mirror of https://github.com/apache/poi.git
Limit allocated elements in the PlfLfo structure for word documents
Use large allocation-detection here as well, otherwise some documents can try to allocate too much memory. git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1896744 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
71f063b465
commit
729d78cda6
|
@ -26,6 +26,7 @@ import java.util.NoSuchElementException;
|
|||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.apache.poi.hwpf.model.types.LFOAbstractType;
|
||||
import org.apache.poi.util.IOUtils;
|
||||
import org.apache.poi.util.LittleEndian;
|
||||
import org.apache.poi.util.LittleEndianConsts;
|
||||
|
||||
|
@ -37,10 +38,11 @@ import static org.apache.logging.log4j.util.Unbox.box;
|
|||
* Documentation quoted from Page 424 of 621. [MS-DOC] -- v20110315 Word (.doc)
|
||||
* Binary File Format
|
||||
*/
|
||||
public class PlfLfo
|
||||
{
|
||||
public class PlfLfo {
|
||||
private static final Logger LOGGER = LogManager.getLogger(PlfLfo.class);
|
||||
|
||||
private static final int MAX_NUMBER_OF_LFO = 100_000;
|
||||
|
||||
/**
|
||||
* An unsigned integer that specifies the count of elements in both the
|
||||
* rgLfo and rgLfoData arrays.
|
||||
|
@ -76,6 +78,8 @@ public class PlfLfo
|
|||
+ Integer.MAX_VALUE + " elements" );
|
||||
}
|
||||
|
||||
IOUtils.safelyAllocateCheck(lfoMacLong, MAX_NUMBER_OF_LFO);
|
||||
|
||||
this._lfoMac = (int) lfoMacLong;
|
||||
_rgLfo = new LFO[_lfoMac];
|
||||
_rgLfoData = new LFOData[_lfoMac];
|
||||
|
|
|
@ -54,7 +54,9 @@ public class TestWordToConverterSuite
|
|||
"password_tika_binaryrc4.doc",
|
||||
"password_password_cryptoapi.doc",
|
||||
// WORD 2.0 file
|
||||
"word2.doc"
|
||||
"word2.doc",
|
||||
// Corrupt file
|
||||
"Fuzzed.doc"
|
||||
);
|
||||
|
||||
public static Stream<Arguments> files() {
|
||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue