Bug 58156 - [patch] Bug: Data corruption in hasPOIFSHeader and hasOOXMLHeader
Summary: [patch] Bug: Data corruption in hasPOIFSHeader and hasOOXMLHeader
Alias: None
Product: POI
Classification: Unclassified
Component: POIFS (show other bugs)
Version: 3.12-FINAL
Hardware: PC All
: P2 major (vote)
Target Milestone: ---
Assignee: POI Developers List
Depends on:
Reported: 2015-07-20 10:48 UTC by Stefan Kopf
Modified: 2015-07-20 14:06 UTC (History)
1 user (show)

Patch for Bug 58156 (1.19 KB, application/binary)
2015-07-20 10:54 UTC, Stefan Kopf

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Kopf 2015-07-20 10:48:29 UTC
If the InputStream has less than 4 (OOXML less than 8) bytes and is wrapped into a PushbackInputStream, the data in this PushbackInputStream gets corrupted.

Both methods try to read 4 (OOXML 8) bytes from the stream into a buffer and then push back this buffer. But these methods always push back the entire buffer, no matter how many bytes have actually been read from the stream. In the case that the stream contains less than 4 (OOXML 8) bytes, the PushbackInputStream is now extended to 4 (8) bytes with 0x00s.

This patch records the actual nember of bytes read from the stream only only pushes back this ammount of bytes.
Comment 1 Stefan Kopf 2015-07-20 10:54:52 UTC
Created attachment 32915 [details]
Patch for Bug 58156
Comment 2 Dominik Stadler 2015-07-20 14:06:15 UTC
Thanks for the patch, I don't think these happen usually as the files are always bigger than the few bytes header which is usually located at the beginning of the file, but these methods should "work as advertised" in all cases nevertheless naturally. 

I have applied the changes at r1691948, I found one more case in IOUtils.