diff --git a/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java b/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java index aee6747592..d11841dd59 100644 --- a/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java +++ b/src/java/org/apache/poi/poifs/filesystem/Ole10Native.java @@ -192,7 +192,10 @@ public class Ole10Native { dataSize = totalSize; break; } - + + if ((long)dataSize + (long)ofs > (long)data.length) { //cast to avoid overflow + throw new Ole10NativeException("Invalid Ole10Native: declared data length > available data"); + } dataBuffer = new byte[dataSize]; System.arraycopy(data, ofs, dataBuffer, 0, dataSize); ofs += dataSize; diff --git a/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java b/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java index a8826ffad0..0abdf8489c 100644 --- a/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java +++ b/src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java @@ -20,6 +20,8 @@ package org.apache.poi.poifs.filesystem; import static org.hamcrest.core.IsEqual.equalTo; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import java.io.ByteArrayOutputStream; import java.io.File; @@ -110,10 +112,14 @@ public class TestOle10Native { } @Test - @Ignore("BUG 60256") public void testOleNativeOOM() throws IOException, Ole10NativeException { POIFSFileSystem fs = new POIFSFileSystem(dataSamples.openResourceAsStream("60256.bin")); - Ole10Native ole = Ole10Native.createFromEmbeddedOleObject(fs); + try { + Ole10Native.createFromEmbeddedOleObject(fs); + fail("Should have thrown exception because OLENative lacks a length parameter"); + } catch (Ole10NativeException e) { + assertTrue(e.getMessage().indexOf("declared data length") > -1); + } } }