This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/poi.git
The following commit(s) were added to refs/heads/trunk by this push:
new df5604a1d7 check input stream read params (#1012)
df5604a1d7 is described below
commit df5604a1d724685e28f2e7c3ae37dacac49ebe42
Author: PJ Fanning <[email protected]>
AuthorDate: Tue Feb 17 09:20:28 2026 +0100
check input stream read params (#1012)
---
.../main/java/org/apache/poi/util/RLEDecompressingInputStream.java | 6 +++---
poi/src/test/java/org/apache/poi/POIDataSamples.java | 3 +++
poi/src/test/java/org/apache/poi/hssf/dev/BiffDumpingStream.java | 6 +++---
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git
a/poi/src/main/java/org/apache/poi/util/RLEDecompressingInputStream.java
b/poi/src/main/java/org/apache/poi/util/RLEDecompressingInputStream.java
index 55ba486407..8a6b9bff82 100644
--- a/poi/src/main/java/org/apache/poi/util/RLEDecompressingInputStream.java
+++ b/poi/src/main/java/org/apache/poi/util/RLEDecompressingInputStream.java
@@ -20,6 +20,7 @@ package org.apache.poi.util;
import java.io.IOException;
import java.io.InputStream;
import java.util.Locale;
+import java.util.Objects;
import org.apache.commons.io.input.UnsynchronizedByteArrayInputStream;
import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream;
@@ -101,9 +102,8 @@ public class RLEDecompressingInputStream extends
InputStream {
@Override
public int read(byte[] b, int off, int l) throws IOException {
- if (len == -1) {
- return -1;
- }
+ Objects.requireNonNull(b, "b == null");
+ Objects.checkFromIndexSize(off, l, b.length);
int offset = off;
int length = l;
while (length > 0) {
diff --git a/poi/src/test/java/org/apache/poi/POIDataSamples.java
b/poi/src/test/java/org/apache/poi/POIDataSamples.java
index f976cd0c91..6106e449f4 100644
--- a/poi/src/test/java/org/apache/poi/POIDataSamples.java
+++ b/poi/src/test/java/org/apache/poi/POIDataSamples.java
@@ -21,6 +21,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.file.Files;
+import java.util.Objects;
import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
@@ -246,6 +247,8 @@ public final class POIDataSamples {
}
@Override
public int read(byte[] b, int off, int len) throws IOException {
+ Objects.requireNonNull(b, "b == null");
+ Objects.checkFromIndexSize(off, len, b.length);
return _is.read(b, off, len);
}
@Override
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/BiffDumpingStream.java
b/poi/src/test/java/org/apache/poi/hssf/dev/BiffDumpingStream.java
index 0591b359cb..2737199f29 100644
--- a/poi/src/test/java/org/apache/poi/hssf/dev/BiffDumpingStream.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/BiffDumpingStream.java
@@ -20,6 +20,7 @@ package org.apache.poi.hssf.dev;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Objects;
import org.apache.poi.hssf.record.RecordInputStream;
import org.apache.poi.util.LittleEndian;
@@ -63,9 +64,8 @@ final class BiffDumpingStream extends InputStream {
@Override
public int read(byte[] b, int off, int len) throws IOException {
- if (b == null || off < 0 || len < 0 || b.length < off + len) {
- throw new IllegalArgumentException();
- }
+ Objects.requireNonNull(b, "b == null");
+ Objects.checkFromIndexSize(off, len, b.length);
if (_currentPos >= _currentSize) {
fillNextBuffer();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
