[bug-65372] allow max entry size to be higher than 4Gb

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1894036 13f79535-47bb-0310-9956-ffa450edef68
2021-10-08 18:12:18 +00:00 · 2021-10-08 18:12:18 +00:00 · 5e7d8e85ca
parent 47118082ff
commit 5e7d8e85ca
4 changed files with 35 additions and 4 deletions
--- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipSecureFile.java
@ -22,6 +22,8 @@ import java.io.IOException;

 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipFile;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;

 /**
 * This class wraps a {@link ZipFile} in order to check the
@ -32,6 +34,7 @@ import org.apache.commons.compress.archivers.zip.ZipFile;
 * and {@link #setMinInflateRatio(double)}.
 */
 public class ZipSecureFile extends ZipFile {
+    private static final Logger LOG = LogManager.getLogger(ZipSecureFile.class);
    /* package */ static double MIN_INFLATE_RATIO = 0.01d;
    /* package */ static long MAX_ENTRY_SIZE = 0xFFFFFFFFL;
    
@ -71,10 +74,13 @@ public class ZipSecureFile extends ZipFile {
     * security vulnerabilities when documents are provided by users.
     *
     * @param maxEntrySize the max. file size of a single zip entry
+     * @throws IllegalArgumentException for negative maxEntrySize
     */
    public static void setMaxEntrySize(long maxEntrySize) {
-        if (maxEntrySize < 0 || maxEntrySize > 0xFFFFFFFFL) {   // don't use MAX_ENTRY_SIZE here!
-            throw new IllegalArgumentException("Max entry size is bounded [0-4GB], but had " + maxEntrySize);
+        if (maxEntrySize < 0) {
+            throw new IllegalArgumentException("Max entry size must be greater than or equal to zero");
+        } else if (maxEntrySize > 0xFFFFFFFFL) {
+            LOG.atWarn().log("setting max entry size greater tahn 4Gb can be risky; set to " + maxEntrySize + " bytes");
        }
        MAX_ENTRY_SIZE = maxEntrySize;
    }
--- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/opc/TestPackage.java
@ -32,7 +32,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;

 import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
--- a/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/openxml4j/util/TestZipSecureFile.java
@ -25,7 +25,7 @@ import org.junit.jupiter.api.Test;
 import java.io.InputStream;
 import java.util.Enumeration;

-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;

 class TestZipSecureFile {
    @Test
@ -47,4 +47,20 @@ class TestZipSecureFile {
            }
        }
    }
+
+    @Test
+    void testSettingMaxEntrySizeAsNegative() {
+        assertThrows(IllegalArgumentException.class, () -> ZipSecureFile.setMaxEntrySize(-1));
+    }
+
+    @Test
+    void testSettingMaxEntrySizeAs8Gb() {
+        long approx8Gb = 0xFFFFFFFFL * 2;
+        try {
+            ZipSecureFile.setMaxEntrySize(approx8Gb);
+            assertEquals(approx8Gb, ZipSecureFile.getMaxEntrySize());
+        } finally {
+            ZipSecureFile.setMaxEntrySize(0xFFFFFFFFL);
+        }
+    }
 }
--- a/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/xwpf/TestXWPFBugs.java
@ -139,4 +139,14 @@ class TestXWPFBugs {
            zf.close();
        }
    }
+
+    @Test
+    void bug65320() throws Exception {
+        try (
+                OPCPackage pkg = OPCPackage.open(samples.getFile("bug65320.docx"));
+                XWPFDocument document = new XWPFDocument(pkg)
+        ){
+            assertEquals(1, document.getAllPictures().size());
+        }
+    }
 }