(poi) branch trunk updated: depth check in property table

Wed, 23 Jul 2025 09:49:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

fanningpj pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/poi.git


The following commit(s) were added to refs/heads/trunk by this push:
     new c76be2df41 depth check in property table
c76be2df41 is described below

commit c76be2df413bb15b8d431eb98005b66df7e484df
Author: PJ Fanning <[email protected]>
AuthorDate: Wed Jul 23 17:48:52 2025 +0100

    depth check in property table
---
 .../java/org/apache/poi/poifs/property/PropertyTable.java   | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java 
b/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java
index 062627ae52..e0142f02c3 100644
--- a/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java
+++ b/poi/src/main/java/org/apache/poi/poifs/property/PropertyTable.java
@@ -111,7 +111,7 @@ public final class PropertyTable implements BATManaged {
         Property property = _properties.get(0);
         if (property != null) {
             if (property instanceof DirectoryProperty) {
-                populatePropertyTree((DirectoryProperty) property);
+                populatePropertyTree((DirectoryProperty) property, 0);
             } else {
                 throw new IOException("Invalid format, cannot convert property 
" + property + " to DirectoryProperty");
             }
@@ -227,7 +227,14 @@ public final class PropertyTable implements BATManaged {
        _header_block.setPropertyCount(countBlocks());
     }
 
-    private void populatePropertyTree(DirectoryProperty root) throws 
IOException {
+    // Maximum depth of the property tree to prevent stackoverflow errors
+    private static int MAX_PROPERTY_DEPTH = 1000;
+
+    private void populatePropertyTree(final DirectoryProperty root, final int 
depth) throws IOException {
+        if (depth > MAX_PROPERTY_DEPTH) {
+            throw new IOException("Property tree too deep, likely a corrupt 
file");
+        }
+
         int index = root.getChildIndex();
 
         if (!Property.isValidIndex(index)) {
@@ -246,7 +253,7 @@ public final class PropertyTable implements BATManaged {
 
             root.addChild(property);
             if (property.isDirectory()) {
-                populatePropertyTree(( DirectoryProperty ) property);
+                populatePropertyTree((DirectoryProperty) property, depth + 1);
             }
             index = property.getPreviousChildIndex();
             if (isValidIndex(index)) {


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to