Modified: poi/trunk/src/java/org/apache/poi/poifs/storage/RawDataBlock.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/storage/RawDataBlock.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/poifs/storage/RawDataBlock.java (original) +++ poi/trunk/src/java/org/apache/poi/poifs/storage/RawDataBlock.java Thu Sep 21 14:52:59 2017 @@ -35,6 +35,9 @@ import java.io.*; public class RawDataBlock implements ListManagedBlock { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private byte[] _data; private boolean _eof; private boolean _hasData; @@ -66,7 +69,7 @@ public class RawDataBlock */ public RawDataBlock(final InputStream stream, int blockSize) throws IOException { - _data = new byte[ blockSize ]; + _data = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH); int count = IOUtils.readFully(stream, _data); _hasData = (count > 0);
Modified: poi/trunk/src/java/org/apache/poi/ss/formula/Formula.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ss/formula/Formula.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/ss/formula/Formula.java (original) +++ poi/trunk/src/java/org/apache/poi/ss/formula/Formula.java Thu Sep 21 14:52:59 2017 @@ -23,6 +23,7 @@ import org.apache.poi.ss.formula.ptg.Exp import org.apache.poi.ss.formula.ptg.Ptg; import org.apache.poi.ss.formula.ptg.TblPtg; import org.apache.poi.ss.util.CellReference; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndianByteArrayInputStream; import org.apache.poi.util.LittleEndianInput; @@ -35,6 +36,9 @@ import org.apache.poi.util.LittleEndianO */ public class Formula { + //Arbitrarily set. May need to increase. + private static final int MAX_ENCODED_LEN = 100000; + private static final Formula EMPTY = new Formula(new byte[0], 0); /** immutable */ @@ -72,7 +76,7 @@ public class Formula { * @return A new formula object as read from the stream. Possibly empty, never <code>null</code>. */ public static Formula read(int encodedTokenLen, LittleEndianInput in, int totalEncodedLen) { - byte[] byteEncoding = new byte[totalEncodedLen]; + byte[] byteEncoding = IOUtils.safelyAllocate(totalEncodedLen, MAX_ENCODED_LEN); in.readFully(byteEncoding); return new Formula(byteEncoding, encodedTokenLen); } Modified: poi/trunk/src/java/org/apache/poi/ss/formula/function/FunctionMetadataReader.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/ss/formula/function/FunctionMetadataReader.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/ss/formula/function/FunctionMetadataReader.java (original) +++ poi/trunk/src/java/org/apache/poi/ss/formula/function/FunctionMetadataReader.java Thu Sep 21 14:52:59 2017 @@ -28,6 +28,7 @@ import java.util.Set; import java.util.regex.Pattern; import org.apache.poi.ss.formula.ptg.Ptg; +import org.apache.poi.util.IOUtils; /** * Converts the text meta-data file into a <tt>FunctionMetadataRegistry</tt> @@ -36,6 +37,9 @@ import org.apache.poi.ss.formula.ptg.Ptg */ final class FunctionMetadataReader { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private static final String METADATA_FILE_NAME = "functionMetadata.txt"; /** plain ASCII text metadata file uses three dots for ellipsis */ @@ -141,7 +145,7 @@ final class FunctionMetadataReader { // (all unspecified params are assumed to be the same as the last) nItems --; } - byte[] result = new byte[nItems]; + byte[] result = IOUtils.safelyAllocate(nItems, MAX_RECORD_LENGTH); for (int i = 0; i < nItems; i++) { result[i] = parseOperandTypeCode(array[i]); } Modified: poi/trunk/src/java/org/apache/poi/util/IOUtils.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/IOUtils.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/util/IOUtils.java (original) +++ poi/trunk/src/java/org/apache/poi/util/IOUtils.java Thu Sep 21 14:52:59 2017 @@ -34,6 +34,7 @@ public final class IOUtils { * The default buffer size to use for the skip() methods. */ private static final int SKIP_BUFFER_SIZE = 2048; + private static int BYTE_ARRAY_MAX_OVERRIDE = -1; private static byte[] SKIP_BYTE_BUFFER; private IOUtils() { @@ -41,6 +42,19 @@ public final class IOUtils { } /** + * If this value is set to > 0, {@link #safelyAllocate(long, int)} will ignore the + * maximum record length parameter. This is designed to allow users to bypass + * the hard-coded maximum record lengths if they are willing to accept the risk + * of an OutOfMemoryException. + * + * @param maxOverride + * @since 4.0.0 + */ + public static void setByteArrayMaxOverride(int maxOverride) { + BYTE_ARRAY_MAX_OVERRIDE = maxOverride; + } + + /** * Peeks at the first 8 bytes of the stream. Returns those bytes, but * with the stream unaffected. Requires a stream that supports mark/reset, * or a PushbackInputStream. If the stream has >0 but <8 bytes, @@ -480,12 +494,23 @@ public final class IOUtils { if (length > (long)Integer.MAX_VALUE) { throw new RecordFormatException("Can't allocate an array > "+Integer.MAX_VALUE); } - if (length > maxLength) { - throw new RecordFormatException("Not allowed to allocate an array > "+ - maxLength+" for this record type." + - "If the file is not corrupt, please open an issue on bugzilla to request " + - "increasing the maximum allowable size for this record type"); + if (BYTE_ARRAY_MAX_OVERRIDE > 0) { + if (length > BYTE_ARRAY_MAX_OVERRIDE) { + throwRFE(length, BYTE_ARRAY_MAX_OVERRIDE); + } + } else if (length > maxLength) { + throwRFE(length, maxLength); } return new byte[(int)length]; } + + private static void throwRFE(long length, int maxLength) { + throw new RecordFormatException("Tried to allocate an array of length "+length + + ", but "+ maxLength+" is the maximum for this record type.\n" + + "If the file is not corrupt, please open an issue on bugzilla to request \n" + + "increasing the maximum allowable size for this record type.\n"+ + "As a temporary workaround, consider setting a higher override value with " + + "IOUtils.setByteArrayMaxOverride()"); + + } } Modified: poi/trunk/src/java/org/apache/poi/util/LZWDecompresser.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/LZWDecompresser.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/util/LZWDecompresser.java (original) +++ poi/trunk/src/java/org/apache/poi/util/LZWDecompresser.java Thu Sep 21 14:52:59 2017 @@ -32,6 +32,10 @@ import java.io.OutputStream; * http://marknelson.us/1989/10/01/lzw-data-compression/ */ public abstract class LZWDecompresser { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Does the mask bit mean it's compressed or uncompressed? */ @@ -119,7 +123,7 @@ public abstract class LZWDecompresser { // These are bytes as looked up in the dictionary // It needs to be signed, as it'll get passed on to // the output stream - byte[] dataB = new byte[16+codeLengthIncrease]; + byte[] dataB = IOUtils.safelyAllocate(16+codeLengthIncrease, MAX_RECORD_LENGTH); // This is an unsigned byte read from the stream // It needs to be unsigned, so that bit stuff works int dataI; Modified: poi/trunk/src/java/org/apache/poi/util/LittleEndian.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/LittleEndian.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/util/LittleEndian.java (original) +++ poi/trunk/src/java/org/apache/poi/util/LittleEndian.java Thu Sep 21 14:52:59 2017 @@ -63,6 +63,9 @@ public class LittleEndian implements Lit * @param size * Number of bytes to copy. * @return The byteArray value + * + * @see #getByteArray(byte[], int, int, long) if size is not a constant + * * @throws IndexOutOfBoundsException * - if copying would cause access of data outside array bounds. */ @@ -75,6 +78,31 @@ public class LittleEndian implements Lit } /** + * Copy a portion of a byte array + * + * @param data + * the original byte array + * @param offset + * Where to start copying from. + * @param size + * Number of bytes to copy. + * @param maxSize + * Size must be <= maxSize or an exception is thrown. + * Use this to avoid potential OOMs on corrupt data. + * @return The byteArray value + * @throws IndexOutOfBoundsException + * - if copying would cause access of data outside array bounds. + */ + public static byte[] getByteArray( byte[] data, int offset, int size, int maxSize) + { + byte[] copy = IOUtils.safelyAllocate(size, maxSize); + System.arraycopy( data, offset, copy, 0, size ); + + return copy; + } + + + /** * get a double value from a byte array, reads it in little endian format * then converts the resulting revolting IEEE 754 (curse them) floating * point number to a happy java double Modified: poi/trunk/src/java/org/apache/poi/util/StringUtil.java URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/StringUtil.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/java/org/apache/poi/util/StringUtil.java (original) +++ poi/trunk/src/java/org/apache/poi/util/StringUtil.java Thu Sep 21 14:52:59 2017 @@ -28,6 +28,9 @@ import java.util.Map; @Internal public class StringUtil { protected static final Charset ISO_8859_1 = Charset.forName("ISO-8859-1"); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 10000000; + public static final Charset UTF16LE = Charset.forName("UTF-16LE"); public static final Charset UTF8 = Charset.forName("UTF-8"); public static final Charset WIN_1252 = Charset.forName("cp1252"); @@ -118,7 +121,7 @@ public class StringUtil { } public static String readCompressedUnicode(LittleEndianInput in, int nChars) { - byte[] buf = new byte[nChars]; + byte[] buf = IOUtils.safelyAllocate(nChars, MAX_RECORD_LENGTH); in.readFully(buf); return new String(buf, ISO_8859_1); } @@ -252,7 +255,7 @@ public class StringUtil { } public static String readUnicodeLE(LittleEndianInput in, int nChars) { - byte[] bytes = new byte[nChars*2]; + byte[] bytes = IOUtils.safelyAllocate(nChars*2, MAX_RECORD_LENGTH); in.readFully(bytes); return new String(bytes, UTF16LE); } Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java (original) +++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java Thu Sep 21 14:52:59 2017 @@ -58,6 +58,7 @@ import org.apache.poi.poifs.crypt.HashAl import org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier.AgileCertificateEntry; import org.apache.poi.poifs.crypt.standard.EncryptionRecord; import org.apache.poi.poifs.filesystem.DirectoryNode; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndianByteArrayOutputStream; import org.apache.poi.util.LittleEndianConsts; @@ -76,6 +77,10 @@ import com.microsoft.schemas.office.x200 import com.microsoft.schemas.office.x2006.keyEncryptor.password.CTPasswordKeyEncryptor; public class AgileEncryptor extends Encryptor implements Cloneable { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte integritySalt[]; private byte pwHash[]; @@ -91,11 +96,11 @@ public class AgileEncryptor extends Encr int keySize = header.getKeySize()/8; int hashSize = header.getHashAlgorithm().hashSize; - byte[] newVerifierSalt = new byte[blockSize] - , newVerifier = new byte[blockSize] - , newKeySalt = new byte[blockSize] - , newKeySpec = new byte[keySize] - , newIntegritySalt = new byte[hashSize]; + byte[] newVerifierSalt = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) + , newVerifier = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) + , newKeySalt = IOUtils.safelyAllocate(blockSize, MAX_RECORD_LENGTH) + , newKeySpec = IOUtils.safelyAllocate(keySize, MAX_RECORD_LENGTH) + , newIntegritySalt = IOUtils.safelyAllocate(hashSize, MAX_RECORD_LENGTH); r.nextBytes(newVerifierSalt); // blocksize r.nextBytes(newVerifier); // blocksize r.nextBytes(newKeySalt); // blocksize Modified: poi/trunk/src/ooxml/java/org/apache/poi/ss/extractor/EmbeddedExtractor.java URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/ss/extractor/EmbeddedExtractor.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/ooxml/java/org/apache/poi/ss/extractor/EmbeddedExtractor.java (original) +++ poi/trunk/src/ooxml/java/org/apache/poi/ss/extractor/EmbeddedExtractor.java Thu Sep 21 14:52:59 2017 @@ -57,7 +57,9 @@ import org.apache.poi.xssf.usermodel.XSS @Beta public class EmbeddedExtractor implements Iterable<EmbeddedExtractor> { private static final POILogger LOG = POILogFactory.getLogger(EmbeddedExtractor.class); - + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + // contentType private static final String CONTENT_TYPE_BYTES = "binary/octet-stream"; private static final String CONTENT_TYPE_PDF = "application/pdf"; @@ -252,7 +254,7 @@ public class EmbeddedExtractor implement } int pictureBytesLen = idxEnd-idxStart+6; - byte[] pdfBytes = new byte[pictureBytesLen]; + byte[] pdfBytes = IOUtils.safelyAllocate(pictureBytesLen, MAX_RECORD_LENGTH); System.arraycopy(pictureBytes, idxStart, pdfBytes, 0, pictureBytesLen); String filename = source.getShapeName().trim(); if (!endsWithIgnoreCase(filename, ".pdf")) { Modified: poi/trunk/src/ooxml/java/org/apache/poi/xslf/usermodel/XMLSlideShow.java URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/xslf/usermodel/XMLSlideShow.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/ooxml/java/org/apache/poi/xslf/usermodel/XMLSlideShow.java (original) +++ poi/trunk/src/ooxml/java/org/apache/poi/xslf/usermodel/XMLSlideShow.java Thu Sep 21 14:52:59 2017 @@ -73,6 +73,8 @@ import org.openxmlformats.schemas.presen public class XMLSlideShow extends POIXMLDocument implements SlideShow<XSLFShape,XSLFTextParagraph> { private static final POILogger LOG = POILogFactory.getLogger(XMLSlideShow.class); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; private CTPresentation _presentation; private List<XSLFSlide> _slides; @@ -533,7 +535,7 @@ implements SlideShow<XSLFShape,XSLFTextP public XSLFPictureData addPicture(File pict, PictureType format) throws IOException { int length = (int) pict.length(); - byte[] data = new byte[length]; + byte[] data = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH); FileInputStream is = new FileInputStream(pict); try { IOUtils.readFully(is, data); Modified: poi/trunk/src/ooxml/java/org/apache/poi/xssf/binary/XSSFBParser.java URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/xssf/binary/XSSFBParser.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/ooxml/java/org/apache/poi/xssf/binary/XSSFBParser.java (original) +++ poi/trunk/src/ooxml/java/org/apache/poi/xssf/binary/XSSFBParser.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.io.IOException; import java.io.InputStream; import java.util.BitSet; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndianInputStream; @@ -34,6 +35,9 @@ import org.apache.poi.util.LittleEndianI @Internal public abstract class XSSFBParser { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private final LittleEndianInputStream is; private final BitSet records; @@ -88,8 +92,7 @@ public abstract class XSSFBParser { } if (records == null || records.get(recordId)) { - //add sanity check for length? - byte[] buff = new byte[(int) recordLength]; + byte[] buff = IOUtils.safelyAllocate(recordLength, MAX_RECORD_LENGTH); is.readFully(buff); handleRecord(recordId, buff); } else { Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/chunks/ChunkFactory.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/chunks/ChunkFactory.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/chunks/ChunkFactory.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/chunks/ChunkFactory.java Thu Sep 21 14:52:59 2017 @@ -26,6 +26,7 @@ import java.util.HashMap; import java.util.Map; import java.util.StringTokenizer; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LocaleUtil; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; @@ -38,6 +39,11 @@ import org.apache.poi.util.POILogger; * to process the chunk value area */ public final class ChunkFactory { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + + /** The version of the currently open document */ private int version; /** @@ -179,7 +185,7 @@ public final class ChunkFactory { } // Now, create the chunk - byte[] contents = new byte[header.getLength()]; + byte[] contents = IOUtils.safelyAllocate(header.getLength(), MAX_RECORD_LENGTH); System.arraycopy(data, offset+header.getSizeInBytes(), contents, 0, contents.length); Chunk chunk = new Chunk(header, trailer, separator, contents); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/CompressedStreamStore.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/CompressedStreamStore.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/CompressedStreamStore.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/CompressedStreamStore.java Thu Sep 21 14:52:59 2017 @@ -21,12 +21,17 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import org.apache.poi.hdgf.HDGFLZW; +import org.apache.poi.util.IOUtils; /** * A StreamStore where the data on-disk is compressed, * using the crazy Visio LZW */ public final class CompressedStreamStore extends StreamStore { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** The raw, compressed contents */ private byte[] compressedContents; /** @@ -46,7 +51,7 @@ public final class CompressedStreamStore protected CompressedStreamStore(byte[] data, int offset, int length) throws IOException { this(decompress(data,offset,length)); - compressedContents = new byte[length]; + compressedContents = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH); System.arraycopy(data, offset, compressedContents, 0, length); } /** Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/StreamStore.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/StreamStore.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/StreamStore.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hdgf/streams/StreamStore.java Thu Sep 21 14:52:59 2017 @@ -17,24 +17,29 @@ package org.apache.poi.hdgf.streams; +import org.apache.poi.util.IOUtils; + /** * Holds the representation of the stream on-disk, and * handles de-compressing it as required. * In future, may also handle writing it back out again */ public class StreamStore { // TODO - instantiable superclass + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 10_000_000; + private byte[] contents; /** * Creates a new, non compressed Stream Store */ protected StreamStore(byte[] data, int offset, int length) { - contents = new byte[length]; + contents = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH); System.arraycopy(data, offset, contents, 0, length); } protected void prependContentsWith(byte[] b) { - byte[] newContents = new byte[contents.length + b.length]; + byte[] newContents = IOUtils.safelyAllocate(contents.length + b.length, MAX_RECORD_LENGTH); System.arraycopy(b, 0, newContents, 0, b.length); System.arraycopy(contents, 0, newContents, b.length, contents.length); contents = newContents; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentEMFPlus.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentEMFPlus.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentEMFPlus.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentEMFPlus.java Thu Sep 21 14:52:59 2017 @@ -34,7 +34,7 @@ import org.apache.poi.util.RecordFormatE @Internal public class HemfCommentEMFPlus extends AbstractHemfComment { - private static final int MAX_RECORD_LENGTH = 1000000; + private static final int MAX_RECORD_LENGTH = 1_000_000; long dataSize; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentPublic.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentPublic.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentPublic.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentPublic.java Thu Sep 21 14:52:59 2017 @@ -36,7 +36,7 @@ import org.apache.poi.util.RecordFormatE @Internal public class HemfCommentPublic { - private static final int MAX_RECORD_LENGTH = 1000000; + private static final int MAX_RECORD_LENGTH = 1_000_000; /** Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentRecord.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentRecord.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfCommentRecord.java Thu Sep 21 14:52:59 2017 @@ -36,7 +36,7 @@ import org.apache.poi.util.RecordFormatE */ @Internal public class HemfCommentRecord implements HemfRecord { - private static final int MAX_RECORD_LENGTH = 1000000; + private static final int MAX_RECORD_LENGTH = 1_000_000; public final static long COMMENT_EMFSPOOL = 0x00000000; public final static long COMMENT_EMFPLUS = 0x2B464D45; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfHeader.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfHeader.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfHeader.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfHeader.java Thu Sep 21 14:52:59 2017 @@ -32,7 +32,7 @@ import org.apache.poi.util.LittleEndianI @Internal public class HemfHeader implements HemfRecord { - private static final int MAX_RECORD_LENGTH = 1000000; + private static final int MAX_RECORD_LENGTH = 1_000_000; private Rectangle boundsRectangle; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfText.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfText.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfText.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hemf/record/HemfText.java Thu Sep 21 14:52:59 2017 @@ -40,7 +40,7 @@ import org.apache.poi.util.RecordFormatE public class HemfText { private static final Charset UTF16LE = Charset.forName("UTF-16LE"); - private static final int MAX_RECORD_LENGTH = 1000000; + private static final int MAX_RECORD_LENGTH = 1_000_000; public static class ExtCreateFontIndirectW extends UnimplementedHemfRecord { } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIAttribute.java Thu Sep 21 14:52:59 2017 @@ -38,6 +38,10 @@ import org.apache.poi.util.StringUtil; * or one of its {@link Attachment}s. */ public class MAPIAttribute { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private final MAPIProperty property; private final int type; private final byte[] data; @@ -144,7 +148,7 @@ public class MAPIAttribute { } else { // Custom name was stored int mplen = LittleEndian.readInt(inp); - byte[] mpdata = new byte[mplen]; + byte[] mpdata = IOUtils.safelyAllocate(mplen, MAX_RECORD_LENGTH); IOUtils.readFully(inp, mpdata); name = StringUtil.getFromUnicodeLE(mpdata, 0, (mplen/2)-1); skipToBoundary(mplen, inp); @@ -164,7 +168,7 @@ public class MAPIAttribute { } for(int j=0; j<values; j++) { int len = getLength(type, inp); - byte[] data = new byte[len]; + byte[] data = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); IOUtils.readFully(inp, data); skipToBoundary(len, inp); @@ -203,9 +207,11 @@ public class MAPIAttribute { private static void skipToBoundary(int length, InputStream inp) throws IOException { // Data is always padded out to a 4 byte boundary if(length % 4 != 0) { - int skip = 4 - (length % 4); - byte[] padding = new byte[skip]; - IOUtils.readFully(inp, padding); + int toSkip = 4 - (length % 4); + long skipped = IOUtils.skipFully(inp, toSkip); + if (skipped != toSkip) { + throw new IOException("tried to skip "+toSkip +" but only skipped:"+skipped); + } } } } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIRtfAttribute.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIRtfAttribute.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIRtfAttribute.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/MAPIRtfAttribute.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import org.apache.poi.hmef.Attachment; import org.apache.poi.hmef.CompressedRTF; import org.apache.poi.hmef.HMEFMessage; import org.apache.poi.hsmf.datatypes.MAPIProperty; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.StringUtil; /** @@ -31,6 +32,10 @@ import org.apache.poi.util.StringUtil; * to a {@link HMEFMessage} or one of its {@link Attachment}s. */ public final class MAPIRtfAttribute extends MAPIAttribute { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private final byte[] decompressed; private final String data; @@ -41,7 +46,7 @@ public final class MAPIRtfAttribute exte CompressedRTF rtf = new CompressedRTF(); byte[] tmp = rtf.decompress(new ByteArrayInputStream(data)); if(tmp.length > rtf.getDeCompressedSize()) { - this.decompressed = new byte[rtf.getDeCompressedSize()]; + this.decompressed = IOUtils.safelyAllocate(rtf.getDeCompressedSize(), MAX_RECORD_LENGTH); System.arraycopy(tmp, 0, decompressed, 0, decompressed.length); } else { this.decompressed = tmp; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/TNEFAttribute.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/TNEFAttribute.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/TNEFAttribute.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hmef/attribute/TNEFAttribute.java Thu Sep 21 14:52:59 2017 @@ -33,6 +33,10 @@ import org.apache.poi.util.LittleEndian; * ones, so we can't just re-use the HSMF ones. */ public class TNEFAttribute { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private final TNEFProperty property; private final int type; private final byte[] data; @@ -47,7 +51,7 @@ public class TNEFAttribute { int length = LittleEndian.readInt(inp); property = TNEFProperty.getBest(id, type); - data = new byte[length]; + data = IOUtils.safelyAllocate(length, MAX_RECORD_LENGTH); IOUtils.readFully(inp, data); checksum = LittleEndian.readUShort(inp); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hmef/dev/HMEFDumper.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hmef/dev/HMEFDumper.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hmef/dev/HMEFDumper.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hmef/dev/HMEFDumper.java Thu Sep 21 14:52:59 2017 @@ -29,12 +29,17 @@ import org.apache.poi.hmef.attribute.TNE import org.apache.poi.hmef.attribute.TNEFProperty; import org.apache.poi.hmef.attribute.TNEFStringAttribute; import org.apache.poi.util.HexDump; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** * Developer focused raw dumper */ public final class HMEFDumper { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + public static void main(String[] args) throws Exception { if(args.length < 1) { throw new IllegalArgumentException("Filename must be given"); @@ -138,7 +143,7 @@ public final class HMEFDumper { thisLen = len - offset; } - byte data[] = new byte[thisLen]; + byte data[] = IOUtils.safelyAllocate(thisLen, MAX_RECORD_LENGTH); System.arraycopy(attr.getData(), offset, data, 0, thisLen); System.out.print( Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/EscherPart.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/EscherPart.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/EscherPart.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/EscherPart.java Thu Sep 21 14:52:59 2017 @@ -23,11 +23,16 @@ import java.util.ArrayList; import org.apache.poi.ddf.DefaultEscherRecordFactory; import org.apache.poi.ddf.EscherRecord; import org.apache.poi.poifs.filesystem.DirectoryNode; +import org.apache.poi.util.IOUtils; /** * Parent class of all Escher parts */ public abstract class EscherPart extends HPBFPart { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private EscherRecord[] records; /** @@ -69,7 +74,7 @@ public abstract class EscherPart extends size += records[i].getRecordSize(); } - byte data[] = new byte[size]; + byte data[] = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH); size = 0; for(int i=0; i<records.length; i++) { int thisSize = Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/QuillContents.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/QuillContents.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/QuillContents.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/QuillContents.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import org.apache.poi.hpbf.model.qcbits. import org.apache.poi.hpbf.model.qcbits.QCTextBit; import org.apache.poi.hpbf.model.qcbits.UnknownQCBit; import org.apache.poi.poifs.filesystem.DirectoryNode; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LocaleUtil; import org.apache.poi.util.POILogFactory; @@ -34,6 +35,8 @@ import org.apache.poi.util.POILogger; */ public final class QuillContents extends HPBFPart { private static POILogger logger = POILogFactory.getLogger(QuillContents.class); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; private static final String[] PATH = { "Quill", "QuillSub", "CONTENTS", }; private QCBit[] bits; @@ -66,7 +69,7 @@ public final class QuillContents extends int from = (int)LittleEndian.getUInt(data, offset+16); int len = (int)LittleEndian.getUInt(data, offset+20); - byte[] bitData = new byte[len]; + byte[] bitData = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); System.arraycopy(data, from, bitData, 0, len); // Create Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/qcbits/QCTextBit.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/qcbits/QCTextBit.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/qcbits/QCTextBit.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hpbf/model/qcbits/QCTextBit.java Thu Sep 21 14:52:59 2017 @@ -17,12 +17,17 @@ package org.apache.poi.hpbf.model.qcbits; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.StringUtil; /** * A Text based bit of Quill Contents */ public final class QCTextBit extends QCBit { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + public QCTextBit(String thingType, String bitType, byte[] data) { super(thingType, bitType, data); } @@ -36,7 +41,7 @@ public final class QCTextBit extends QCB } public void setText(String text) { - byte data[] = new byte[text.length()*2]; + byte data[] = IOUtils.safelyAllocate(text.length()*2, MAX_RECORD_LENGTH); StringUtil.putUnicodeLE(text, data, 0); setData(data); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/Bitmap.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/Bitmap.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/Bitmap.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/Bitmap.java Thu Sep 21 14:52:59 2017 @@ -26,6 +26,7 @@ import java.io.IOException; import javax.imageio.ImageIO; import org.apache.poi.hslf.usermodel.HSLFPictureData; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.Units; /** @@ -38,7 +39,7 @@ public abstract class Bitmap extends HSL public byte[] getData(){ byte[] rawdata = getRawData(); int prefixLen = 16*getUIDInstanceCount()+1; - byte[] imgdata = new byte[rawdata.length-prefixLen]; + byte[] imgdata = IOUtils.safelyAllocate(rawdata.length-prefixLen, rawdata.length); System.arraycopy(rawdata, prefixLen, imgdata, 0, imgdata.length); return imgdata; } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/DIB.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/DIB.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/DIB.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/blip/DIB.java Thu Sep 21 14:52:59 2017 @@ -19,12 +19,17 @@ package org.apache.poi.hslf.blip; import java.io.IOException; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** * Represents a DIB picture data in a PPT file */ public final class DIB extends Bitmap { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Size of the BITMAPFILEHEADER structure preceding the actual DIB bytes */ @@ -87,7 +92,7 @@ public final class DIB extends Bitmap { LittleEndian.putInt(header, 10, offset); //DIB data is the header + dib bytes - byte[] dib = new byte[header.length + data.length]; + byte[] dib = IOUtils.safelyAllocate(header.length + data.length, MAX_RECORD_LENGTH); System.arraycopy(header, 0, dib, 0, header.length); System.arraycopy(data, 0, dib, header.length, data.length); @@ -97,7 +102,7 @@ public final class DIB extends Bitmap { @Override public void setData(byte[] data) throws IOException { //cut off the bitmap file-header - byte[] dib = new byte[data.length-HEADER_SIZE]; + byte[] dib = IOUtils.safelyAllocate(data.length-HEADER_SIZE, data.length); System.arraycopy(data, HEADER_SIZE, dib, 0, dib.length); super.setData(dib); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/PPTXMLDump.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/PPTXMLDump.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/PPTXMLDump.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/PPTXMLDump.java Thu Sep 21 14:52:59 2017 @@ -39,6 +39,10 @@ import org.apache.poi.util.LittleEndian; */ public final class PPTXMLDump { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private static final int HEADER_SIZE = 8; //size of the record header private static final int PICT_HEADER_SIZE = 25; //size of the picture header private static final String PICTURES_ENTRY = "Pictures"; @@ -164,7 +168,7 @@ public final class PPTXMLDump { System.arraycopy(data, pos, header, 0, header.length); int size = LittleEndian.getInt(header, 4) - 17; - byte[] pictdata = new byte[size]; + byte[] pictdata = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH); System.arraycopy(data, pos + PICT_HEADER_SIZE, pictdata, 0, pictdata.length); pos += PICT_HEADER_SIZE + size; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/SlideShowDumper.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/SlideShowDumper.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/SlideShowDumper.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/dev/SlideShowDumper.java Thu Sep 21 14:52:59 2017 @@ -48,7 +48,11 @@ import org.apache.poi.util.LittleEndian; * from hslf.record.RecordTypes also) */ public final class SlideShowDumper { - private byte[] docstream; + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + + private byte[] docstream; /** Do we try to use DDF to understand the escher objects? */ private boolean ddfEscher; @@ -209,7 +213,7 @@ public void walkTree(int depth, int star final String ind = (indent == 0) ? "%1$s" : "%1$"+indent+"s"; - byte[] contents = new byte[len]; + byte[] contents = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); System.arraycopy(docstream,pos,contents,0,len); DefaultEscherRecordFactory erf = new HSLFEscherRecordFactory(); EscherRecord record = erf.createRecord(contents,0); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/AnimationInfoAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/AnimationInfoAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/AnimationInfoAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/AnimationInfoAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -29,6 +30,9 @@ import org.apache.poi.util.LittleEndian; */ public final class AnimationInfoAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + /** * whether the animation plays in the reverse direction */ @@ -98,7 +102,7 @@ public final class AnimationInfoAtom ext System.arraycopy(source,start,_header,0,8); // Grab the record data - _recdata = new byte[len-8]; + _recdata = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_recdata,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CString.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CString.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CString.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CString.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.StringUtil; @@ -32,6 +33,10 @@ import org.apache.poi.util.StringUtil; */ public final class CString extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _header; private static long _type = 4026l; @@ -83,7 +88,7 @@ public final class CString extends Recor System.arraycopy(source,start,_header,0,8); // Grab the text - _text = new byte[len-8]; + _text = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_text,0,len-8); } /** Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Comment2000Atom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Comment2000Atom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Comment2000Atom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Comment2000Atom.java Thu Sep 21 14:52:59 2017 @@ -22,6 +22,7 @@ import java.io.OutputStream; import java.util.Date; import org.apache.poi.hslf.util.SystemTimeUtils; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -32,6 +33,10 @@ import org.apache.poi.util.LittleEndian; public final class Comment2000Atom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + /** * Record header. */ @@ -68,7 +73,7 @@ public final class Comment2000Atom exten System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CurrentUserAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CurrentUserAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CurrentUserAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/CurrentUserAtom.java Thu Sep 21 14:52:59 2017 @@ -31,6 +31,7 @@ import org.apache.poi.hslf.exceptions.Ol import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.poifs.filesystem.DocumentEntry; import org.apache.poi.poifs.filesystem.NPOIFSFileSystem; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogFactory; import org.apache.poi.util.POILogger; @@ -44,6 +45,8 @@ import org.apache.poi.util.StringUtil; public class CurrentUserAtom { private final static POILogger logger = POILogFactory.getLogger(CurrentUserAtom.class); + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; /** Standard Atom header */ public static final byte[] atomHeader = new byte[] { 0, 0, -10, 15 }; @@ -127,7 +130,7 @@ public class CurrentUserAtom // Grab the contents int len = docProps.getSize(); - _contents = new byte[len]; + _contents = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); InputStream in = dir.createDocumentInputStream("Current User"); int readLen = in.read(_contents); in.close(); @@ -197,12 +200,12 @@ public class CurrentUserAtom int len = 2*(int)usernameLen; if(_contents.length >= start+len) { - byte[] textBytes = new byte[len]; + byte[] textBytes = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); System.arraycopy(_contents,start,textBytes,0,len); lastEditUser = StringUtil.getFromUnicodeLE(textBytes); } else { // Fake from the 8 bit version - byte[] textBytes = new byte[(int)usernameLen]; + byte[] textBytes = IOUtils.safelyAllocate(usernameLen, MAX_RECORD_LENGTH); System.arraycopy(_contents,28,textBytes,0,(int)usernameLen); lastEditUser = StringUtil.getFromCompressedUnicode(textBytes,0,(int)usernameLen); } @@ -219,7 +222,7 @@ public class CurrentUserAtom // 4 = revision // 3 * len = ascii + unicode int size = 8 + 20 + 4 + (3 * lastEditUser.length()); - _contents = new byte[size]; + _contents = IOUtils.safelyAllocate(size, MAX_RECORD_LENGTH); // First we have a 8 byte atom header System.arraycopy(atomHeader,0,_contents,0,4); @@ -238,7 +241,7 @@ public class CurrentUserAtom // The username gets stored twice, once as US // ascii, and again as unicode laster on - byte[] asciiUN = new byte[lastEditUser.length()]; + byte[] asciiUN = IOUtils.safelyAllocate(lastEditUser.length(), MAX_RECORD_LENGTH); StringUtil.putCompressedUnicode(lastEditUser,asciiUN,0); // Now we're able to do the length of the last edited user @@ -260,7 +263,7 @@ public class CurrentUserAtom LittleEndian.putInt(_contents,28+asciiUN.length,(int)releaseVersion); // username in unicode - byte [] ucUN = new byte[lastEditUser.length()*2]; + byte [] ucUN = IOUtils.safelyAllocate(lastEditUser.length()*2, MAX_RECORD_LENGTH); StringUtil.putUnicodeLE(lastEditUser,ucUN,0); System.arraycopy(ucUN,0,_contents,28+asciiUN.length+4,ucUN.length); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/DocumentAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/DocumentAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/DocumentAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/DocumentAtom.java Thu Sep 21 14:52:59 2017 @@ -17,6 +17,7 @@ package org.apache.poi.hslf.record; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.IOException; import java.io.OutputStream; @@ -30,6 +31,9 @@ import java.io.OutputStream; public final class DocumentAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _header; private static long _type = 1001l; @@ -137,7 +141,7 @@ public final class DocumentAtom extends showComments = source[start+39+8]; // If there's any other bits of data, keep them about - reserved = new byte[len-40-8]; + reserved = IOUtils.safelyAllocate(len-40-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+48,reserved,0,reserved.length); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExEmbedAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExEmbedAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExEmbedAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExEmbedAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -40,6 +41,9 @@ import org.apache.poi.util.LittleEndian; */ public class ExEmbedAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Embedded document does not follow the color scheme. */ @@ -91,7 +95,7 @@ public class ExEmbedAtom extends RecordA System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); // Must be at least 8 bytes long Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExHyperlinkAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExHyperlinkAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExHyperlinkAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExHyperlinkAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -29,6 +30,10 @@ import org.apache.poi.util.LittleEndian; * @author Nick Burch */ public final class ExHyperlinkAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + /** * Record header. */ @@ -66,7 +71,7 @@ public final class ExHyperlinkAtom exten System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); // Must be at least 4 bytes long Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExMediaAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExMediaAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExMediaAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExMediaAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -29,6 +30,8 @@ import org.apache.poi.util.LittleEndian; */ public final class ExMediaAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; /** * A bit that specifies whether the audio or video data is repeated continuously during playback. @@ -78,7 +81,7 @@ public final class ExMediaAtom extends R System.arraycopy(source,start,_header,0,8); // Grab the record data - _recdata = new byte[len-8]; + _recdata = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_recdata,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExObjListAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExObjListAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExObjListAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExObjListAtom.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -31,6 +32,10 @@ import org.apache.poi.util.LittleEndian; public class ExObjListAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Record header. */ @@ -68,7 +73,7 @@ public class ExObjListAtom extends Recor System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); // Must be at least 4 bytes long Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -65,6 +66,9 @@ import org.apache.poi.util.LittleEndian; */ public class ExOleObjAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * The object) is displayed as an embedded object inside of a container, */ @@ -148,7 +152,7 @@ public class ExOleObjAtom extends Record System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); // Must be at least 24 bytes long Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjStg.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjStg.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjStg.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/ExOleObjStg.java Thu Sep 21 14:52:59 2017 @@ -27,6 +27,7 @@ import java.util.zip.DeflaterOutputStrea import java.util.zip.InflaterInputStream; import org.apache.poi.util.BoundedInputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -34,6 +35,9 @@ import org.apache.poi.util.LittleEndian; */ public class ExOleObjStg extends PositionDependentRecordAtom implements PersistRecord { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private int _persistId; // Found from PersistPtrHolder /** @@ -72,7 +76,7 @@ public class ExOleObjStg extends Positio System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/FontEntityAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/FontEntityAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/FontEntityAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/FontEntityAtom.java Thu Sep 21 14:52:59 2017 @@ -22,6 +22,7 @@ import java.io.OutputStream; import java.util.Arrays; import org.apache.poi.hslf.exceptions.HSLFException; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.StringUtil; @@ -35,7 +36,11 @@ import org.apache.poi.util.StringUtil; */ public final class FontEntityAtom extends RecordAtom { - /** + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + + /** * record header */ private byte[] _header; @@ -54,7 +59,7 @@ public final class FontEntityAtom extend System.arraycopy(source,start,_header,0,8); // Grab the record data - _recdata = new byte[len-8]; + _recdata = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_recdata,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HSLFEscherClientDataRecord.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HSLFEscherClientDataRecord.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HSLFEscherClientDataRecord.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HSLFEscherClientDataRecord.java Thu Sep 21 14:52:59 2017 @@ -27,6 +27,7 @@ import org.apache.poi.ddf.EscherClientDa import org.apache.poi.ddf.EscherRecordFactory; import org.apache.poi.ddf.EscherSerializationListener; import org.apache.poi.hslf.exceptions.HSLFException; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -38,6 +39,9 @@ import org.apache.poi.util.LittleEndian; */ public class HSLFEscherClientDataRecord extends EscherClientDataRecord { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private final List<Record> _childRecords = new ArrayList<>(); public List<? extends Record> getHSLFChildRecords() { @@ -60,7 +64,7 @@ public class HSLFEscherClientDataRecord @Override public int fillFields(byte[] data, int offset, EscherRecordFactory recordFactory) { int bytesRemaining = readHeader( data, offset ); - byte remainingData[] = new byte[bytesRemaining]; + byte remainingData[] = IOUtils.safelyAllocate(bytesRemaining, MAX_RECORD_LENGTH); System.arraycopy(data, offset+8, remainingData, 0, bytesRemaining); setRemainingData(remainingData); return bytesRemaining + 8; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HeadersFootersAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HeadersFootersAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HeadersFootersAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/HeadersFootersAtom.java Thu Sep 21 14:52:59 2017 @@ -17,6 +17,7 @@ package org.apache.poi.hslf.record; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.IOException; import java.io.OutputStream; @@ -30,6 +31,10 @@ import java.io.OutputStream; public final class HeadersFootersAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + + /** * A bit that specifies whether the date is displayed in the footer. * @see #getMask() @@ -96,7 +101,7 @@ public final class HeadersFootersAtom ex System.arraycopy(source,start,_header,0,8); // Grab the record data - _recdata = new byte[len-8]; + _recdata = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_recdata,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/InteractiveInfoAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/InteractiveInfoAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/InteractiveInfoAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/InteractiveInfoAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -31,6 +32,10 @@ import org.apache.poi.util.LittleEndian; */ public class InteractiveInfoAtom extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + + /** * Action Table */ @@ -105,7 +110,7 @@ public class InteractiveInfoAtom extends System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); // Must be at least 16 bytes long Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/MasterTextPropAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/MasterTextPropAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/MasterTextPropAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/MasterTextPropAtom.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import java.util.Collections; import java.util.List; import org.apache.poi.hslf.model.textproperties.IndentProp; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogger; @@ -31,6 +32,10 @@ import org.apache.poi.util.POILogger; * Specifies the Indent Level for the text */ public final class MasterTextPropAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + /** * Record header. */ @@ -71,7 +76,7 @@ public final class MasterTextPropAtom ex System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); try { @@ -108,7 +113,7 @@ public final class MasterTextPropAtom ex */ private void write() { int pos = 0; - _data = new byte[indents.size()*6]; + _data = IOUtils.safelyAllocate(indents.size()*6, MAX_RECORD_LENGTH); for (IndentProp prop : indents) { LittleEndian.putInt(_data, pos, prop.getCharactersCovered()); LittleEndian.putShort(_data, pos+4, (short)prop.getIndentLevel()); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/NotesAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/NotesAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/NotesAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/NotesAtom.java Thu Sep 21 14:52:59 2017 @@ -17,6 +17,7 @@ package org.apache.poi.hslf.record; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.IOException; import java.io.OutputStream; @@ -30,6 +31,10 @@ import java.io.OutputStream; public final class NotesAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _header; private static long _type = 1009l; @@ -86,7 +91,7 @@ public final class NotesAtom extends Rec } // There might be 2 more bytes, which are a reserved field - reserved = new byte[len-14]; + reserved = IOUtils.safelyAllocate(len-14, MAX_RECORD_LENGTH); System.arraycopy(source,start+14,reserved,0,reserved.length); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawing.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawing.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawing.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawing.java Thu Sep 21 14:52:59 2017 @@ -36,6 +36,7 @@ import org.apache.poi.ddf.EscherSpRecord import org.apache.poi.ddf.EscherSpgrRecord; import org.apache.poi.ddf.EscherTextboxRecord; import org.apache.poi.sl.usermodel.ShapeType; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogger; @@ -52,6 +53,11 @@ import org.apache.poi.util.POILogger; // For now, pretending to be an atom. Might not always be, but that // would require a wrapping class public final class PPDrawing extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + + private byte[] _header; private long _type; @@ -100,7 +106,7 @@ public final class PPDrawing extends Rec _type = LittleEndian.getUShort(_header,2); // Get the contents for now - final byte[] contents = new byte[len]; + final byte[] contents = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); System.arraycopy(source,start,contents,0,len); // Build up a tree of Escher records contained within Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawingGroup.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawingGroup.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawingGroup.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PPDrawingGroup.java Thu Sep 21 14:52:59 2017 @@ -18,6 +18,7 @@ package org.apache.poi.hslf.record; import org.apache.poi.ddf.*; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.OutputStream; @@ -35,6 +36,10 @@ import java.util.Iterator; */ public final class PPDrawingGroup extends RecordAtom { + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + + private byte[] _header; private EscherContainerRecord dggContainer; //cached dgg @@ -46,7 +51,7 @@ public final class PPDrawingGroup extend System.arraycopy(source,start,_header,0,8); // Get the contents for now - byte[] contents = new byte[len]; + byte[] contents = IOUtils.safelyAllocate(len, MAX_RECORD_LENGTH); System.arraycopy(source,start,contents,0,len); DefaultEscherRecordFactory erf = new HSLFEscherRecordFactory(); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PersistPtrHolder.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PersistPtrHolder.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PersistPtrHolder.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/PersistPtrHolder.java Thu Sep 21 14:52:59 2017 @@ -29,6 +29,7 @@ import java.util.TreeMap; import org.apache.poi.hslf.exceptions.CorruptPowerPointFileException; import org.apache.poi.hslf.exceptions.HSLFException; import org.apache.poi.util.BitField; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogger; @@ -46,6 +47,10 @@ import org.apache.poi.util.POILogger; public final class PersistPtrHolder extends PositionDependentRecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private final byte[] _header; private byte[] _ptrData; // Will need to update this once we allow updates to _slideLocations private long _type; @@ -109,7 +114,7 @@ public final class PersistPtrHolder exte // count * 32 bit offsets // Repeat as many times as you have data _slideLocations = new HashMap<>(); - _ptrData = new byte[len-8]; + _ptrData = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_ptrData,0,_ptrData.length); int pos = 0; Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlideAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlideAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlideAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlideAtom.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.io.IOException; import java.io.OutputStream; import org.apache.poi.hslf.record.SlideAtomLayout.SlideLayoutType; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -33,7 +34,10 @@ public final class SlideAtom extends Rec public static final int USES_MASTER_SLIDE_ID = 0x80000000; // private static final int MASTER_SLIDE_ID = 0x00000000; - private byte[] _header; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + + private byte[] _header; private static long _type = 1007l; private int masterID; @@ -109,7 +113,7 @@ public final class SlideAtom extends Rec // If there's any other bits of data, keep them about // 8 bytes header + 20 bytes to flags + 2 bytes flags = 30 bytes - reserved = new byte[len-30]; + reserved = IOUtils.safelyAllocate(len-30, MAX_RECORD_LENGTH); System.arraycopy(source,start+30,reserved,0,reserved.length); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlidePersistAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlidePersistAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlidePersistAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SlidePersistAtom.java Thu Sep 21 14:52:59 2017 @@ -17,6 +17,7 @@ package org.apache.poi.hslf.record; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import java.io.IOException; import java.io.OutputStream; @@ -28,6 +29,10 @@ import java.io.OutputStream; * @author Nick Burch */ public final class SlidePersistAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 32; + private byte[] _header; private static long _type = 1011l; @@ -92,7 +97,7 @@ public final class SlidePersistAtom exte // Finally you have typically 4 or 8 bytes of reserved fields, // all zero running from 24 bytes in to the end - reservedFields = new byte[len-24]; + reservedFields = IOUtils.safelyAllocate(len-24, MAX_RECORD_LENGTH); System.arraycopy(source,start+24,reservedFields,0,reservedFields.length); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SoundData.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SoundData.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SoundData.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/SoundData.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** @@ -29,6 +30,10 @@ import org.apache.poi.util.LittleEndian; */ public final class SoundData extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + /** * Record header. */ @@ -64,7 +69,7 @@ public final class SoundData extends Rec System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextProp9Atom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextProp9Atom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextProp9Atom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextProp9Atom.java Thu Sep 21 14:52:59 2017 @@ -23,12 +23,17 @@ import java.util.LinkedList; import java.util.List; import org.apache.poi.hslf.model.textproperties.TextPFException9; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; /** * The atom record that specifies additional text formatting. */ public final class StyleTextProp9Atom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private final TextPFException9[] autoNumberSchemes; /** Record header. */ private byte[] header; @@ -56,7 +61,7 @@ public final class StyleTextProp9Atom ex this.length = LittleEndian.getInt(header, 4); // Get the record data. - data = new byte[len-8]; + data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source, start+8, data, 0, len-8); for (int i = 0; i < data.length; ) { final TextPFException9 item = new TextPFException9(data, i); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextPropAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextPropAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextPropAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/StyleTextPropAtom.java Thu Sep 21 14:52:59 2017 @@ -27,6 +27,7 @@ import org.apache.poi.hslf.exceptions.HS import org.apache.poi.hslf.model.textproperties.TextPropCollection; import org.apache.poi.hslf.model.textproperties.TextPropCollection.TextPropType; import org.apache.poi.util.HexDump; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogger; @@ -46,6 +47,9 @@ import org.apache.poi.util.POILogger; public final class StyleTextPropAtom extends RecordAtom { public static final long _type = RecordTypes.StyleTextPropAtom.typeID; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _header; private byte[] reserved; @@ -132,7 +136,7 @@ public final class StyleTextPropAtom ext // Save the contents of the atom, until we're asked to go and // decode them (via a call to setParentTextSize(int) - rawContents = new byte[len-8]; + rawContents = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,rawContents,0,rawContents.length); reserved = new byte[0]; @@ -286,7 +290,7 @@ public final class StyleTextPropAtom ext // Handle anything left over if(pos < rawContents.length) { - reserved = new byte[rawContents.length-pos]; + reserved = IOUtils.safelyAllocate(rawContents.length-pos, rawContents.length); System.arraycopy(rawContents,pos,reserved,0,reserved.length); } @@ -395,7 +399,7 @@ public final class StyleTextPropAtom ext out.append(" original byte stream \n"); - byte buf[] = new byte[rawContents.length+reserved.length]; + byte buf[] = IOUtils.safelyAllocate(rawContents.length+reserved.length, MAX_RECORD_LENGTH); System.arraycopy(rawContents, 0, buf, 0, rawContents.length); System.arraycopy(reserved, 0, buf, rawContents.length, reserved.length); out.append( HexDump.dump(buf, 0, 0) ); Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextBytesAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextBytesAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextBytesAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextBytesAtom.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.io.IOException; import java.io.OutputStream; import org.apache.poi.util.HexDump; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.StringUtil; @@ -33,6 +34,9 @@ import org.apache.poi.util.StringUtil; public final class TextBytesAtom extends RecordAtom { public static final long _type = RecordTypes.TextBytesAtom.typeID; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _header; /** The bytes that make up the text */ @@ -66,7 +70,7 @@ public final class TextBytesAtom extends System.arraycopy(source,start,_header,0,8); // Grab the text - _text = new byte[len-8]; + _text = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_text,0,len-8); } Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextCharsAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextCharsAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextCharsAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextCharsAtom.java Thu Sep 21 14:52:59 2017 @@ -21,6 +21,7 @@ import java.io.IOException; import java.io.OutputStream; import org.apache.poi.util.HexDump; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.StringUtil; @@ -31,6 +32,9 @@ import org.apache.poi.util.StringUtil; public final class TextCharsAtom extends RecordAtom { public static final long _type = RecordTypes.TextCharsAtom.typeID; + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 1_000_000; + private byte[] _header; /** The bytes that make up the text */ @@ -44,7 +48,7 @@ public final class TextCharsAtom extends /** Updates the text in the Atom. */ public void setText(String text) { // Convert to little endian unicode - _text = new byte[text.length()*2]; + _text = IOUtils.safelyAllocate(text.length()*2, MAX_RECORD_LENGTH); StringUtil.putUnicodeLE(text,_text,0); // Update the size (header bytes 5-8) @@ -65,7 +69,7 @@ public final class TextCharsAtom extends System.arraycopy(source,start,_header,0,8); // Grab the text - _text = new byte[len-8]; + _text = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_text,0,len-8); } /** Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextRulerAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextRulerAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextRulerAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextRulerAtom.java Thu Sep 21 14:52:59 2017 @@ -20,6 +20,7 @@ package org.apache.poi.hslf.record; import java.io.IOException; import java.io.OutputStream; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.POILogger; @@ -27,6 +28,10 @@ import org.apache.poi.util.POILogger; * Ruler of a text as it differs from the style's ruler settings. */ public final class TextRulerAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + /** * Record header. */ @@ -69,7 +74,7 @@ public final class TextRulerAtom extends System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); try { Modified: poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java URL: http://svn.apache.org/viewvc/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java?rev=1809169&r1=1809168&r2=1809169&view=diff ============================================================================== --- poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java (original) +++ poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/TextSpecInfoAtom.java Thu Sep 21 14:52:59 2017 @@ -24,6 +24,7 @@ import java.util.ArrayList; import java.util.List; import org.apache.poi.hslf.exceptions.HSLFException; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndianByteArrayInputStream; @@ -34,6 +35,10 @@ import org.apache.poi.util.LittleEndianB * @author Yegor Kozlov */ public final class TextSpecInfoAtom extends RecordAtom { + + //arbitrarily selected; may need to increase + private static final int MAX_RECORD_LENGTH = 100_000; + private static final long _type = RecordTypes.TextSpecInfoAtom.typeID; /** @@ -69,7 +74,7 @@ public final class TextSpecInfoAtom exte System.arraycopy(source,start,_header,0,8); // Get the record data. - _data = new byte[len-8]; + _data = IOUtils.safelyAllocate(len-8, MAX_RECORD_LENGTH); System.arraycopy(source,start+8,_data,0,len-8); } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
