Bug 51153 - Buffer overrun exception while exporting XLS (with fix)
Summary: Buffer overrun exception while exporting XLS (with fix)
Status: RESOLVED FIXED
Alias: None
Product: POI
Classification: Unclassified
Component: HSSF (show other bugs)
Version: 3.8-dev
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-05 04:13 UTC by Chris
Modified: 2011-05-06 01:28 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris 2011-05-05 04:13:23 UTC
I'm receiving a buffer overrun when writing a workbook to a byte steam and I believe I've found the issue. Unfortunately I can't share the spreadsheet so I'll explain the problem as best as possible.

Using revision 1099313 from SVN.

Original stack trace which indicates that the buffer isn't big enough for the serialised data:

Exception in thread "main" java.lang.RuntimeException: Buffer overrun
at org.apache.poi.util.LittleEndianByteArrayOutputStream.checkPosition(LittleEndianByteArrayOutputStream.java:56)
at org.apache.poi.util.LittleEndianByteArrayOutputStream.write(LittleEndianByteArrayOutputStream.java:100)
at org.apache.poi.hssf.record.SubRecord$UnknownSubRecord.serialize(SubRecord.java:117)
at org.apache.poi.hssf.record.ObjRecord.serialize(ObjRecord.java:205)
at org.apache.poi.hssf.usermodel.HSSFWorkbook$SheetRecordCollector.serialize(HSSFWorkbook.java:1248)
at org.apache.poi.hssf.usermodel.HSSFWorkbook.getBytes(HSSFWorkbook.java:1296)
at org.apache.poi.hssf.usermodel.HSSFWorkbook.write(HSSFWorkbook.java:1191)

Problem is in the file: trunk/src/java/org/apache/poi/hssf/record/LbsDataSubRecord.java:387 in the method getDataSize() where it goes "size += _unused;". For my spreadsheet the variable _unused can be -62 which results in the record's size being reported as negative and the allocated buffer ends up too small.

Proposed fix:

public int getDataSize() {
    int size = 6;
    size += StringUtil.getEncodedSize(_str);
    if (_unused != null) {
      size++;
    }
    return size;
}
Comment 1 Nick Burch 2011-05-06 01:28:28 UTC
I agree with your fix, it makes perfect sense

Committed in r1100017, thanks!