diff --git a/build.xml b/build.xml
index cdcd7924e..f6ecddc0c 100644
--- a/build.xml
+++ b/build.xml
@@ -401,6 +401,8 @@ under the License.
file="${main.src.test}/org/apache/poi/hpsf/data"/>
+
diff --git a/src/documentation/content/xdocs/changes.xml b/src/documentation/content/xdocs/changes.xml
index 336ac0615..b0dab58f4 100644
--- a/src/documentation/content/xdocs/changes.xml
+++ b/src/documentation/content/xdocs/changes.xml
@@ -37,6 +37,7 @@
+ 44857 - Avoid OOM on unknown escher records when EscherMetafileBlip is incorrect
HSLF: Support for getting embedded sounds from slide show
HSLF: Initial support for rendering slides into images
HSLF: Support for getting OLE object data from slide show
diff --git a/src/documentation/content/xdocs/status.xml b/src/documentation/content/xdocs/status.xml
index c61f2b1db..3a74e26f3 100644
--- a/src/documentation/content/xdocs/status.xml
+++ b/src/documentation/content/xdocs/status.xml
@@ -34,6 +34,7 @@
+ 44857 - Avoid OOM on unknown escher records when EscherMetafileBlip is incorrect
HSLF: Support for getting embedded sounds from slide show
HSLF: Initial support for rendering slides into images
HSLF: Support for getting OLE object data from slide show
diff --git a/src/java/org/apache/poi/ddf/EscherMetafileBlip.java b/src/java/org/apache/poi/ddf/EscherMetafileBlip.java
index f2dc1bb01..99faa61bc 100644
--- a/src/java/org/apache/poi/ddf/EscherMetafileBlip.java
+++ b/src/java/org/apache/poi/ddf/EscherMetafileBlip.java
@@ -83,8 +83,11 @@ public class EscherMetafileBlip
field_6_fCompression = data[pos]; pos++;
field_7_fFilter = data[pos]; pos++;
- raw_pictureData = new byte[field_5_cbSave];
- System.arraycopy( data, pos, raw_pictureData, 0, field_5_cbSave );
+ // Bit of a snag - trusting field_5_cbSave results in inconsistent
+ // record size in some cases. So, just check the data left
+ int remainingBytes = bytesAfterHeader - 50;
+ raw_pictureData = new byte[remainingBytes];
+ System.arraycopy( data, pos, raw_pictureData, 0, remainingBytes );
// 0 means DEFLATE compression
// 0xFE means no compression
diff --git a/src/testcases/org/apache/poi/ddf/TestEscherContainerRecord.java b/src/testcases/org/apache/poi/ddf/TestEscherContainerRecord.java
index 7c139827b..0f1fc9c73 100644
--- a/src/testcases/org/apache/poi/ddf/TestEscherContainerRecord.java
+++ b/src/testcases/org/apache/poi/ddf/TestEscherContainerRecord.java
@@ -18,13 +18,24 @@
package org.apache.poi.ddf;
+import java.io.File;
+import java.io.FileInputStream;
+
import junit.framework.TestCase;
import org.apache.poi.util.HexRead;
import org.apache.poi.util.HexDump;
+import org.apache.poi.util.IOUtils;
public class TestEscherContainerRecord extends TestCase
{
- public void testFillFields() throws Exception
+ private String ESCHER_DATA_PATH;
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ ESCHER_DATA_PATH = System.getProperty("DDF.testdata.path");
+ }
+
+ public void testFillFields() throws Exception
{
EscherRecordFactory f = new DefaultEscherRecordFactory();
byte[] data = HexRead.readFromString( "0F 02 11 F1 00 00 00 00" );
@@ -137,4 +148,19 @@ public class TestEscherContainerRecord extends TestCase
assertEquals(18, r.getRecordSize());
}
+ /**
+ * We were having problems with reading too much data on an UnknownEscherRecord,
+ * but hopefully we now read the correct size.
+ */
+ public void testBug44857() throws Exception {
+ File f = new File(ESCHER_DATA_PATH, "Container.dat");
+ assertTrue(f.exists());
+
+ FileInputStream finp = new FileInputStream(f);
+ byte[] data = IOUtils.toByteArray(finp);
+
+ // This used to fail with an OutOfMemory
+ EscherContainerRecord record = new EscherContainerRecord();
+ record.fillFields(data, 0, new DefaultEscherRecordFactory());
+ }
}
diff --git a/src/testcases/org/apache/poi/ddf/data/Container.dat b/src/testcases/org/apache/poi/ddf/data/Container.dat
new file mode 100644
index 000000000..c1b544777
Binary files /dev/null and b/src/testcases/org/apache/poi/ddf/data/Container.dat differ