Bug 56865 - Limit number of bytes (by counting them) while opening office docs
Summary: Limit number of bytes (by counting them) while opening office docs
Alias: None
Product: POI
Classification: Unclassified
Component: POI Overall (show other bugs)
Version: 3.11-dev
Hardware: PC Mac OS X 10.4
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
Depends on: 50090
  Show dependency tree
Reported: 2014-08-17 15:54 UTC by Christian Schneider
Modified: 2015-06-23 23:40 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Christian Schneider 2014-08-17 15:54:20 UTC
It would be good to limit the bytes in org.apache.poi.openxml4j.util.ZipInputStreamZipEntrySource with a FilterStream that counts the number of bytes up to a defined (configurable) value:

The class org.apache.poi.openxml4j.util.ZipInputStreamZipEntrySource.FakeZipEntry uses in its constructor the Java class java.util.zip.ZipInputStream for decompressing the office files. Here the instance of this class could be wrapped with another java.io.FilterInputStream that performs the byte counting, as discussed on the private@poi.apache.org mailing list.

Checking just the ZipEntry's entry.getSize() is not enough, since this value can be spoofed.
Comment 1 Andreas Beeker 2015-06-23 23:40:10 UTC
Fixed with r1687148