[Bug 60256] OLE10Native initialization OOM

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60256

Tim Allison  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #4 from Tim Allison  ---
r1764927 

I added a length check.  We'll now get an exception for the embedded object
because it is corrupt.  Please re-open if I've misunderstood the OLE10Native
format.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org

[Bug 60256] OLE10Native initialization OOM

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60256

Thomas Galla  changed:

   What|Removed |Added

 CC||thomas.ga...@cycos.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org

[Bug 60256] OLE10Native initialization OOM

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60256

--- Comment #3 from Tim Allison  ---
Y, this OLE object has no size NativeDataSize, which is required according to. 
We're reading the actual data "ybut" as the length.

I'll add the size check and close this out.

[1] https://msdn.microsoft.com/en-us/library/dd942053.aspx

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org

[Bug 60256] OLE10Native initialization OOM

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60256

--- Comment #2 from Tim Allison  ---
The ole10Native object looks like a list of urls and keys...Corrupt data?

Should we add a length check in Ole10Native and call it a day?

if (dataSize > data.length-ofs) {
throw new Ole10NativeException("calculated data size > input byte
array-offset");
}
dataBuffer = new byte[dataSize];

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org

[Bug 60256] OLE10Native initialization OOM

2016-10-14 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=60256

--- Comment #1 from Tim Allison  ---
triggering doc and "ignored" test stub added to TestOle10Native in r1764890.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org