Limit allocated elements in the PlfLfo structure for word documents

Use large allocation-detection here as well,
otherwise some documents can try to allocate too much memory.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1896744 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2022-01-06 11:10:00 +00:00
parent 71f063b465
commit 729d78cda6
4 changed files with 9 additions and 3 deletions

View File

@ -26,6 +26,7 @@ import java.util.NoSuchElementException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.hwpf.model.types.LFOAbstractType;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianConsts;
@ -37,10 +38,11 @@ import static org.apache.logging.log4j.util.Unbox.box;
* Documentation quoted from Page 424 of 621. [MS-DOC] -- v20110315 Word (.doc)
* Binary File Format
*/
public class PlfLfo
{
public class PlfLfo {
private static final Logger LOGGER = LogManager.getLogger(PlfLfo.class);
private static final int MAX_NUMBER_OF_LFO = 100_000;
/**
* An unsigned integer that specifies the count of elements in both the
* rgLfo and rgLfoData arrays.
@ -76,6 +78,8 @@ public class PlfLfo
+ Integer.MAX_VALUE + " elements" );
}
IOUtils.safelyAllocateCheck(lfoMacLong, MAX_NUMBER_OF_LFO);
this._lfoMac = (int) lfoMacLong;
_rgLfo = new LFO[_lfoMac];
_rgLfoData = new LFOData[_lfoMac];

View File

@ -54,7 +54,9 @@ public class TestWordToConverterSuite
"password_tika_binaryrc4.doc",
"password_password_cryptoapi.doc",
// WORD 2.0 file
"word2.doc"
"word2.doc",
// Corrupt file
"Fuzzed.doc"
);
public static Stream<Arguments> files() {

Binary file not shown.

Binary file not shown.