58156 – [patch] Bug: Data corruption in hasPOIFSHeader and hasOOXMLHeader

Bug 58156 - [patch] Bug: Data corruption in hasPOIFSHeader and hasOOXMLHeader

Summary: [patch] Bug: Data corruption in hasPOIFSHeader and hasOOXMLHeader

Status:	RESOLVED FIXED

Alias:	None

Product:	POI
Classification:	Unclassified
Component:	POIFS (show other bugs)
Version:	3.12-FINAL
Hardware:	PC All

Importance:	P2 major (vote)
Target Milestone:	---
Assignee:	POI Developers List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-20 10:48 UTC by Stefan Kopf
Modified:	2015-07-20 14:06 UTC (History)
CC List:	1 user (show)

Attachments
Patch for Bug 58156 (1.19 KB, application/binary) 2015-07-20 10:54 UTC, Stefan Kopf	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Kopf 2015-07-20 10:48:29 UTC

If the InputStream has less than 4 (OOXML less than 8) bytes and is wrapped into a PushbackInputStream, the data in this PushbackInputStream gets corrupted.

Background:
Both methods try to read 4 (OOXML 8) bytes from the stream into a buffer and then push back this buffer. But these methods always push back the entire buffer, no matter how many bytes have actually been read from the stream. In the case that the stream contains less than 4 (OOXML 8) bytes, the PushbackInputStream is now extended to 4 (8) bytes with 0x00s.

This patch records the actual nember of bytes read from the stream only only pushes back this ammount of bytes.

Comment 1 Stefan Kopf 2015-07-20 10:54:52 UTC

Created attachment 32915 [details]
Patch for Bug 58156

Comment 2 Dominik Stadler 2015-07-20 14:06:15 UTC

Thanks for the patch, I don't think these happen usually as the files are always bigger than the few bytes header which is usually located at the beginning of the file, but these methods should "work as advertised" in all cases nevertheless naturally. 

I have applied the changes at r1691948, I found one more case in IOUtils.