLFSlideShowImpl ext pict.setSignature(signature); // Copy the data, ready to pass to PictureData - byte[] imgdata = new byte[imgsize]; + byte[] imgdata = IOUtils.safelyAllocate(imgsize, MAX_RECORD_LENGTH); System.arraycopy(pictstream, pos, imgdata, 0, imgdata.length); pict.setRawData(imgdata); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hsmf/datatypes/PropertiesChunk.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hsmf/datatypes/PropertiesChunk.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hsmf/datatypes/PropertiesChunk.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hsmf/datatypes/PropertiesChunk.java Thu Sep 21 14:52:59 2017 @@ -51,6 +51,9 @@ import org.apache.poi.util.POILogger; public abstract class PropertiesChunk extends Chunk { public static final String NAME = "__properties_version1.0"; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** For logging problems we spot with the file */ private POILogger logger = POILogFactory.getLogger(PropertiesChunk.class); @@ -223,7 +226,7 @@ public abstract class PropertiesChunk ex } // Grab the data block - byte[] data = new byte[length]; + byte[] data = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH); IOUtils.readFully(value, data); // Skip over any padding Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwmf/record/HwmfText.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwmf/record/HwmfText.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwmf/record/HwmfText.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwmf/record/HwmfText.java Thu Sep 21 14:52:59 2017 @@ -34,7 +34,7 @@ import org.apache.poi.util.POILogger; public class HwmfText { private static final POILogger logger = POILogFactory.getLogger(HwmfText.class); - private static final int MAX_RECORD_LENGTH = 1000000; + private static final int MAX_RECORD_LENGTH = 1_000_000; /** * The META_SETTEXTCHAREXTRA record defines inter-character spacing for text justification in the Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocument.java Thu Sep 21 14:52:59 2017 @@ -72,6 +72,7 @@ import org.apache.poi.poifs.filesystem.E import org.apache.poi.poifs.filesystem.EntryUtils; import org.apache.poi.poifs.filesystem.NPOIFSFileSystem; import org.apache.poi.poifs.filesystem.POIFSFileSystem; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndianByteArrayOutputStream; @@ -83,6 +84,8 @@ import org.apache.poi.util.LittleEndianB public final class HWPFDocument extends HWPFDocumentCore { /*package*/ static final String PROPERTY_PRESERVE_BIN_TABLES = "org.apache.poi.hwpf.preserveBinTables"; private static final String PROPERTY_PRESERVE_TEXT_TABLE = "org.apache.poi.hwpf.preserveTextTable"; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; private static final String STREAM_DATA = "Data"; @@ -635,7 +638,7 @@ public final class HWPFDocument extends // preserve space for the FileInformationBlock because we will be writing // it after we write everything else. - byte[] placeHolder = new byte[fibSize]; + byte[] placeHolder = IOUtils.safelyAllocate(fibSize, MAX_RECORD_LENGTH); wordDocumentStream.write(placeHolder); int mainOffset = wordDocumentStream.size(); int tableOffset = 0; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocumentCore.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocumentCore.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocumentCore.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFDocumentCore.java Thu Sep 21 14:52:59 2017 @@ -66,6 +66,9 @@ public abstract class HWPFDocumentCore e protected static final String STREAM_TABLE_0 = "0Table"; protected static final String STREAM_TABLE_1 = "1Table"; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Size of the not encrypted part of the FIB */ @@ -333,7 +336,7 @@ public abstract class HWPFDocumentCore e is = dec.getDataStream(dis, streamSize, 0); if (encryptionOffset > 0) { ChunkedCipherInputStream cis = (ChunkedCipherInputStream)is; - byte plain[] = new byte[encryptionOffset]; + byte plain[] = IOUtils.safelyAllocate(encryptionOffset, MAX_RECORD_LENGTH); cis.readPlain(plain, 0, encryptionOffset); bos.write(plain); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFOldDocument.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFOldDocument.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFOldDocument.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/HWPFOldDocument.java Thu Sep 21 14:52:59 2017 @@ -38,6 +38,7 @@ import org.apache.poi.hwpf.usermodel.Ran import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.util.CodePageUtil; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.NotImplemented; import org.apache.poi.util.POILogFactory; @@ -53,6 +54,9 @@ public class HWPFOldDocument extends HWP private static final POILogger logger = POILogFactory .getLogger( HWPFOldDocument.class ); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private final static Charset DEFAULT_CHARSET = StringUtil.WIN_1252; private OldTextPieceTable tpt; @@ -167,7 +171,8 @@ public class HWPFOldDocument extends HWP // Generate a single Text Piece Table, with a single Text Piece // which covers all the (8 bit only) text in the file tpt = new OldTextPieceTable(); - byte[] textData = new byte[_fib.getFibBase().getFcMac()-_fib.getFibBase().getFcMin()]; + byte[] textData = IOUtils.safelyAllocate( + _fib.getFibBase().getFcMac()-_fib.getFibBase().getFcMin(), MAX_RECORD_LENGTH); System.arraycopy(_mainStream, _fib.getFibBase().getFcMin(), textData, 0, textData.length); int numChars = textData.length; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/CHPFormattedDiskPage.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/CHPFormattedDiskPage.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/CHPFormattedDiskPage.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/CHPFormattedDiskPage.java Thu Sep 21 14:52:59 2017 @@ -22,6 +22,7 @@ import java.util.Collections; import java.util.List; import org.apache.poi.hwpf.sprm.SprmBuffer; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.RecordFormatException; @@ -46,6 +47,9 @@ import org.apache.poi.util.RecordFormatE public final class CHPFormattedDiskPage extends FormattedDiskPage { private static final int FC_SIZE = 4; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private ArrayList<CHPX> _chpxList = new ArrayList<>(); private ArrayList<CHPX> _overFlow; @@ -137,7 +141,7 @@ public final class CHPFormattedDiskPage int size = LittleEndian.getUByte(_fkp, _offset + chpxOffset); - byte[] chpx = new byte[size]; + byte[] chpx = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH); System.arraycopy(_fkp, _offset + ++chpxOffset, chpx, 0, size); return chpx; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ComplexFileTable.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ComplexFileTable.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ComplexFileTable.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ComplexFileTable.java Thu Sep 21 14:52:59 2017 @@ -31,6 +31,10 @@ import org.apache.poi.util.StringUtil; @Internal public class ComplexFileTable { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private static final byte GRPPRL_TYPE = 1; private static final byte TEXT_PIECE_TABLE_TYPE = 2; @@ -51,7 +55,7 @@ public class ComplexFileTable { offset++; int size = LittleEndian.getShort(tableStream, offset); offset += LittleEndian.SHORT_SIZE; - byte[] bs = LittleEndian.getByteArray(tableStream, offset, size); + byte[] bs = LittleEndian.getByteArray(tableStream, offset, size, MAX_RECORD_LENGTH); offset += size; SprmBuffer sprmBuffer = new SprmBuffer(bs, false, 0); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/DocumentProperties.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/DocumentProperties.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/DocumentProperties.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/DocumentProperties.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import org.apache.poi.hwpf.model.types.DOPAbstractType; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @@ -33,6 +34,9 @@ import org.apache.poi.util.LittleEndian; public final class DocumentProperties extends DOPAbstractType { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private byte[] _preserved; /** @@ -51,7 +55,7 @@ public final class DocumentProperties ex if ( length != supportedSize ) { this._preserved = LittleEndian.getByteArray( tableStream, offset - + supportedSize, length - supportedSize ); + + supportedSize, length - supportedSize, MAX_RECORD_LENGTH ); } else { Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/Ffn.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/Ffn.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/Ffn.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/Ffn.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.util.Arrays; import org.apache.poi.util.BitField; import org.apache.poi.util.BitFieldFactory; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @@ -34,6 +35,10 @@ import org.apache.poi.util.LittleEndian; @Internal public final class Ffn { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private int _cbFfnM1;//total length of FFN - 1. private byte _info; private static BitField _prq = BitFieldFactory.getInstance(0x0003);// pitch request @@ -153,7 +158,7 @@ public final class Ffn public byte[] toByteArray() { int offset = 0; - byte[] buf = new byte[this.getSize()]; + byte[] buf = IOUtils.safelyAllocate(this.getSize(), MAX_RECORD_LENGTH); buf[offset] = (byte)_cbFfnM1; offset += LittleEndian.BYTE_SIZE; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/FileInformationBlock.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/FileInformationBlock.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/FileInformationBlock.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/FileInformationBlock.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import java.lang.reflect.Modifier; import java.util.HashSet; import java.util.Locale; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogFactory; @@ -43,6 +44,10 @@ import org.apache.poi.util.POILogger; @Internal public final class FileInformationBlock { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + public static final POILogger logger = POILogFactory .getLogger( FileInformationBlock.class ); @@ -121,8 +126,8 @@ public final class FileInformationBlock // first short is already read as _nFibNew final int fibRgCswNewLength = ( _cswNew - 1 ) * LittleEndian.SHORT_SIZE; - _fibRgCswNew = new byte[fibRgCswNewLength]; - LittleEndian.getByteArray( mainDocument, offset, fibRgCswNewLength ); + _fibRgCswNew = IOUtils.safelyAllocate(fibRgCswNewLength, MAX_RECORD_LENGTH); + LittleEndian.getByteArray( mainDocument, offset, fibRgCswNewLength, MAX_RECORD_LENGTH ); offset += fibRgCswNewLength; } else Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ListLevel.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ListLevel.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ListLevel.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/ListLevel.java Thu Sep 21 14:52:59 2017 @@ -19,6 +19,7 @@ package org.apache.poi.hwpf.model; import java.util.Arrays; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; @@ -37,6 +38,10 @@ import org.apache.poi.util.POILogger; @Internal public final class ListLevel { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private static final POILogger logger = POILogFactory .getLogger( ListLevel.class ); @@ -216,10 +221,12 @@ public final class ListLevel _lvlf = new LVLF( data, offset ); offset += LVLF.getSize(); + //short -- no need to safely allocate _grpprlPapx = new byte[_lvlf.getCbGrpprlPapx()]; System.arraycopy( data, offset, _grpprlPapx, 0, _lvlf.getCbGrpprlPapx() ); offset += _lvlf.getCbGrpprlPapx(); + //short -- no need to safely allocate _grpprlChpx = new byte[_lvlf.getCbGrpprlChpx()]; System.arraycopy( data, offset, _grpprlChpx, 0, _lvlf.getCbGrpprlChpx() ); offset += _lvlf.getCbGrpprlChpx(); @@ -279,7 +286,7 @@ public final class ListLevel public byte[] toByteArray() { - byte[] buf = new byte[getSizeInBytes()]; + byte[] buf = IOUtils.safelyAllocate(getSizeInBytes(), MAX_RECORD_LENGTH); int offset = 0; _lvlf.setCbGrpprlChpx( (short) _grpprlChpx.length ); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldSectionTable.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldSectionTable.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldSectionTable.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldSectionTable.java Thu Sep 21 14:52:59 2017 @@ -19,6 +19,7 @@ package org.apache.poi.hwpf.model; import java.util.Collections; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @@ -72,7 +73,7 @@ public final class OldSectionTable exten // section properties, and we're trying to decode them as if they // were the new ones, we sometimes "need" more data than we have. // As a workaround, have a few extra 0 bytes on the end! - byte[] buf = new byte[sepxSize+2]; + byte[] buf = IOUtils.safelyAllocate(sepxSize+2, Short.MAX_VALUE+2); fileOffset += LittleEndian.SHORT_SIZE; System.arraycopy(documentStream, fileOffset, buf, 0, buf.length); sepx = new SEPX(sed, startAt, endAt, buf); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldTextPieceTable.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldTextPieceTable.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldTextPieceTable.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/OldTextPieceTable.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.util.ArrayList; import java.util.Collections; import org.apache.poi.util.CodePageUtil; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; @@ -32,6 +33,9 @@ public class OldTextPieceTable extends T private static final POILogger logger = POILogFactory .getLogger(OldTextPieceTable.class); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000_000; + public OldTextPieceTable() { super(); } @@ -85,7 +89,7 @@ public class OldTextPieceTable extends T int textSizeBytes = textSizeChars * multiple; // Grab the data that makes up the piece - byte[] buf = new byte[textSizeBytes]; + byte[] buf = IOUtils.safelyAllocate(textSizeBytes, MAX_RECORD_LENGTH); System.arraycopy(documentStream, start, buf, 0, textSizeBytes); // And now build the piece Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PAPFormattedDiskPage.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PAPFormattedDiskPage.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PAPFormattedDiskPage.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PAPFormattedDiskPage.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @@ -167,7 +168,7 @@ public final class PAPFormattedDiskPage size--; } - byte[] papx = new byte[size]; + byte[] papx = IOUtils.safelyAllocate(size, 512); System.arraycopy(_fkp, _offset + ++papxOffset, papx, 0, size); return papx; } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java Thu Sep 21 14:52:59 2017 @@ -29,6 +29,9 @@ import org.apache.poi.util.LittleEndian; public class PICFAndOfficeArtData { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private List<EscherRecord> _blipRecords; private short _cchPicName; @@ -52,7 +55,7 @@ public class PICFAndOfficeArtData offset += 1; _stPicName = LittleEndian.getByteArray( dataStream, offset, - _cchPicName ); + _cchPicName, MAX_RECORD_LENGTH); offset += _cchPicName; } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PlexOfCps.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PlexOfCps.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PlexOfCps.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/PlexOfCps.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hwpf.model; import java.util.ArrayList; import java.util.List; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @@ -32,6 +33,10 @@ import org.apache.poi.util.LittleEndian; * See page 184 of official documentation for details */ public final class PlexOfCps { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private int _iMac; private int _cbStruct; private List<GenericPropertyNode> _props; @@ -99,7 +104,7 @@ public final class PlexOfCps { int structBufSize = +(_cbStruct * size); int bufSize = cpBufSize + structBufSize; - byte[] buf = new byte[bufSize]; + byte[] buf = IOUtils.safelyAllocate(bufSize, MAX_RECORD_LENGTH); int nodeEnd = 0; for (int x = 0; x < size; x++) { @@ -122,7 +127,7 @@ public final class PlexOfCps { int start = LittleEndian.getInt(buf, offset + getIntOffset(index)); int end = LittleEndian.getInt(buf, offset + getIntOffset(index + 1)); - byte[] struct = new byte[_cbStruct]; + byte[] struct = IOUtils.safelyAllocate(_cbStruct, MAX_RECORD_LENGTH); System.arraycopy(buf, offset + getStructOffset(index), struct, 0, _cbStruct); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/SectionTable.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/SectionTable.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/SectionTable.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/SectionTable.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import java.util.Collections; import java.util.List; import org.apache.poi.hwpf.model.io.HWPFFileSystem; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogFactory; @@ -35,6 +36,10 @@ import org.apache.poi.util.POILogger; @Internal public class SectionTable { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private final static POILogger _logger = POILogFactory.getLogger(SectionTable.class); private static final int SED_SIZE = 12; @@ -79,7 +84,7 @@ public class SectionTable { // The first short at the offset is the size of the grpprl. int sepxSize = LittleEndian.getShort(documentStream, fileOffset); - byte[] buf = new byte[sepxSize]; + byte[] buf = IOUtils.safelyAllocate(sepxSize, MAX_RECORD_LENGTH); fileOffset += LittleEndian.SHORT_SIZE; System.arraycopy(documentStream, fileOffset, buf, 0, buf.length); _sections.add(new SEPX(sed, startAt, endAt, buf)); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/StyleDescription.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/StyleDescription.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/StyleDescription.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/StyleDescription.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.util.Arrays; import org.apache.poi.hwpf.usermodel.CharacterProperties; import org.apache.poi.hwpf.usermodel.ParagraphProperties; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogFactory; @@ -37,7 +38,9 @@ public final class StyleDescription impl { private static final POILogger logger = POILogFactory.getLogger( StyleDescription.class ); - + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private final static int PARAGRAPH_STYLE = 1; private final static int CHARACTER_STYLE = 2; // private final static int TABLE_STYLE = 3; @@ -118,7 +121,7 @@ public final class StyleDescription impl int upxSize = LittleEndian.getShort(std, varOffset); varOffset += LittleEndian.SHORT_SIZE; - byte[] upx = new byte[upxSize]; + byte[] upx = IOUtils.safelyAllocate(upxSize, Short.MAX_VALUE); System.arraycopy(std, varOffset, upx, 0, upxSize); _upxs[x] = new UPX(upx); varOffset += upxSize; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/TextPieceTable.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/TextPieceTable.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/TextPieceTable.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/model/TextPieceTable.java Thu Sep 21 14:52:59 2017 @@ -26,6 +26,7 @@ import java.util.LinkedList; import java.util.List; import org.apache.poi.poifs.common.POIFSConstants; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; @@ -41,6 +42,9 @@ import org.apache.poi.util.POILogger; public class TextPieceTable implements CharIndexTranslator { private static final POILogger logger = POILogFactory .getLogger(TextPieceTable.class); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000_000; + // int _multiple; int _cpMin; @@ -97,7 +101,7 @@ public class TextPieceTable implements C int textSizeBytes = textSizeChars * multiple; // Grab the data that makes up the piece - byte[] buf = new byte[textSizeBytes]; + byte[] buf = IOUtils.safelyAllocate(textSizeBytes, MAX_RECORD_LENGTH); System.arraycopy(documentStream, start, buf, 0, textSizeBytes); // And now build the piece @@ -424,7 +428,7 @@ public class TextPieceTable implements C int mod = (offset % POIFSConstants.SMALLER_BIG_BLOCK_SIZE); if (mod != 0) { mod = POIFSConstants.SMALLER_BIG_BLOCK_SIZE - mod; - byte[] buf = new byte[mod]; + byte[] buf = IOUtils.safelyAllocate(mod, MAX_RECORD_LENGTH); docStream.write(buf); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmBuffer.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmBuffer.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmBuffer.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmBuffer.java Thu Sep 21 14:52:59 2017 @@ -19,12 +19,17 @@ package org.apache.poi.hwpf.sprm; import java.util.Arrays; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @Internal public final class SprmBuffer implements Cloneable { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + byte[] _buf; boolean _istd; int _offset; @@ -73,7 +78,7 @@ public final class SprmBuffer implements public SprmBuffer( int sprmsStartOffset ) { - _buf = new byte[sprmsStartOffset + 4]; + _buf = IOUtils.safelyAllocate(sprmsStartOffset + 4, MAX_RECORD_LENGTH); _offset = sprmsStartOffset; _sprmsStartOffset = sprmsStartOffset; } @@ -148,7 +153,7 @@ public final class SprmBuffer implements // commented - buffer shall not contain any additional bytes -- // sergey // byte[] newBuf = new byte[_offset + addition + 6]; - byte[] newBuf = new byte[_offset + addition]; + byte[] newBuf = IOUtils.safelyAllocate(_offset + addition, MAX_RECORD_LENGTH); System.arraycopy( _buf, 0, newBuf, 0, _buf.length ); _buf = newBuf; } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmUtils.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmUtils.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmUtils.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/SprmUtils.java Thu Sep 21 14:52:59 2017 @@ -19,6 +19,7 @@ package org.apache.poi.hwpf.sprm; import java.util.List; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @@ -26,13 +27,17 @@ import org.apache.poi.util.LittleEndian; @Internal public final class SprmUtils { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + public SprmUtils() { } public static byte[] shortArrayToByteArray(short[] convert) { - byte[] buf = new byte[convert.length * LittleEndian.SHORT_SIZE]; + byte[] buf = IOUtils.safelyAllocate(convert.length * LittleEndian.SHORT_SIZE, MAX_RECORD_LENGTH); for (int x = 0; x < convert.length; x++) { @@ -107,7 +112,7 @@ public final class SprmUtils public static byte[] getGrpprl(List<byte[]> sprmList, int size) { // spit out the final grpprl - byte[] grpprl = new byte[size]; + byte[] grpprl = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH); int listSize = sprmList.size() - 1; int index = 0; for (; listSize >= 0; listSize--) Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/TableSprmCompressor.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/TableSprmCompressor.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/TableSprmCompressor.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hwpf/sprm/TableSprmCompressor.java Thu Sep 21 14:52:59 2017 @@ -25,12 +25,16 @@ import org.apache.poi.hwpf.usermodel.Bor import org.apache.poi.hwpf.usermodel.TableAutoformatLookSpecifier; import org.apache.poi.hwpf.usermodel.TableCellDescriptor; import org.apache.poi.hwpf.usermodel.TableProperties; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; @Internal public final class TableSprmCompressor { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + public TableSprmCompressor() { } @@ -76,7 +80,9 @@ public final class TableSprmCompressor if (newTAP.getItcMac() > 0) { int itcMac = newTAP.getItcMac(); - byte[] buf = new byte[1 + (LittleEndian.SHORT_SIZE*(itcMac + 1)) + (TableCellDescriptor.SIZE*itcMac)]; + byte[] buf = IOUtils.safelyAllocate( + 1 + (LittleEndian.SHORT_SIZE*(itcMac + 1)) + (TableCellDescriptor.SIZE*itcMac), + MAX_RECORD_LENGTH); buf[0] = (byte)itcMac; short[] dxaCenters = newTAP.getRgdxaCenter(); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
