Bug 51153

Summary: Buffer overrun exception while exporting XLS (with fix)
Product: POI Reporter: Chris <chris-dev>
Component: HSSFAssignee: POI Developers List <dev>
Severity: normal    
Priority: P2    
Version: 3.8-dev   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Chris 2011-05-05 04:13:23 UTC
I'm receiving a buffer overrun when writing a workbook to a byte steam and I believe I've found the issue. Unfortunately I can't share the spreadsheet so I'll explain the problem as best as possible.

Using revision 1099313 from SVN.

Original stack trace which indicates that the buffer isn't big enough for the serialised data:

Exception in thread "main" java.lang.RuntimeException: Buffer overrun
at org.apache.poi.util.LittleEndianByteArrayOutputStream.checkPosition(LittleEndianByteArrayOutputStream.java:56)
at org.apache.poi.util.LittleEndianByteArrayOutputStream.write(LittleEndianByteArrayOutputStream.java:100)
at org.apache.poi.hssf.record.SubRecord$UnknownSubRecord.serialize(SubRecord.java:117)
at org.apache.poi.hssf.record.ObjRecord.serialize(ObjRecord.java:205)
at org.apache.poi.hssf.usermodel.HSSFWorkbook$SheetRecordCollector.serialize(HSSFWorkbook.java:1248)
at org.apache.poi.hssf.usermodel.HSSFWorkbook.getBytes(HSSFWorkbook.java:1296)
at org.apache.poi.hssf.usermodel.HSSFWorkbook.write(HSSFWorkbook.java:1191)

Problem is in the file: trunk/src/java/org/apache/poi/hssf/record/LbsDataSubRecord.java:387 in the method getDataSize() where it goes "size += _unused;". For my spreadsheet the variable _unused can be -62 which results in the record's size being reported as negative and the allocated buffer ends up too small.

Proposed fix:

public int getDataSize() {
    int size = 6;
    size += StringUtil.getEncodedSize(_str);
    if (_unused != null) {
    return size;
Comment 1 Nick Burch 2011-05-06 01:28:28 UTC
I agree with your fix, it makes perfect sense

Committed in r1100017, thanks!