moparisthebest
/
poi
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Bug 60906 -- clean up, and add range checking for casting to ints. 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1788295 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Tim Allison 2017-03-23 18:08:52 +00:00
parent 3d20031b56
commit 9dcb5d4c47
3 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ooxml/java/org/apache/poi/xssf/binary/XSSFBCellHeader.java
View File

@ -39,11 +39,11 @@ class XSSFBCellHeader {
* @param cell cell buffer to update * @param cell cell buffer to update
*/ */
public static void parse(byte[] data, int offset, int currentRow, XSSFBCellHeader cell) { public static void parse(byte[] data, int offset, int currentRow, XSSFBCellHeader cell) {
long colNum = LittleEndian.getUInt(data, offset); offset += LittleEndian.INT_SIZE; int colNum = XSSFBUtils.castToInt(LittleEndian.getUInt(data, offset)); offset += LittleEndian.INT_SIZE;
int styleIdx = XSSFBUtils.get24BitInt(data, offset); offset += 3; int styleIdx = XSSFBUtils.get24BitInt(data, offset); offset += 3;
//TODO: range checking //TODO: range checking
boolean showPhonetic = false;//TODO: fill this out boolean showPhonetic = false;//TODO: fill this out
cell.reset(currentRow, (int)colNum, styleIdx, showPhonetic); cell.reset(currentRow, colNum, styleIdx, showPhonetic);
} }
private int rowNum; private int rowNum;

4
src/ooxml/java/org/apache/poi/xssf/binary/XSSFBSharedStringsTable.java
View File

@ -133,8 +133,8 @@ public class XSSFBSharedStringsTable {
strings.add(rstr.getString()); strings.add(rstr.getString());
break; break;
case BrtBeginSst: case BrtBeginSst:
count = (int) LittleEndian.getUInt(data,0); count = XSSFBUtils.castToInt(LittleEndian.getUInt(data,0));
uniqueCount = (int) LittleEndian.getUInt(data, 4); uniqueCount = XSSFBUtils.castToInt(LittleEndian.getUInt(data, 4));
break; break;
} }

31
src/ooxml/java/org/apache/poi/xssf/binary/XSSFBSheetHandler.java
View File

@ -74,11 +74,11 @@ public class XSSFBSheetHandler extends XSSFBParser {
switch(type) { switch(type) {
case BrtRowHdr: case BrtRowHdr:
long rw = LittleEndian.getUInt(data, 0); int rw = XSSFBUtils.castToInt(LittleEndian.getUInt(data, 0));
if (rw > 0x00100000L) {//could make sure this is larger than currentRow, according to spec? if (rw > 0x00100000) {//could make sure this is larger than currentRow, according to spec?
throw new XSSFBParseException("Row number beyond allowable range: "+rw); throw new XSSFBParseException("Row number beyond allowable range: "+rw);
} }
currentRow = (int)rw; currentRow = rw;
checkMissedComments(currentRow); checkMissedComments(currentRow);
startRow(currentRow); startRow(currentRow);
break; break;
@ -142,9 +142,7 @@ public class XSSFBSheetHandler extends XSSFBParser {
beforeCellValue(data); beforeCellValue(data);
//xNum //xNum
double val = LittleEndian.getDouble(data, XSSFBCellHeader.length); double val = LittleEndian.getDouble(data, XSSFBCellHeader.length);
String formatString = styles.getNumberFormatString(cellBuffer.getStyleIdx()); handleCellValue(formatVal(val, cellBuffer.getStyleIdx()));
String formattedVal = dataFormatter.formatRawCellContents(val, cellBuffer.getStyleIdx(), formatString);
handleCellValue(formattedVal);
} }
private void handleCellSt(byte[] data) { private void handleCellSt(byte[] data) {
@ -183,26 +181,25 @@ public class XSSFBSheetHandler extends XSSFBParser {
beforeCellValue(data); beforeCellValue(data);
//xNum //xNum
double val = LittleEndian.getDouble(data, XSSFBCellHeader.length); double val = LittleEndian.getDouble(data, XSSFBCellHeader.length);
String formatString = styles.getNumberFormatString(cellBuffer.getStyleIdx()); handleCellValue(formatVal(val, cellBuffer.getStyleIdx()));
String formattedVal = dataFormatter.formatRawCellContents(val, cellBuffer.getStyleIdx(), formatString);
handleCellValue(formattedVal);
} }
private void handleCellRk(byte[] data) { private void handleCellRk(byte[] data) {
beforeCellValue(data); beforeCellValue(data);
double val = rkNumber(data, XSSFBCellHeader.length); double val = rkNumber(data, XSSFBCellHeader.length);
String formatString = styles.getNumberFormatString(cellBuffer.getStyleIdx()); handleCellValue(formatVal(val, cellBuffer.getStyleIdx()));
short styleIndex = styles.getNumberFormatIndex(cellBuffer.getStyleIdx()); }
String formattedVal = dataFormatter.formatRawCellContents(val, styleIndex, formatString);
handleCellValue(formattedVal); private String formatVal(double val, int styleIdx) {
String formatString = styles.getNumberFormatString(styleIdx);
short styleIndex = styles.getNumberFormatIndex(styleIdx);
return dataFormatter.formatRawCellContents(val, styleIndex, formatString);
} }
private void handleBrtCellIsst(byte[] data) { private void handleBrtCellIsst(byte[] data) {
beforeCellValue(data); beforeCellValue(data);
long idx = LittleEndian.getUInt(data, XSSFBCellHeader.length); int idx = XSSFBUtils.castToInt(LittleEndian.getUInt(data, XSSFBCellHeader.length));
//check for out of range, buffer overflow XSSFRichTextString rtss = new XSSFRichTextString(stringsTable.getEntryAt(idx));
XSSFRichTextString rtss = new XSSFRichTextString(stringsTable.getEntryAt((int)idx));
handleCellValue(rtss.getString()); handleCellValue(rtss.getString());
} }