https://issues.apache.org/bugzilla/show_bug.cgi?id=52372
Nick Burch <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO --- Comment #6 from Nick Burch <[email protected]> 2011-12-23 03:24:35 UTC --- The issue is that we're reading a value that should contain the number of properties in the section, then trying to create an array to hold that many properties (before reading into them, so it couldn't be a buffer overflow even in C!) What we're not doing is sanity checking the number of properties, so if the file has been corrupted and that value is very large, we trust it at that point and try to allocate a big array. (Later on we'd throw a different exception on discovering the value was corrupt and specified more properties than there's data for) We could probably do some checks on the size, and also move the array initialisation to after the first pass too Are you able to check the Microsoft Documentation to see what the limit on the number of properties in a section is? (That'd be an easy sanity check to do first) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
