https://bz.apache.org/bugzilla/show_bug.cgi?id=58499
Bug ID: 58499
Summary: ZipSecureFile throws zip bomb detected
Product: POI
Version: 3.13-dev
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: SXSSF
Assignee: [email protected]
Reporter: [email protected]
When using 3.13 SXSSFWorkbook fails with exception
java.io.IOException: Zip bomb detected! The file would exceed certain limits
which usually indicate that the file is used to inflate memory usage and thus
could pose a security risk. You can adjust these limits via
setMinInflateRatio() and setMaxEntrySize() if you need to work with files which
exceed these limits. Counter: 408576, cis.counter: 4080, ratio:
0.009985902255639098Limits: MIN_INFLATE_RATIO: 0.01, MAX_ENTRY_SIZE: 4294967295
Problem is that SXSSFWorkbook.write creates template file.
File tmplFile = TempFile.createTempFile("poi-sxssf-template", ".xlsx")
in my case it looks like
-rw-r--r--. 1 root root 7095 10-16 14:00
poi-sxssf-template5548165903088413476.xlsx
when uncompressed this file produces 1085244 bytes of content, so compresscion
ratio is 0.0065377002 - exception is thrown with MIN_INFLATE_RATIO: 0.01, so
this template file cannot be read by POI (which later inject data into this
file).
I'm marking this bug with severity major, because 3.13 is not able to produce
SXSSF workbooks.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
