https://bz.apache.org/bugzilla/show_bug.cgi?id=66412
Bug ID: 66412
Summary: [PATCH] Support SST records with incorrect string
count not at the end of the stream
Product: POI
Version: 5.3.x-dev
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: HSSF
Assignee: dev@poi.apache.org
Reporter: simon.car...@cloudpay.net
Target Milestone: ---
This patch fixes #65543. It includes a new unit test.
The current behaviour is: read the number of strings in the string table. Then
attempt to read that many number of strings. Using subsequent records if
needed. If there are less strings present than reported, pad the internal
string table with empty strings. This only works when there are no more records
in the stream.
This patch adds a check to ensure that the next record is a continuation
record. If it is not then the internal string table is padded as before.
Index: poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java
===================================================================
--- poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java
(revision 1906402)
+++ poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java
(working copy)
@@ -49,7 +49,7 @@
for (int i=0;i<stringCount;i++) {
// Extract exactly the count of strings from the SST record.
UnicodeString str;
- if (in.available() == 0 && !in.hasNextRecord()) {
+ if (in.available() == 0 && (!in.hasNextRecord() || in.getNextSid()
!= ContinueRecord.sid)) {
LOG.atError().log("Ran out of data before creating all the
strings! String at index {}", box(i));
str = new UnicodeString("");
} else {
Index: poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java
===================================================================
--- poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java
(revision 1906402)
+++ poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java
(working copy)
@@ -120,4 +120,23 @@
assertEquals( "At a dinner party orAt At At ", strings.get( 0 ) + ""
);
}
+
+ /**
+ * Ensure that invalid SST records with an incorrect number of strings
specified, does not consume non-continuation records.
+ */
+ @Test
+ void test65543() throws IOException {
+ final byte[] sstRecord = readSampleHexData("notenoughstrings.txt",
"sst-record", SSTRecord.sid);
+ byte[] nonContinuationRecord =
readSampleHexData("notenoughstrings.txt", "non-continuation-record",
ExtSSTRecord.sid);
+ RecordInputStream in =
TestcaseRecordInputStream.create(concat(sstRecord, nonContinuationRecord));
+
+ IntMapper<UnicodeString> strings = new IntMapper<>();
+ SSTDeserializer deserializer = new SSTDeserializer( strings );
+
+ // The record data in notenoughstrings.txt only contains 1 string,
deliberately pass in a larger number.
+ deserializer.manufactureStrings( 2, in );
+
+ assertEquals( "At a dinner party or", strings.get( 0 ) + "" );
+ assertEquals( "", strings.get( 1 ) + "" );
+ }
}
Index: test-data/spreadsheet/notenoughstrings.txt
===================================================================
--- test-data/spreadsheet/notenoughstrings.txt (nonexistent)
+++ test-data/spreadsheet/notenoughstrings.txt (working copy)
@@ -0,0 +1,13 @@
+[sst-record]
+14 00 # String length 0x14=20
+01 # Option flag, 16bit
+# String: At a dinner party or
+41 00 74 00 20 00 61 00 20 00
+64 00 69 00 6E 00 6E 00 65 00
+72 00 20 00 70 00 61 00 72 00
+74 00 79 00 20 00 6F 00 72 00
+
+# This is not a complete record
+# It only matters that the record type is not 0x003C
+[non-continuation-record]
+00 11 22 33
Property changes on: test-data/spreadsheet/notenoughstrings.txt
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
