https://bz.apache.org/bugzilla/show_bug.cgi?id=61349
Bug ID: 61349 Summary: Add more sanity checks for byte[] allocation Product: POI Version: 3.17-dev Hardware: PC Status: NEW Severity: enhancement Priority: P2 Component: POI Overall Assignee: dev@poi.apache.org Reporter: talli...@mitre.org Target Milestone: --- Now that I've added sanity checks for byte[] allocation in EMF/WMF, fuzzing is finding other areas where we might want to do this -- see stacktrace below. For EMF/WMF, I set some arbitrary max lengths...should we do this more throughout the codebase to prevent ooms on corrupt files? Yet another OOM: Caused by: java.lang.OutOfMemoryError: Java heap space at java.lang.Object.clone(Native Method) at org.apache.poi.ddf.EscherComplexProperty.<init>(EscherComplexProperty.java:46) at org.apache.poi.ddf.EscherPropertyFactory.createProperties(EscherPropertyFactory.java:69) at org.apache.poi.ddf.AbstractEscherOptRecord.fillFields(AbstractEscherOptRecord.java:54) at org.apache.poi.ddf.EscherContainerRecord.fillFields(EscherContainerRecord.java:81) at org.apache.poi.ddf.EscherContainerRecord.fillFields(EscherContainerRecord.java:81) at org.apache.poi.hwpf.model.EscherRecordHolder.fillEscherRecords(EscherRecordHolder.java:56) at org.apache.poi.hwpf.model.EscherRecordHolder.<init>(EscherRecordHolder.java:45) at org.apache.poi.hwpf.HWPFDocument.<init>(HWPFDocument.java:280) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org