[Bug 61349] New: Add more sanity checks for byte[] allocation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 61349] New: Add more sanity checks for byte[] allocation

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=61349

            Bug ID: 61349
           Summary: Add more sanity checks for byte[] allocation
           Product: POI
           Version: 3.17-dev
          Hardware: PC
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: POI Overall
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

Now that I've added sanity checks for byte[] allocation in EMF/WMF, fuzzing is
finding other areas where we might want to do this -- see stacktrace below.

For EMF/WMF, I set some arbitrary max lengths...should we do this more
throughout the codebase to prevent ooms on corrupt files?


Yet another OOM:

Caused by: java.lang.OutOfMemoryError: Java heap space
        at java.lang.Object.clone(Native Method)
        at
org.apache.poi.ddf.EscherComplexProperty.<init>(EscherComplexProperty.java:46)
        at
org.apache.poi.ddf.EscherPropertyFactory.createProperties(EscherPropertyFactory.java:69)
        at
org.apache.poi.ddf.AbstractEscherOptRecord.fillFields(AbstractEscherOptRecord.java:54)
        at
org.apache.poi.ddf.EscherContainerRecord.fillFields(EscherContainerRecord.java:81)
        at
org.apache.poi.ddf.EscherContainerRecord.fillFields(EscherContainerRecord.java:81)
        at
org.apache.poi.hwpf.model.EscherRecordHolder.fillEscherRecords(EscherRecordHolder.java:56)
        at
org.apache.poi.hwpf.model.EscherRecordHolder.<init>(EscherRecordHolder.java:45)
        at org.apache.poi.hwpf.HWPFDocument.<init>(HWPFDocument.java:280)

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...