Bug 58156

Summary: [patch] Bug: Data corruption in hasPOIFSHeader and hasOOXMLHeader
Product: POI Reporter: Stefan Kopf <stefan.kopf>
Component: POIFSAssignee: POI Developers List <dev>
Severity: major CC: stefan.kopf
Priority: P2    
Version: 3.12-FINAL   
Target Milestone: ---   
Hardware: PC   
OS: All   
Attachments: Patch for Bug 58156

Description Stefan Kopf 2015-07-20 10:48:29 UTC
If the InputStream has less than 4 (OOXML less than 8) bytes and is wrapped into a PushbackInputStream, the data in this PushbackInputStream gets corrupted.

Both methods try to read 4 (OOXML 8) bytes from the stream into a buffer and then push back this buffer. But these methods always push back the entire buffer, no matter how many bytes have actually been read from the stream. In the case that the stream contains less than 4 (OOXML 8) bytes, the PushbackInputStream is now extended to 4 (8) bytes with 0x00s.

This patch records the actual nember of bytes read from the stream only only pushes back this ammount of bytes.
Comment 1 Stefan Kopf 2015-07-20 10:54:52 UTC
Created attachment 32915 [details]
Patch for Bug 58156
Comment 2 Dominik Stadler 2015-07-20 14:06:15 UTC
Thanks for the patch, I don't think these happen usually as the files are always bigger than the few bytes header which is usually located at the beginning of the file, but these methods should "work as advertised" in all cases nevertheless naturally. 

I have applied the changes at r1691948, I found one more case in IOUtils.