Bug 66425: Avoid exceptions found via poi-fuzz

Prevent too deep nesting by throwing an exception instead of just not parsing more nesting-levels as this still caused OOMs. Allow to adjust the limit via static setter as elsewhere to give users a chance to parse very complicated files if really necessary. https://issues.oss-fuzz.com/issues/42528505 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923277 13f79535-47bb-0310-9956-ffa450edef68
2026-02-27 12:30:08 +08:00 · 2025-01-20 18:40:32 +00:00 · 2025-01-20 18:40:32 +00:00 · 80fd35198d
commit 80fd35198d
parent dd647b5d2d
3 changed files with 15 additions and 6 deletions
--- a/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
@ -30,7 +30,7 @@ import org.apache.poi.hdgf.pointers.PointerFactory;
 public class PointerContainingStream extends Stream { // TODO - instantiable superclass
    private static final Logger LOG = PoiLogManager.getLogger(PointerContainingStream.class);

-    private static final int MAX_CHILDREN_NESTING = 500;
+    private static int MAX_CHILDREN_NESTING = 500;

    private final Pointer[] childPointers;
    private Stream[] childStreams;
@ -42,7 +42,7 @@ public class PointerContainingStream extends Stream { // TODO - instantiable sup
        super(pointer, store);
        this.chunkFactory = chunkFactory;
        this.pointerFactory = pointerFactory;
-        
+
        // Have the child pointers identified and created
        childPointers = pointerFactory.createContainerPointers(pointer, store.getContents());
    }
@ -69,14 +69,15 @@ public class PointerContainingStream extends Stream { // TODO - instantiable sup

    private void findChildren(byte[] documentData, int nesting) {
        if (nesting > MAX_CHILDREN_NESTING) {
-            LOG.warn("Encountered too deep nesting, cannot fully process stream " +
-                    " with more than " + MAX_CHILDREN_NESTING + " nested children." +
-                    " Some data could not be parsed.");
-            return;
+            throw new IllegalArgumentException("Encountered too deep nesting, cannot process stream " +
+                    "with more than " + MAX_CHILDREN_NESTING + " nested children. " +
+                    "Some data could not be parsed. You can call setMaxChildrenNesting() to adjust " +
+                    "this limit.");
        }

        // For each pointer, generate the Stream it points to
        childStreams = new Stream[childPointers.length];
+
        for(int i=0; i<childPointers.length; i++) {
            Pointer ptr = childPointers[i];
            childStreams[i] = Stream.createStream(ptr, documentData, chunkFactory, pointerFactory);
@ -95,4 +96,12 @@ public class PointerContainingStream extends Stream { // TODO - instantiable sup
            }
        }
    }
+
+    public static int getMaxChildrenNesting() {
+        return MAX_CHILDREN_NESTING;
+    }
+
+    public static void setMaxChildrenNesting(int maxChildrenNesting) {
+        MAX_CHILDREN_NESTING = maxChildrenNesting;
+    }
 }
--- a/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd
+++ b/test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls