Author: centic Date: Mon Jan 20 18:40:32 2025 New Revision: 1923277 URL: http://svn.apache.org/viewvc?rev=1923277&view=rev Log: Bug 66425: Avoid exceptions found via poi-fuzz
Prevent too deep nesting by throwing an exception instead of just not parsing more nesting-levels as this still caused OOMs. Allow to adjust the limit via static setter as elsewhere to give users a chance to parse very complicated files if really necessary. https://issues.oss-fuzz.com/issues/42528505 Added: poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java?rev=1923277&r1=1923276&r2=1923277&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java Mon Jan 20 18:40:32 2025 @@ -30,7 +30,7 @@ import org.apache.poi.hdgf.pointers.Poin public class PointerContainingStream extends Stream { // TODO - instantiable superclass private static final Logger LOG = PoiLogManager.getLogger(PointerContainingStream.class); - private static final int MAX_CHILDREN_NESTING = 500; + private static int MAX_CHILDREN_NESTING = 500; private final Pointer[] childPointers; private Stream[] childStreams; @@ -42,7 +42,7 @@ public class PointerContainingStream ext super(pointer, store); this.chunkFactory = chunkFactory; this.pointerFactory = pointerFactory; - + // Have the child pointers identified and created childPointers = pointerFactory.createContainerPointers(pointer, store.getContents()); } @@ -69,14 +69,15 @@ public class PointerContainingStream ext private void findChildren(byte[] documentData, int nesting) { if (nesting > MAX_CHILDREN_NESTING) { - LOG.warn("Encountered too deep nesting, cannot fully process stream " + - " with more than " + MAX_CHILDREN_NESTING + " nested children." + - " Some data could not be parsed."); - return; + throw new IllegalArgumentException("Encountered too deep nesting, cannot process stream " + + "with more than " + MAX_CHILDREN_NESTING + " nested children. " + + "Some data could not be parsed. You can call setMaxChildrenNesting() to adjust " + + "this limit."); } // For each pointer, generate the Stream it points to childStreams = new Stream[childPointers.length]; + for(int i=0; i<childPointers.length; i++) { Pointer ptr = childPointers[i]; childStreams[i] = Stream.createStream(ptr, documentData, chunkFactory, pointerFactory); @@ -95,4 +96,12 @@ public class PointerContainingStream ext } } } + + public static int getMaxChildrenNesting() { + return MAX_CHILDREN_NESTING; + } + + public static void setMaxChildrenNesting(int maxChildrenNesting) { + MAX_CHILDREN_NESTING = maxChildrenNesting; + } } Added: poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd URL: http://svn.apache.org/viewvc/poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd?rev=1923277&view=auto ============================================================================== Binary files poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd (added) and poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd Mon Jan 20 18:40:32 2025 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1923277&r1=1923276&r2=1923277&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
