pashko/apache-poi
1
0
Fork 0
mirror of https://github.com/apache/poi.git synced 2026-02-27 20:40:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bug 66425: Avoid exceptions found via poi-fuzz

Browse Source 
Prevent too deep nesting by throwing an exception
instead of just not parsing more nesting-levels as
this still caused OOMs.

Allow to adjust the limit via static setter as elsewhere
to give users a chance to parse very complicated files
if really necessary.

https://issues.oss-fuzz.com/issues/42528505

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923277 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2025-01-20 18:40:32 +00:00
parent dd647b5d2d
commit 80fd35198d
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
View File

@ -30,7 +30,7 @@ import org.apache.poi.hdgf.pointers.PointerFactory;
public class PointerContainingStream extends Stream { // TODO - instantiable superclass public class PointerContainingStream extends Stream { // TODO - instantiable superclass
private static final Logger LOG = PoiLogManager.getLogger(PointerContainingStream.class); private static final Logger LOG = PoiLogManager.getLogger(PointerContainingStream.class);
private static final int MAX_CHILDREN_NESTING = 500; private static int MAX_CHILDREN_NESTING = 500;
private final Pointer[] childPointers; private final Pointer[] childPointers;
private Stream[] childStreams; private Stream[] childStreams;
@ -42,7 +42,7 @@ public class PointerContainingStream extends Stream { // TODO - instantiable sup
super(pointer, store); super(pointer, store);
this.chunkFactory = chunkFactory; this.chunkFactory = chunkFactory;
this.pointerFactory = pointerFactory; this.pointerFactory = pointerFactory;
// Have the child pointers identified and created // Have the child pointers identified and created
childPointers = pointerFactory.createContainerPointers(pointer, store.getContents()); childPointers = pointerFactory.createContainerPointers(pointer, store.getContents());
} }
@ -69,14 +69,15 @@ public class PointerContainingStream extends Stream { // TODO - instantiable sup
private void findChildren(byte[] documentData, int nesting) { private void findChildren(byte[] documentData, int nesting) {
if (nesting > MAX_CHILDREN_NESTING) { if (nesting > MAX_CHILDREN_NESTING) {
LOG.warn("Encountered too deep nesting, cannot fully process stream " + throw new IllegalArgumentException("Encountered too deep nesting, cannot process stream " +
" with more than " + MAX_CHILDREN_NESTING + " nested children." + "with more than " + MAX_CHILDREN_NESTING + " nested children. " +
" Some data could not be parsed."); "Some data could not be parsed. You can call setMaxChildrenNesting() to adjust " +
return; "this limit.");
} }
// For each pointer, generate the Stream it points to // For each pointer, generate the Stream it points to
childStreams = new Stream[childPointers.length]; childStreams = new Stream[childPointers.length];
for(int i=0; i<childPointers.length; i++) { for(int i=0; i<childPointers.length; i++) {
Pointer ptr = childPointers[i]; Pointer ptr = childPointers[i];
childStreams[i] = Stream.createStream(ptr, documentData, chunkFactory, pointerFactory); childStreams[i] = Stream.createStream(ptr, documentData, chunkFactory, pointerFactory);
@ -95,4 +96,12 @@ public class PointerContainingStream extends Stream { // TODO - instantiable sup
} }
} }
} }
public static int getMaxChildrenNesting() {
return MAX_CHILDREN_NESTING;
}
public static void setMaxChildrenNesting(int maxChildrenNesting) {
MAX_CHILDREN_NESTING = maxChildrenNesting;
}
} }

BIN
test-data/diagram/clusterfuzz-testcase-minimized-POIHDGFFuzzer-6478389109981184.vsd Normal file
View File

Binary file not shown.

BIN
test-data/spreadsheet/stress.xls
View File

Binary file not shown.