Index: src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java
===================================================================
--- src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java (revision 1054688)
+++ src/ooxml/java/org/apache/poi/xssf/util/EvilUnclosedBRFixingInputStream.java (working copy)
@@ -59,6 +59,8 @@
System.arraycopy(spare, 0, b, off, spare.length);
int ret = spare.length;
spare = null;
+ // Need to do a fixup here
+ ret = fixUp(b, off, ret);
return ret;
}
@@ -73,11 +75,11 @@
}
private int fixUp(byte[] b, int offset, int read) {
- // Find places to fix
+ // Find places to fix, including partials at the end
ArrayList
tag, or skip a partial
spare = new byte[overshoot];
System.arraycopy(b, b.length-overshoot, spare, 0, overshoot);
read -= overshoot;
@@ -103,8 +135,9 @@
// positions are valid
for(int j=fixAt.size()-1; j>=0; j--) {
int i = fixAt.get(j);
-
- byte[] tmp = new byte[read-i-3];
+ int xpos = read - i - 3;
+ if (xpos < 0) continue;
+ byte[] tmp = new byte[xpos];
System.arraycopy(b, i+3, tmp, 0, tmp.length);
b[i+3] = (byte)'/';
System.arraycopy(tmp, 0, b, i+4, tmp.length);
Index: src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java
===================================================================
--- src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java (revision 1054681)
+++ src/ooxml/testcases/org/apache/poi/xssf/util/TestEvilUnclosedBRFixingInputStream.java (working copy)
@@ -70,6 +70,39 @@
assertEquals(fixed, result);
}
+ public void testBufferSize() throws Exception {
+ byte[] orig_root = "
There!