svn commit: r1911525 - in /poi/trunk: poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/ poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/ test-data/slideshow/ test-data/spreadsheet/

centic Mon, 07 Aug 2023 13:36:04 -0700

Author: centic
Date: Mon Aug  7 20:35:59 2023
New Revision: 1911525

URL: http://svn.apache.org/viewvc?rev=1911525&view=rev
Log:
Bug 66425: Add memory-safeguard in one more place


We try to generally avoid overly large allocations in places
where arrays are allocated. 

We add one more such check for pictures in HSLF.

We might need to increase the used value of 10MB if users report 
larger files being used frequently. 

Overriding this check via IOUtils is possible.

Added:
    
poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt
   (with props)
Modified:
    
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
    
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
    
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
    poi/trunk/test-data/spreadsheet/stress.xls

Modified: 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java?rev=1911525&r1=1911524&r2=1911525&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
 Mon Aug  7 20:35:59 2023
@@ -94,6 +94,7 @@ public final class HSLFSlideShowImpl ext
     private static final int DEFAULT_MAX_RECORD_LENGTH = 200_000_000;
     private static final int MAX_DOCUMENT_SIZE = 100_000_000;
     private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
+    private static final int MAX_IMAGE_LENGTH = 10_000_000;
 
     // Holds metadata on where things are in our document
     private CurrentUserAtom currentUser;
@@ -407,7 +408,7 @@ public final class HSLFSlideShowImpl ext
         EscherContainerRecord blipStore = getBlipStore();
         byte[] pictstream;
         try (DocumentInputStream is = 
getDirectory().createDocumentInputStream(entry)) {
-            pictstream = IOUtils.toByteArray(is, entry.getSize());
+            pictstream = IOUtils.toByteArray(is, entry.getSize(), 
MAX_IMAGE_LENGTH);
         }
 
         List<PictureFactory> factories = new ArrayList<>();

Modified: 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java?rev=1911525&r1=1911524&r2=1911525&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
 Mon Aug  7 20:35:59 2023
@@ -16,17 +16,23 @@
 ==================================================================== */
 package org.apache.poi.hslf.dev;
 
-import static org.junit.jupiter.api.Assertions.assertThrows;
+import org.apache.poi.EmptyFileException;
+import org.apache.poi.hslf.HSLFTestDataSamples;
+import org.junit.jupiter.api.Test;
 
 import java.io.File;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 
-import org.apache.poi.EmptyFileException;
-import org.apache.poi.hslf.HSLFTestDataSamples;
-import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 public class TestPPTXMLDump extends BaseTestPPTIterating {
+    static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
+    static {
+        
LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+    }
+
     @Test
     void testMain() throws Exception {
         PPTXMLDump.main(new String[0]);
@@ -41,7 +47,13 @@ public class TestPPTXMLDump extends Base
 
     @Override
     void runOneFile(File pFile) throws Exception {
-        PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
+        try {
+           PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
+        } catch (IndexOutOfBoundsException e) {
+            if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
+                throw e;
+            }
+        }
     }
 
     @Override

Modified: 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java?rev=1911525&r1=1911524&r2=1911525&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
 Mon Aug  7 20:35:59 2023
@@ -20,12 +20,19 @@ import static org.junit.jupiter.api.Asse
 
 import java.io.File;
 import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.poi.EmptyFileException;
 import org.apache.poi.hslf.HSLFTestDataSamples;
 import org.junit.jupiter.api.Test;
 
 public class TestSlideIdListing extends BaseTestPPTIterating {
+    static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
+    static {
+        
LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+    }
+
     @Test
     void testMain() throws IOException {
         // calls System.exit(): SlideIdListing.main(new String[0]);
@@ -37,6 +44,12 @@ public class TestSlideIdListing extends
 
     @Override
     void runOneFile(File pFile) throws Exception {
-        SlideIdListing.main(new String[]{pFile.getAbsolutePath()});
+        try {
+            SlideIdListing.main(new String[]{pFile.getAbsolutePath()});
+        } catch (IllegalArgumentException e) {
+            if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
+                throw e;
+            }
+        }
     }
 }
\ No newline at end of file

Added: 
poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt?rev=1911525&view=auto
==============================================================================
Binary file - no diff available.

Propchange: 
poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt
------------------------------------------------------------------------------
    svn:mime-type = application/vnd.ms-powerpoint

Modified: poi/trunk/test-data/spreadsheet/stress.xls
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911525&r1=1911524&r2=1911525&view=diff
==============================================================================
Binary files - no diff available.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1911525 - in /poi/trunk: poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/ poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/ test-data/slideshow/ test-data/spreadsheet/

Reply via email to