This is an automated email from the ASF dual-hosted git repository. centic pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/poi.git
commit 0ae15edb2c7feb69bea4b29c7e2c1dd053215061 Author: Dominik Stadler <[email protected]> AuthorDate: Tue Jan 20 21:49:20 2026 +0100 Perform an allocation-check for .emf files --- .../src/main/java/org/apache/poi/hemf/record/emf/HemfDraw.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfDraw.java b/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfDraw.java index 5918158564..daa9bb4bc6 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfDraw.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hemf/record/emf/HemfDraw.java @@ -39,10 +39,14 @@ import org.apache.poi.hwmf.record.HwmfDraw; import org.apache.poi.hwmf.record.HwmfDraw.WmfSelectObject; import org.apache.poi.util.GenericRecordJsonWriter; import org.apache.poi.util.GenericRecordUtil; +import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndianConsts; import org.apache.poi.util.LittleEndianInputStream; public final class HemfDraw { + // arbitrary limit to avoid OOM on malformed files. This may need increasing if "normal" files have more than this + public static final int MAX_NUMBER_OF_POLYGONS = 100_000; + private HemfDraw() {} /** @@ -501,6 +505,7 @@ public final class HemfDraw { size += 2 * LittleEndianConsts.INT_SIZE; // An array of 32-bit unsigned integers that specifies the point count for each polygon. + IOUtils.safelyAllocateCheck(numberOfPolygons, MAX_NUMBER_OF_POLYGONS); long[] polygonPointCount = new long[(int)numberOfPolygons]; size += numberOfPolygons * LittleEndianConsts.INT_SIZE; --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
