From 89e7fbe6cdc88968644f8588f66979dcc8531af7 Mon Sep 17 00:00:00 2001 From: Dominik Stadler Date: Thu, 28 Dec 2017 08:45:36 +0000 Subject: [PATCH] Bug 61911: Avoid IndexOutOfBounds access when reading pictures git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1819403 13f79535-47bb-0310-9956-ffa450edef68 --- .../poi/hssf/usermodel/RecordsStresser.java | 5 +---- .../apache/poi/stress/HWPFFileHandler.java | 14 +++++++++----- .../org/apache/poi/hwpf/model/StyleSheet.java | 16 ++++++++++++++++ .../apache/poi/hwpf/usermodel/TestBugs.java | 18 ++++++++++++++---- test-data/document/61911.doc | Bin 0 -> 28160 bytes 5 files changed, 40 insertions(+), 13 deletions(-) create mode 100644 test-data/document/61911.doc diff --git a/src/integrationtest/org/apache/poi/hssf/usermodel/RecordsStresser.java b/src/integrationtest/org/apache/poi/hssf/usermodel/RecordsStresser.java index 1b712f788e..7367757f48 100644 --- a/src/integrationtest/org/apache/poi/hssf/usermodel/RecordsStresser.java +++ b/src/integrationtest/org/apache/poi/hssf/usermodel/RecordsStresser.java @@ -68,13 +68,10 @@ public class RecordsStresser { // a test-case to test this locally without executing the full TestAllFiles @Test public void test() throws Exception { - InputStream stream = new FileInputStream("test-data/spreadsheet/15556.xls"); - try { + try (InputStream stream = new FileInputStream("test-data/spreadsheet/15556.xls")) { HSSFWorkbook wb = new HSSFWorkbook(stream); handleWorkbook(wb); wb.close(); - } finally { - stream.close(); } } } diff --git a/src/integrationtest/org/apache/poi/stress/HWPFFileHandler.java b/src/integrationtest/org/apache/poi/stress/HWPFFileHandler.java index 13e198d169..59f34870c6 100644 --- a/src/integrationtest/org/apache/poi/stress/HWPFFileHandler.java +++ b/src/integrationtest/org/apache/poi/stress/HWPFFileHandler.java @@ -21,9 +21,12 @@ import static org.junit.Assert.assertNotNull; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; +import java.util.List; import org.apache.poi.hwpf.HWPFDocument; import org.apache.poi.hwpf.extractor.WordExtractor; +import org.apache.poi.hwpf.model.PicturesTable; +import org.apache.poi.hwpf.usermodel.Picture; import org.junit.Test; public class HWPFFileHandler extends POIFSFileHandler { @@ -33,7 +36,11 @@ public class HWPFFileHandler extends POIFSFileHandler { assertNotNull(doc.getBookmarks()); assertNotNull(doc.getCharacterTable()); assertNotNull(doc.getEndnotes()); - + + PicturesTable picturesTable = doc.getPicturesTable(); + List pictures = picturesTable.getAllPictures(); + assertNotNull(pictures); + handlePOIDocument(doc); } @@ -54,11 +61,8 @@ public class HWPFFileHandler extends POIFSFileHandler { stream = new FileInputStream(file); try { - WordExtractor extractor = new WordExtractor(stream); - try { + try (WordExtractor extractor = new WordExtractor(stream)) { assertNotNull(extractor.getText()); - } finally { - extractor.close(); } } finally { stream.close(); diff --git a/src/scratchpad/src/org/apache/poi/hwpf/model/StyleSheet.java b/src/scratchpad/src/org/apache/poi/hwpf/model/StyleSheet.java index 4f057fb3aa..8811bfb1f0 100644 --- a/src/scratchpad/src/org/apache/poi/hwpf/model/StyleSheet.java +++ b/src/scratchpad/src/org/apache/poi/hwpf/model/StyleSheet.java @@ -304,6 +304,10 @@ public final class StyleSheet { return NIL_CHP; } + if (styleIndex == -1) { + return NIL_CHP; + } + return (_styleDescriptions[styleIndex] != null ? _styleDescriptions[styleIndex] .getCHP() : NIL_CHP); } @@ -318,6 +322,10 @@ public final class StyleSheet { return NIL_PAP; } + if (styleIndex == -1) { + return NIL_PAP; + } + if (_styleDescriptions[styleIndex] == null) { return NIL_PAP; } @@ -338,6 +346,10 @@ public final class StyleSheet { return NIL_CHPX; } + if (styleIndex == -1) { + return NIL_CHPX; + } + if (_styleDescriptions[styleIndex] == null) { return NIL_CHPX; } @@ -358,6 +370,10 @@ public final class StyleSheet { return NIL_PAPX; } + if (styleIndex == -1) { + return NIL_PAPX; + } + if (_styleDescriptions[styleIndex] == null) { return NIL_PAPX; } diff --git a/src/scratchpad/testcases/org/apache/poi/hwpf/usermodel/TestBugs.java b/src/scratchpad/testcases/org/apache/poi/hwpf/usermodel/TestBugs.java index 4ba83bb767..4bced587d4 100644 --- a/src/scratchpad/testcases/org/apache/poi/hwpf/usermodel/TestBugs.java +++ b/src/scratchpad/testcases/org/apache/poi/hwpf/usermodel/TestBugs.java @@ -38,10 +38,7 @@ import org.apache.poi.hwpf.converter.AbstractWordUtils; import org.apache.poi.hwpf.converter.WordToTextConverter; import org.apache.poi.hwpf.extractor.Word6Extractor; import org.apache.poi.hwpf.extractor.WordExtractor; -import org.apache.poi.hwpf.model.FieldsDocumentPart; -import org.apache.poi.hwpf.model.FileInformationBlock; -import org.apache.poi.hwpf.model.PlexOfField; -import org.apache.poi.hwpf.model.SubdocumentType; +import org.apache.poi.hwpf.model.*; import org.apache.poi.poifs.filesystem.NPOIFSFileSystem; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.util.IOUtils; @@ -903,4 +900,17 @@ public class TestBugs{ HWPFDocument document = HWPFTestDataSamples.openSampleFile("ca.kwsymphony.www_education_School_Concert_Seat_Booking_Form_2011-12.doc"); document.close(); } + + @Test + public void test61911() throws IOException { + HWPFDocument document = HWPFTestDataSamples.openSampleFile("61911.doc"); + + PicturesTable picturesTable = document.getPicturesTable(); + List pictures = picturesTable.getAllPictures(); + assertNotNull(pictures); + assertEquals(0, pictures.size()); + + document.close(); + + } } diff --git a/test-data/document/61911.doc b/test-data/document/61911.doc new file mode 100644 index 0000000000000000000000000000000000000000..5d38dbe7605554e2383849c5092d2353adf2334c GIT binary patch literal 28160 zcmeHQ2Ut_tw%!Q=LPrn;EF2IOkt%{%XjTLZf^}3hKoBG(m;`%a5DPOFEMvu9Kt~-1 z%Q&c`$k;npY}l1i2gHIsZ>@83LWsh^yEFHD_r7eu|Lnfj+H0?~&u)hE=jz>A`?K9$ zqTvFF4*9GwAbM))90<2&;-_J*8K-*;MvA};zkU3gp^qv#7-mx zdKMg?kN`tMOiA>p=urki20?Ucm4`mhnz%seM3=N!ggF`mI5(xw#44W(g_$Z+U6?KK z3mu3xVdCiLG-Sdx`SscA;A1CXbicBmy6*?+uOQtR3p8SUHh*GELVD^z8lTi z%DAQ<-^3}-xLLRmp z>myxt$I@ecww-JljJJWF^?`cUkT|yqlcVV){WQqZq@x)}{ir*Zj(S>c!fbo0qla{* zK*$34^{WlRT9!#u%FpVFwKwX|Hi`oIMb$gNrvCwYi2&MhP|sA2$0LZN-G+f)J;6u& zLnl|3y9#!It|PPq>th^Ek>!the}`lFu(a6zLO!u#MQ)YOuEa zS^Anjt7px0%{a@P?MF@juktm^|6Osmzcl6jt2irfUH$6l;@E5m5Ze*b9;{xMSin=C z9$M?lLtFmet$`jf@lUa#w1sPzc0*xo|p%nv*`EIwU-lNBV-F6k@d_AuW4q6u2ZI%*K7xj06UIw zZ2-oZ=W!{kb^mo5Fx6{HEWjwna?FUns&za9uR0Cfv8f4YPX8p3_diKrlQy- zO998LsfTo(VSKv=N`C^Vj!r7j$OP1t|9?Y08)&yPzz+}t7z9B5P64p(^8?)t0=xzA zL7z5&0e~q0bI?5n@B{<_?m$`@fIwKA_s{A@^L@hI#^E6xUJ^__#Q+S|NvI7?NdP{~uz4`IhDj)%CTO})5=@mV z){;4CxSO%Yz^?y=87KSaM%D>N5rJ?*c3jbaETGr@+67WD@8u; z%&O!zB4I!=0rY`;)iKDk&j|tPY?O6PzfzZi^DrC{#89U`{cdQEJAQ-$Db{iPK#GP+N_?=$6jH1q zgPn#9-Dnwp=5zxY?36W4zNq=v5(JSJFwW(3fW%?)tqii5{ykk+Fo!BWi*1V z!8EiL+=vhW0!R}WY6>}Esd`P66imKC0qt%a*d1C!W4eBQs9#^H&AYTV8!PKu)KFi& zO~zG5@c#NIRp`@bzT?r@4KsOdhQO{9H(Hy=T$@G|m+KdJ(6Tth(Xu48E4z$HsfGP7~KZsAF z0D@2pD33BaaHBy+2PH+Tzoe)xCj~wCCEY4ghw1R@gI4&U9|ux$+w35Y(v86MEx{iG z+r@I&L>}I6e6mnB%za#vXzTn_y$d|eyHf9<*xY05CLKDy%*p!1 zwcPCfA1Znl_Un{GS&LkYyen39xGz0mufMxsX;yaVPvxCjIX!LIeb~n0wtb4W4aoS` z&ZeVaquJ6|dB5#WvDH?9m8?Y}iQ zckU$LsMEdk74=8F4t!#H@$}RoQ$ZuJfkDEn=xgJZ?8k>dPre*Nf02hv;S|Ed9iQp* z&W$SYG@e;H{lK&fllvAH*fbmCu`#o=$NI_SuJhD*$A&i=KE2WBn4aN2e)@*eip~C? zw}1cc?xM$(_3|xx1@}4!o{GOa#{b~dv=h@eWH;jv8J9d`{lpu)hwl%+u)gCNuZ9~# z_IUnaVK%F%&;E$*onkMXFfR=4dZSIW)70$wqlaI$U%JZnj&IM4udO4lwjHs3Ud{={ z&H~TVtNP?m{mJ!VSDv`-qMiv4qSxkl+>bnvnIqhCsmb}>d*5C81Woy}p^4)cTTg?A zeh0tzA@guGtN9u7@-_;wrj(%<56eIGYo@ z=2#Z@I4DzYSqOR<2b=jfR^;XocPNV$4?>_L!#fp~qx;|~y+>q<{b>TOh zPnx~}HV_IZ=5~OZ*h~|=Q0!-e&wStTgw;X)^1wEem%P5bZC-x)x<2Qwd++%x-z;lOm*Jp>_e|<2|>zdPwK*yi947t@m;>0T3 zMxKIhp7JGAN-zI(d*bWck(Y0si)wyp-=U%Ai{E^FzjAr$UHMsSr#TZo?=0F-_`=_z zZ(h)%je8$Uc9aF~t9Uy6R@d&Wj~cuQ3b5*)^Y~cA_PJa7d(9L${kg-c_uYNX?i(y9 zJGuUkwDn=%PtYcVSTxy>^+vm&iyoT$nF@!yvUZ94rP^Zj`*(P=kH(U zb(%HDCgRUw)b*Ew8M^zj?k*{;aJI1c?a4czPmc$d-rBZq{m@w_b#iCi?4o!m{q@kj z{c9gTxG>l&!8|?q$Kg+|5|@h6_uuUG5nH`)L(V+jQ8@eiZ98w-=(W2-g!4>qt$&j< z_?NO7pC2`OJS8W3p^4t4A&OAN%SeDp-@lCJLrjdUxDg9iw zS~BJ7rw=nFQ{TOxS9EFLIKjQ*PtV7eetvPTV)IO^C7Z^5$Sy7Z^!C$@K*i_bQ$Jl_ zd*IxKWd^I~^NdRC{q|~AF3E@%l`wvbL)LV6Ql3PaS`vrbKr)JN-z`5VMRmXlZ+qhNRE*|%9H+;q3Z2qvl zkD9EzR9-&rKw6`)p)NDM_QVIQb^gKmaLdK3-p^eb^K8(q2I+&w_&1ZC zE6%a|vq?7VV;>&w-NSChwR1<>r8}3e@+?VP-Fo88oUvs(p=Nm>+T}0a7no(TDtLxZ z%O5!Fej6;C=}{UJccfI_c?o}CM6cB?27LEic5n9F{Pww>KJa3`bHBiiDJ^1?b7sn_jt++ni(1aT#tFz?vGVtw!3k+^9nQ=< z^mNmiW8r^T3?v;ly_8wLofTA}|KeVolQEq3v+o4tyzVi3D|gfF=^dil-YhTf|HkIo zsRq__T0INP%)h$$+uy|}_h0q(?y}9`Wa=`9C#{E;Sa)%)SmL;4@2H=5M~V|9*9%R~ zHy+%pPp3k&F+m*;^m%*m>Ety9<322rG+Oce{;Lk+BLi~t;<9DV%NmuwYCAJ|->@^8 zFLd9%TCu#|H`#qWFU|inJLSg3n{V2DR!r_Aiw`Uw(|YFnIX8MAooRZ1&%zUC0|R=u zi1hV1e>F#E-m^8`?LRo__nEvny>Ro*@JWuZ^5>-%dw*|W?9y)Xm5lEr5A`>mx8-y` z&)WT7$fH2R1g49N{&xD-mRir)NKXu*fa9;OvB9jYV-k z^rr^Ty?Qvhk?EG$8RFfiboO^T5ZAC|+7&lWvx$u@j>h_CY?{_(VuzgB8|J0t$D3MA z5ZX`gdNqID`b&~wyN_{mtfIcPzuDwt&(e1S;z;oxk3OH}v1oPcfszA1u6*a^Kl%95 z0lc7T2j-*}UL1Dh^_}udf8>VmOUrh%=(e}WX_rtwtwr=(+pO-{b_WdSJbj-xB=6F? z?4D~MPdo3Du&YC9%;?DB({75zYc?-y8UM$yHy;Ohr)Mr(-~Zh3!)v`dHg7en@!Bae z2fO^0r-qh`3W}X}Zrz*N)al;oJMBwiizo*R*}MfC9{>2T0T4Lruzbh?j=|l9&8|-0 zRla$?PBy6eRI^oK7oQ)Ul`DT^Xd7_K>a1k<+cWv03%2Fox;Soh$;t~pQ@^8rKRjlb zZE`U0X5&lViSGQNGpsVU&OW&E@S^NtFMUIgh5OEZ;?iw=SFeTR^{#H-zh-^0VM80q zyXE<7X7niUG|qZ6H_`6$mQ7tRANOmtHP7BUVzKvvxWV4rwyxWo(bxW($7U`Lgf6 zF`@=S-&scopw}>I%6farP;Ks9Ox=!=z z$$w3BnLei3&>=FO$%TFuPJ^$fx|K&f8ltmmzfTK)#i?(una!A!JZN*u;nB_F^>&B0 zc-FSnCr{CpV}b*|c5R}91@lKonC;y6-eBm6^S!3T{B*2B{Cwf_#%ETx3)|AO_~byJ z(UTL0OZ>#o4=l^es_^IbczkL=OkvU({cWMY6s_);c419qiRqAOCv$v6^O~<0Tr24v z_3rj`J^fFQJmcqd_+h|gzpcD&%hwf`47eV={({-{PiOs}96Wi$X3+S>0n#C<<9&Xb zsL=h|6vX60=IT8#^=JqalolFO5N6&*f7jI}BFcGKFT=y0_0ucT#_}bSi+Sero8Ovs ze%mFT^anmBzJX4CpFKC(?#g$cDfn$!!oDRdPgusZzU>vi#g5;;In;R5i z-8-YGL+p+bX>%oQpIeQbALiVvxl@F*yVp{wX^YT>S?9m&_bzq2-}-q29yqSw6nuQ& z`H+f~$!lJ$;7mH=bRgP%;$>pHIDENc=O;hAjFBGp*26yc4VD#6*L7ZZ^z@ykE4K9H zog9*v_j@rkjG29LxNfj4sBU5o#njwars?5fRS9U$R4Z$Hfo?7uLUc8%&oBgVry>%{0<6 z5GH{X+!MmfG5(HT?w*d6P#hzPO%RXtckJJz4qEcACAFO)e32ACLj z6ts^KNqY&BDIg%0wHNq1#>?f&?L9o;%8)QgAaj=_3&oHZM_*flsC1-9tW+=-2q%d= z;P#NON0J~x>_|nA^zwHU$-NvY`8Wv0CPFBBWNS=ojcE{yO@xpjCI%K|P(m4CQy`y7 zQI+v#Q@q(SZP=7HY>E$?;=`u+vMIif6kK`|Cqj$RbEM)Vq7Wv54LN!Qp!Ncw3t?eE z@5{2c2w}$(4446)E8*@G0&kc$1MCJkgZ^Crt^f}JE=2Ke1>Hf)FrNKw2Ed^&$ptim za!movlyxi}>MN{LnJ1jdl?6c=pioA^lLItR4iJw9vQQ5PktQ!tXy!h)f~2OVk_u=C z9655!LLh@8{4$^cOM7q-Fe5r;u;B_mugsZFHz=c9jrnShOAP6HSO>;4tiUZ>0KT~z zK@RLj*O?&HL4qhiC-5zljF1+pHj)^X;q~W(Ah9_)Ma!*#C!g?iuonV#ICNv`m0<-s z8+Ied-24$TiKvTZ_{y#ckAnM=!rQlo6F&!crEd(t~YVW#B6vRhBT;fb{Qyx|7PFG;W zR@J2gl?38BRSCp%R0KFm0$i1iR1&EqaGqP0z@suJ+ysR-!QstId! zs}fkFt0KUwRTKF7RSEF*RRnZv)r4ezRRYO;6#>0kHQ|~;RRY%xR0Q;E)r26Ussw_J zR0Q}yfPTTWh6Jy3O)rzykm{xXg(2ZcR`cszixH`20yPXM?1)q|ff~B8b|X>^uQNL$ z)hs~`N@Pc*nhBVjR(+k#O;xXR?M9?K=2Z#YF;@{_N2Ho1*kM_fzz$0l0d_>HnLw&_ zRRXEjDgrnnp&>P>{GO;n%!eh5s6K631U_w9MD5eYfwNG2jccy1G$U1Y)px0O)s;r1 zs;>H|)ULYHgjCg4UxeCKR~nG2x@tJDU3I1TsH&^Xr*_qq#-pmPGM?I1SDKEhy2^BF zS6yj1s_H7k!RqQWR@P>i*&`ccX8V;f`T~}E6lVIG4ym$Ep-_+E85qW44o@B`i&%jF z-r9(~GBhJALmLsit9oKY2-#^IPM^_rZaA9YC1||boI7w18DWx14m++Pwk|p3ivKaP z%j`1g>vx4bcYjMV8hxgzvU6XIplvIHbW%C=ItkZG=y1-?hFPD>t~+q?bq8nrLAa1X z0{R*kIxrO*!8)cCv+Uuriyt`oW5c*i>)s?2NO8G(I=Vbvt`1M(PVNjDN8hBU$v45)HHVHB9>b~lh$Q2oPBhdM zLCo8o=5D0NuX3jt|GWDGpzAbSkR z$w;08DHQ1iPrQ1N0@4t;2834-82ST2&#A2TX-dpPUp28{jIq$O#B;mnS`Ze{02{(SW3E53?Q6?$H`A>X4d{R7E#T?G zTcC%$x#W(*iF8t`iL3_6&>?TMUdCFmhwZ*ZMVxd0PLv`FRK>RBXM}THb|L8QW z$58r+=h9zyeC4QI2HAX$GgAmYP*bY|eSHb!Zv9ny)$yTsIKNs06YXy<7O^F6LL8|m z6!@W2cSd0JILcREXu&INBjIvecSx5)7~ggZF40KA_EW(2@j~2}4(|`3%`?h325!di z-7yA>$FGi>`wSl>LuT=+mdc2CXZq^$cYWf`f1J-Jty=6X@`MuMAUBR+D1IscyJ8jq zdt(s*8Lk270(JrLOLPc;U2qA2yJOD)*l_%hE+`J}f8p&tC-8CP_f+!m10TO&LEz&o zAq0Hn_W+pS?iRw7TL^N~+?p;Ro9Q(;m; zN<6BS<>9Lg!{|bKCB#T2GD)1A>Jt~25F@1UzoMQAK&t_*2DBQ`YCx+2tp>Cj&}u-d0j&nK8u)i zb@mPbuIKjxa3}c?0N4M=0Z98gKz*H$b-Ifr(EXBvhqBhSq5{pw)m@16mDeHK5gi zRs&iMXf>eKfK~%q4QMs+AD{tT+u}MH*Uh;4#dSQce(~I%55T|efxjz+>vvq6<2oJB z=yBbT>vCM@<5@ng=j#LTFBRaL9@qVNUTzD(-)zG_!hn|&@Q)?nTG}2!0g%2U_)P&$ zfM$T^fEEB}0Oq@Z-wNOga09plJOG{m%>M-NR)#T-(7M`b051_TS4z6V_h)$1Rsc}D$~4_zthG1Hjpy04xTCD()`hG zQI6VF#XBf3(SX1Wgx2FPnsos`hQ5x-{BjJF``1r9;E(SRtAoF;!IW^pmj@jDkQdDr zFLI*p@fW4yXqhktuTJ7GN>%Tifj?>--`(1_-vP;~_-nSjZu0mk^z4bk@JHL#j+g2h{Qni^K=13o z2Oe9kId)TE8