add length sanity check for length of embedded OLE10Native (BUG 60256)

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1764927 13f79535-47bb-0310-9956-ffa450edef68

src/java/org/apache/poi/poifs/filesystem/Ole10Native.java

@@ -193,6 +193,9 @@ public class Ole10Native {
             break;
         }
 
+        if ((long)dataSize + (long)ofs > (long)data.length) { //cast to avoid overflow
+            throw new Ole10NativeException("Invalid Ole10Native: declared data length > available data");
+        }
         dataBuffer = new byte[dataSize];
         System.arraycopy(data, ofs, dataBuffer, 0, dataSize);
         ofs += dataSize;

src/testcases/org/apache/poi/poifs/filesystem/TestOle10Native.java

@@ -20,6 +20,8 @@ package org.apache.poi.poifs.filesystem;
 import static org.hamcrest.core.IsEqual.equalTo;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -110,10 +112,14 @@ public class TestOle10Native {
     }
 
     @Test
-    @Ignore("BUG 60256")
     public void testOleNativeOOM() throws IOException, Ole10NativeException {
         POIFSFileSystem fs = new POIFSFileSystem(dataSamples.openResourceAsStream("60256.bin"));
-        Ole10Native ole = Ole10Native.createFromEmbeddedOleObject(fs);
+        try {
+            Ole10Native.createFromEmbeddedOleObject(fs);
+            fail("Should have thrown exception because OLENative lacks a length parameter");
+        } catch (Ole10NativeException e) {
+            assertTrue(e.getMessage().indexOf("declared data length") > -1);
+        }
     }
 
 }