|Summary:||IOUtils.skipFully can run into infinite loop|
|Product:||POI||Reporter:||Tim Allison <tallison>|
|Component:||POI Overall||Assignee:||POI Developers List <dev>|
Description Tim Allison 2017-07-13 15:19:43 UTC
Luis Filipe Nassif, over on TIKA-2428, reported that the EMFParser can hit an infinite loop on corrupt files. IOUtils.skipfully can run into an infinite loop. We need to change readSoFar to a long to avoid overflow; we need to account for FileInputStream alleging that it skipped more bytes than were available; and we need to account for an InputStream returning 0, which can happen for a) because it wanted to but there are still bytes available() or b) it hit the end of the InputStream. In the last case, where bytes are available and the full length has not been skipped, we need to fallback to read() to make sure read doesn't hit a -1.
Comment 1 bjrke 2017-08-25 08:11:37 UTC
to find the issue, simply execute IOUtils.skipFully(new ByteArrayInputStream(new byte), 1);
Comment 2 bjrke 2017-08-25 08:57:59 UTC
Comment 3 Dominik Stadler 2017-08-25 11:51:51 UTC
I added this test via r1806162, so this bug seems to be fixed already for some time.
Comment 4 Tim Allison 2017-08-28 13:50:54 UTC
Y, sorry. I forgot to close/resolve this issue...