https://bz.apache.org/bugzilla/show_bug.cgi?id=61349
Bug ID: 61349
Summary: Add more sanity checks for byte[] allocation
Product: POI
Version: 3.17-dev
Hardware: PC
Status: NEW
Severity: enhancement
Priority: P2
Component: POI Overall
Assignee: dev@poi.apache.org
Reporter: talli...@mitre.org
Target Milestone: ---
Now that I've added sanity checks for byte[] allocation in EMF/WMF, fuzzing is
finding other areas where we might want to do this -- see stacktrace below.
For EMF/WMF, I set some arbitrary max lengths...should we do this more
throughout the codebase to prevent ooms on corrupt files?
Yet another OOM:
Caused by: java.lang.OutOfMemoryError: Java heap space
at java.lang.Object.clone(Native Method)
at
org.apache.poi.ddf.EscherComplexProperty.<init>(EscherComplexProperty.java:46)
at
org.apache.poi.ddf.EscherPropertyFactory.createProperties(EscherPropertyFactory.java:69)
at
org.apache.poi.ddf.AbstractEscherOptRecord.fillFields(AbstractEscherOptRecord.java:54)
at
org.apache.poi.ddf.EscherContainerRecord.fillFields(EscherContainerRecord.java:81)
at
org.apache.poi.ddf.EscherContainerRecord.fillFields(EscherContainerRecord.java:81)
at
org.apache.poi.hwpf.model.EscherRecordHolder.fillEscherRecords(EscherRecordHolder.java:56)
at
org.apache.poi.hwpf.model.EscherRecordHolder.<init>(EscherRecordHolder.java:45)
at org.apache.poi.hwpf.HWPFDocument.<init>(HWPFDocument.java:280)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org
