Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,105 Commits 24 Branches 101 Tags 244 MiB
Commit Graph

220 Commits

Author SHA1 Message Date
Dominik Stadler 0dea4a301c Bug 66425: Avoid exceptions found via poi-fuzz 
Processing formats uses regular expressions. Very complex formats
can recurse very deeply and thus can cause StackOVerflows depending
on the used stack-size.

In order to handle this a bit more gracefully, we now catch this
and report a better exception with details about the parsed 
format and potential mitigation.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66137

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919342 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-18 07:09:32 +00:00
Dominik Stadler 09fbfd5be4 Bug 66425: Avoid exceptions found via poi-fuzz 
Avoid a possible OutOfMemoryException with many child-records

This avoids having too many children in EscherRecords, the limit of
100_000 is arbitrarily chosen and can be adjusted if needed  

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62924 and maybe others

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919272 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-16 05:26:42 +00:00
Dominik Stadler 2582e5e0c1 Bug 66425: Avoid exceptions found via poi-fuzz 
Avoid a possible StackOverflowException

This adds support of counting of the "nesting level" into the base 
EscherRecord and thus makes this existing limitation much more effective
as it kicks in for more types of nested records. 

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66374

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919256 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-15 13:02:43 +00:00
Dominik Stadler 719e7154a1 Optimize generating numbers for bullets in Word 
Using char[] instead of String improves performance of this
operation considerably, especially in JDK 11+ where StringBuilder
was switched to work on bytes instead of chars.

This is likely only relevant for very large documents, it was visible
in a synthetic test-file from fuzzing.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919239 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-15 05:41:14 +00:00
Dominik Stadler a971751238 Reformat and add more tests 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919238 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-15 05:41:10 +00:00
Dominik Stadler e2044c958b Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent too much memory usage

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67413

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919237 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-15 05:41:04 +00:00
PJ Fanning 7e86ff1bb0 use standard ASF header 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1918804 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-01 23:06:36 +00:00
PJ Fanning f56eea8e45 BoundedInputStream deprecation warnings 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1918175 13f79535-47bb-0310-9956-ffa450edef68
 2024-06-05 16:31:36 +00:00
Dominik Stadler 3f243f65ab Change one exception to warning-log to avoid regressions in mass-tests 
This avoids "breaking" a few documents which could be opened before.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1918118 13f79535-47bb-0310-9956-ffa450edef68
 2024-06-02 11:31:31 +00:00
Dominik Stadler f490e43442 Apply IDE suggestions and ignore sonar false positive 
Use NullOutputStream.INSTANCE
Rework one test slightly

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1918116 13f79535-47bb-0310-9956-ffa450edef68
 2024-06-02 09:39:51 +00:00
Axel Howind 39a1ced25e fix Logging issues: 
- don't use foreign class in Logger initialization
- update log statements to use MessageFormat syntax

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915930 13f79535-47bb-0310-9956-ffa450edef68
 2024-02-21 21:28:04 +00:00
PJ Fanning 6a8994ee0e try to fix poi-scratchpad test module-info 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915701 13f79535-47bb-0310-9956-ffa450edef68
 2024-02-10 01:27:06 +00:00
Dominik Stadler 147c96da67 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a few NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65450 and
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63907 and
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63727

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915480 13f79535-47bb-0310-9956-ffa450edef68
 2024-01-30 21:01:46 +00:00
Dominik Stadler 94ace1c4b0 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64943

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915004 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 19:39:31 +00:00
Dominik Stadler 8e3b60f63d Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent StackOverflow via endless nesting

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65303

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914989 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 11:11:32 +00:00
PJ Fanning c7324182ad try to javadoc more unsupported methods 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914785 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-19 20:27:49 +00:00
Dominik Stadler c7329fbd38 Bug 66425: Avoid exceptions found via poi-fuzz 
Change an assertion which can be triggered via an
input-document.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63309

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914403 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-06 19:49:45 +00:00
Dominik Stadler 219954c07c Close document always in SlideShowRecordDumper 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1913795 13f79535-47bb-0310-9956-ffa450edef68
 2023-11-15 10:22:49 +00:00
Dominik Stadler 56eb1ccff6 Bug 66425: Avoid exceptions found via poi-fuzz 
Fix one expected exception-text which is different
on newer Java versions

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63143

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1913384 13f79535-47bb-0310-9956-ffa450edef68
 2023-10-27 10:08:04 +00:00
Tim Allison f869dc6f74 Bug 67767 - bump max picture size 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1913004 13f79535-47bb-0310-9956-ffa450edef68
 2023-10-16 10:42:53 +00:00
Dominik Stadler 5cd4fa5488 Bug 66425: Avoid Exceptions found via oss-fuzz 
We try to avoid throwing ClassCastExceptions,
but it was possible to trigger one here with a specially
crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62795

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912796 13f79535-47bb-0310-9956-ffa450edef68
 2023-10-07 22:12:43 +00:00
Dominik Stadler c331c5d26a Bug 66425: Avoid a NullPointerException found via oss-fuzz 
We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62626

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912792 13f79535-47bb-0310-9956-ffa450edef68
 2023-10-07 22:12:18 +00:00
Dominik Stadler 360c05d9e3 Bug 66425: Avoid exceptions found via poi-fuzz 
We try to avoid throwing NullPointerException, ClassCastExceptions 
and StackOverflowException, but it was possible to trigger them

Also improve some exception messages

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62698
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62606
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62685

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912707 13f79535-47bb-0310-9956-ffa450edef68
 2023-10-03 06:05:30 +00:00
PJ Fanning bbc98b5cd3 commons-io 2.14.0 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912638 13f79535-47bb-0310-9956-ffa450edef68
 2023-10-01 01:34:13 +00:00
Dominik Stadler c79fb75cbc Bug 66425: Avoid exceptions found via poi-fuzz 
We try to avoid throwing NullPointerException, ClassCastExceptions and StackOverflowException, but it was possible
to trigger them

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62548 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62564

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912464 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-21 15:06:28 +00:00
Tim Allison 99117381e5 Bug47950 -- make stream/directory name lookup in OLE2 case insensitive 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912438 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-20 20:32:59 +00:00
Dominik Stadler ce919673c4 Bug 66425: Avoid exceptions found via poi-fuzz 
We try to avoid throwing NullPointerException, ClassCastExceptions and StackOverflowException, but it was possible
to trigger them

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62530 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62491

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912433 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-20 14:55:19 +00:00
Dominik Stadler c32699c5b0 Adjust max recursion nesting 
Otherwise this still triggered StackOverflow on some version of JDK

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912403 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-18 18:25:56 +00:00
Dominik Stadler 88bbfbb3f7 Bug 66425: Avoid exceptions found via poi-fuzz 
We try to avoid throwing NullPointerException, ClassCastExceptions and StackOverflowException, but it was possible
to trigger them

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61562
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62068

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912383 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-18 06:38:37 +00:00
PJ Fanning 4299690639 use files nio APIs in more places 
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912367 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-17 15:29:16 +00:00
Dominik Stadler 9e2ce70d2b Bug 66425: Avoid NullPointerExceptions and ClassCastExceptions found via poi-fuzz 
We try to avoid throwing NullPointerException and ClassCastExceptions, but it was possible
to trigger them

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62414
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62442
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62450

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912365 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-17 14:38:24 +00:00
Dominik Stadler dbd8808432 Bug 66425: Avoid a NullPointerException found via oss-fuzz 
We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62216

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912250 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-11 18:25:01 +00:00
Dominik Stadler 5cb768379d Bug 66425: Avoid a NullPointerException found via oss-fuzz 
We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62128

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912199 13f79535-47bb-0310-9956-ffa450edef68
 2023-09-08 16:02:13 +00:00
Dominik Stadler 2999073715 Apply some IDE suggestions, add tests, set unit-test to isolated 
Without Isolation, one test did change static settings 
and thus could cause flaky tests

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911891 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-24 08:53:01 +00:00
Dominik Stadler fd29772be6 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61578

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911860 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-23 08:26:27 +00:00
Dominik Stadler 9ae14ef6f0 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61400

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911618 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-12 17:37:14 +00:00
Dominik Stadler f034ca26b9 Bug 66425: Avoid a NullPointerException found via oss-fuzz 
We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61372

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911603 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-11 14:46:04 +00:00
Dominik Stadler 80264d5648 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61330

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911586 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-10 06:14:44 +00:00
Dominik Stadler 316738c9d0 Bug 66425: Avoid a NullPointerException found via oss-fuzz 
Handle some data that can be missing properly.

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61332

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911585 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-10 04:54:25 +00:00
Dominik Stadler 107def2e65 Bug 66425: Avoid a StackOverflowException found via oss-fuzz 
We try to avoid causing StackOverflow, but it was possible
to trigger one here with a specially crafted input-file.

This puts a limit on the number of nested children in place
and logs a warning when the Stream is not fully parsed.

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61256

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911577 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-09 16:16:49 +00:00
Dominik Stadler ccec6c4bf8 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61306

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911573 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-09 10:09:16 +00:00
Dominik Stadler fdeae16b0c Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61317

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911565 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-09 07:23:04 +00:00
Dominik Stadler 2e8afc0c01 Bug 66425: Avoid a StackOverflowException found via oss-fuzz 
We try to avoid causing StackOverflow, but it was possible
to trigger one here with a specially crafted input-file.

This puts a limit on the number of nested properties in place
and logs a warning when the StyleSheet is not fully parsed.

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61252

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911563 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-09 05:45:21 +00:00
Dominik Stadler 1b7613329e Bug 66425: Add memory-safeguard in one more place 
We try to generally avoid overly large allocations in places
where arrays are allocated. 

We add one more such check for pictures in HSLF.

We might need to increase the used value of 10MB if users report 
larger files being used frequently. 

Overriding this check via IOUtils is possible.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911525 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-07 20:35:59 +00:00
Dominik Stadler f3997b49ef Bug 66425: Avoid a ClassCastException found via oss-fuzz 
Fix previous changes

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911522 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-07 19:59:04 +00:00
Dominik Stadler 8e40aabb18 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61259

Also fix handling of NullPointerException

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911517 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-07 16:18:46 +00:00
Dominik Stadler 2c5264277a Bug 66425: Avoid an AssertionError found via oss-fuzz 
We try to avoid throwing AssertionError to be triggered by input data, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911514 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-07 14:32:11 +00:00
Dominik Stadler f6b1435db1 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61243

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911507 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-07 12:09:31 +00:00
Dominik Stadler a8b31c37a6 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
Add exception details and fix expected exceptions to make tests run again

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911503 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-07 11:11:08 +00:00
Dominik Stadler 1e8e95c3a6 Bug 66425: Avoid a ClassCastException found via oss-fuzz 
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Also rework test a bit to use try-with-resources and proper formatting

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61221

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911494 13f79535-47bb-0310-9956-ffa450edef68
 2023-08-06 14:57:47 +00:00