https://bz.apache.org/bugzilla/show_bug.cgi?id=60685
--- Comment #1 from Javen O'Neal <one...@apache.org> ---
Knowing nothing about the Compound File Binary Format (is this the same as or a
predecessor to OLE2 containers?) [1.2]
CHNKINK record offset = 0x8200
QC Bit offset = 0x8340 - 0x8200 = 0x0140
Annotated contents of data[offset:offset+24]:
+0 | +2 | +6 | +8 | +10 | +12 | +16
| +20
recID | thingType | optA | optB | optC | bitType | from
| len
00008340 18 00 | 54 4f 4b 4e | 00 00 | 01 00 | 00 00 | 50 4c 43 20 | 32 62 00
00 | 58 00 00 00
data QCBit | "TOKN" | false | true | false | "PLC " | 0x6232
| 0x58 = 88 bytes
Location Len Hex Value Field Meaning (Little Endian conv, ASCII, hex
to dec, etc)
00008200+00 [8] 43 48 4e 4b 49 4e 4b 20 "CHNKINK "
...
00008340+00 [2] 18 00 QC Bit recID
00008340+02 [4] 54 4f 4b 4e thingType "TOKN"
00008340+06 [2] 00 00 optA 0x0000 -> false
00008340+08 [2] 01 00 optB 0x0001 -> true
00008340+10 [2] 00 00 optC 0x0000 -> false
00008340+12 [4] 50 4c 43 20 bitType "PLC "
00008340+16 [4] 32 62 00 00 data from 0x6232, the byte offset from the
beginning of the CHNKINK record at 0x8200
00008340+20 [4] 58 00 00 00 data len 0x58 = 88 bytes
...
And the raw QCPLCBit record at 0x8200+0x6232=0xe432:
0000e430 03 00 00 00 0c 00 00 00 ff ff 01 00 06 01 |..............|
0000e440 00 00 11 01 00 00 4e 07 00 00 5a 07 00 00 16 00 |......N...Z.....|
0000e450 00 00 00 22 00 06 00 00 01 22 09 00 00 00 02 22 |..."....."....."|
0000e460 07 00 00 00 0a 00 00 00 01 22 0f 00 00 00 0a 00 |........."......|
0000e470 00 00 01 22 0a 00 00 00 0a 00 00 00 00 22 ff ff |..."........."..|
0000e480 ff ff 04 00 00 00 04 00 00 00 |..........|
Interpreting the QCPLCBit:
0000e432+0 03 00 00 00 3 number of PLCs
0000e432+4 0c 00 00 00 Type12 (holds hyperlinks, complicated) type of PLCs
...
The QC Bit header specifies the QC PLC Bit record has a length of 88 bytes.
The QCPLCBit specifies it contains 3 hyperlink PLCs (Type 12, 0x0c).
>From how I interpret the current code, there's no way that 3 PLC hyperlinks can
be specified in 88 bytes.
> oneStartsAt = 0x4c
> twoStartsAt = 0x68
> threePlusIncrement = 22
Therefore three probably starts at 0x68+22=0x7e and ends at 0x68+22*2=0x94
With 0x58=88 bytes, there aren't even enough bytes for a second, let alone a
third PLC.
I guess we'd have to consult [MS-CFB][2] to figure out if this QCPLCBit record
really can be 88 bytes long or if the file is corrupt and silently skips over
reading these hyperlinks.
[1] https://en.wikipedia.org/wiki/Compound_File_Binary_Format
[2] https://msdn.microsoft.com/en-us/library/dd942138.aspx
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
