This is an automated email from the ASF dual-hosted git repository. centic pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/poi.git
commit 22531fe63852e124036106d3e5bbe4b03b9e2faf Author: Dominik Stadler <[email protected]> AuthorDate: Fri Jan 16 08:55:27 2026 +0100 Prevent invalid height/width in wmf-images exhausting memory Introduce an adjustable limit of maximum number of pixels for when drawing the image --- .../org/apache/poi/hwmf/record/HwmfBitmapDib.java | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java b/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java index bb2e66bfa2..cfe5804ee3 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hwmf/record/HwmfBitmapDib.java @@ -51,6 +51,9 @@ import org.apache.poi.util.RecordFormatException; * The DeviceIndependentBitmap Object defines an image in device-independent bitmap (DIB) format. */ public class HwmfBitmapDib implements GenericRecord { + // arbitrarily selected; may need to increase + private static final int DEFAULT_MAX_HEIGHT_WIDTH = 10_000; + protected static int MAX_HEIGHT_WIDTH = DEFAULT_MAX_HEIGHT_WIDTH; private static final Logger LOG = PoiLogManager.getLogger(HwmfBitmapDib.class); private static final int BMP_HEADER_SIZE = 14; @@ -532,6 +535,13 @@ public class HwmfBitmapDib implements GenericRecord { return new BufferedImage(1, 1, BufferedImage.TYPE_INT_ARGB); } + if (headerHeight > MAX_HEIGHT_WIDTH || headerWidth > MAX_HEIGHT_WIDTH) { + throw new RecordFormatException("The width or height specified in the header exceed the current " + + "limit. Height: " + headerHeight + ", width: " + headerWidth + + ", Max width/height: " + MAX_HEIGHT_WIDTH + + ". Limits can be adjusted via 'HwmfBitmapDib.setMaxHeightWidth'"); + } + BufferedImage bi = new BufferedImage(headerWidth, headerHeight, BufferedImage.TYPE_INT_ARGB); Graphics2D g = bi.createGraphics(); g.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON); @@ -559,4 +569,21 @@ public class HwmfBitmapDib implements GenericRecord { g.dispose(); return bi; } + + /** + * Adjust limit to prevent broken images from exceeding available + * memory when being drawn. + * + * @param length the max number of pixel of width/height to allow for images + */ + public static void setMaxHeightWidth(int length) { + MAX_HEIGHT_WIDTH = length; + } + + /** + * @return the max number of pixel of width/height to allow for images + */ + public static int getMaxHeightWidth() { + return MAX_HEIGHT_WIDTH; + } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
