svn commit: r375274 - /jakarta/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Record.java

Mon, 06 Feb 2006 05:12:27 -0800 

Author: nick
Date: Mon Feb  6 05:12:02 2006
New Revision: 375274

URL: http://svn.apache.org/viewcvs?rev=375274&view=rev
Log:
Fix for bug 38526 - If the record claims to be longer than the remaining data, 
just return null and ignore it

Modified:
    jakarta/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Record.java

Modified: 
jakarta/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Record.java
URL: 
http://svn.apache.org/viewcvs/jakarta/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Record.java?rev=375274&r1=375273&r2=375274&view=diff
==============================================================================
--- jakarta/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Record.java 
(original)
+++ jakarta/poi/trunk/src/scratchpad/src/org/apache/poi/hslf/record/Record.java 
Mon Feb  6 05:12:02 2006
@@ -105,9 +105,12 @@
                                throw new 
CorruptPowerPointFileException("Corrupt document - starts with record of type 
0000 and length 0xFFFF");
                        }
 
-//System.out.println("Found a " + type + " at pos " + pos + " (" + 
Integer.toHexString(pos) + "), len " + rlen);
                        Record r = createRecordForType(type,b,pos,8+rleni);
-                       children.add(r);
+                       if(r != null) {
+                               children.add(r);
+                       } else {
+                               // Record was horribly corrupt
+                       }
                        pos += 8;
                        pos += rlen;
                }
@@ -131,6 +134,13 @@
         */
        public static Record createRecordForType(long type, byte[] b, int 
start, int len) {
                Record toReturn = null;
+
+               // Handle case of a corrupt last record, whose claimed length
+               //  would take us passed the end of the file
+               if(start + len > b.length) {
+                       System.err.println("Warning: Skipping record of type " 
+ type + " at position " + start + " which claims to be longer than the file! 
(" + len + " vs " + (b.length-start) + ")");
+                       return null;
+               }
 
                // We use the RecordTypes class to provide us with the right
                //  class to use for a given type



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
Mailing List:    http://jakarta.apache.org/site/mail2.html#poi
The Apache Jakarta POI Project: http://jakarta.apache.org/poi/

Reply via email to