Bug 61294

Summary:	IOUtils.skipFully can run into infinite loop
Product:	POI	Reporter:	Tim Allison <tallison>
Component:	POI Overall	Assignee:	POI Developers List <dev>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	P2
Version:	3.16-dev
Target Milestone:	---
Hardware:	PC
OS:	All

Description Tim Allison 2017-07-13 15:19:43 UTC

Luis Filipe Nassif, over on TIKA-2428, reported that the EMFParser can hit an infinite loop on corrupt files.  IOUtils.skipfully can run into an infinite loop.

We need to change readSoFar to a long to avoid overflow; we need to account for FileInputStream alleging that it skipped more bytes than were available; and we need to account for an InputStream returning 0, which can happen for a) because it wanted to but there are still bytes available() or b) it hit the end of the InputStream.  In the last case, where bytes are available and the full length has not been skipped, we need to fallback to read() to make sure read doesn't hit a -1.

Comment 1 bjrke 2017-08-25 08:11:37 UTC

to find the issue, simply execute
IOUtils.skipFully(new ByteArrayInputStream(new byte[0]), 1);

Comment 2 bjrke 2017-08-25 08:57:59 UTC

this is fixed by https://github.com/apache/poi/commit/c7db66a30dfb6cbbd5812ff3ae4c90ed2d9b9a27

Comment 3 Dominik Stadler 2017-08-25 11:51:51 UTC

I added this test via r1806162, so this bug seems to be fixed already for some time.

Comment 4 Tim Allison 2017-08-28 13:50:54 UTC

Y, sorry.  I forgot to close/resolve this issue...