Sanity check the length, logging and truncating if too long, to avoid a StringIndexOutOfBoundsException (bug #54925)
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1496520 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
456f6171d9
commit
84a00d8d4b
@ -273,6 +273,7 @@ public final class StyleTextPropAtom extends RecordAtom
|
|||||||
while(pos < rawContents.length && textHandled < prsize) {
|
while(pos < rawContents.length && textHandled < prsize) {
|
||||||
// First up, fetch the number of characters this applies to
|
// First up, fetch the number of characters this applies to
|
||||||
int textLen = LittleEndian.getInt(rawContents,pos);
|
int textLen = LittleEndian.getInt(rawContents,pos);
|
||||||
|
textLen = checkTextLength(textLen, textHandled, size);
|
||||||
textHandled += textLen;
|
textHandled += textLen;
|
||||||
pos += 4;
|
pos += 4;
|
||||||
|
|
||||||
@ -308,6 +309,7 @@ public final class StyleTextPropAtom extends RecordAtom
|
|||||||
while(pos < rawContents.length && textHandled < chsize) {
|
while(pos < rawContents.length && textHandled < chsize) {
|
||||||
// First up, fetch the number of characters this applies to
|
// First up, fetch the number of characters this applies to
|
||||||
int textLen = LittleEndian.getInt(rawContents,pos);
|
int textLen = LittleEndian.getInt(rawContents,pos);
|
||||||
|
textLen = checkTextLength(textLen, textHandled, size);
|
||||||
textHandled += textLen;
|
textHandled += textLen;
|
||||||
pos += 4;
|
pos += 4;
|
||||||
|
|
||||||
@ -345,6 +347,15 @@ public final class StyleTextPropAtom extends RecordAtom
|
|||||||
|
|
||||||
initialised = true;
|
initialised = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private int checkTextLength(int readLength, int handledSoFar, int overallSize) {
|
||||||
|
if (readLength + handledSoFar > overallSize + 1) {
|
||||||
|
logger.log(POILogger.WARN, "Style length of " + readLength + " at " + handledSoFar +
|
||||||
|
" larger than stated size of " + overallSize + ", truncating");
|
||||||
|
return overallSize + 1 - handledSoFar;
|
||||||
|
}
|
||||||
|
return readLength;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user