diff -up src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java.CVE-2012-0213 src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java
--- src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java.CVE-2012-0213 2012-03-17 07:18:56.000000000 -0600
+++ src/java/org/apache/poi/poifs/storage/BlockAllocationTableReader.java 2012-05-10 22:10:16.202991184 -0600
@@ -226,12 +226,10 @@ public final class BlockAllocationTableR
} catch(IOException e) {
if(currentBlock == headerPropertiesStartBlock) {
// Special case where things are in the wrong order
- _logger.log(POILogger.WARN, "Warning, header block comes after data blocks in POIFS block listing");
currentBlock = POIFSConstants.END_OF_CHAIN;
} else if(currentBlock == 0 && firstPass) {
// Special case where the termination isn't done right
// on an empty set
- _logger.log(POILogger.WARN, "Warning, incorrectly terminated empty data blocks in POIFS block listing (should end at -2, ended at 0)");
currentBlock = POIFSConstants.END_OF_CHAIN;
} else {
// Ripple up
diff -up src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java.CVE-2012-0213 src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java
--- src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java.CVE-2012-0213 2012-03-17 07:21:42.000000000 -0600
+++ src/scratchpad/src/org/apache/poi/hwpf/model/PropertyNode.java 2012-05-10 22:09:42.996434166 -0600
@@ -85,15 +85,11 @@ public abstract class PropertyNode<T ext
_buf = buf;
if(_cpStart < 0) {
- _logger.log(POILogger.WARN, "A property claimed to start before zero, at " + _cpStart + "! Resetting it to zero, and hoping for the best");
_cpStart = 0;
}
if ( _cpEnd < _cpStart )
{
- _logger.log( POILogger.WARN, "A property claimed to end (" + _cpEnd
- + ") before start! "
- + "Resetting end to start, and hoping for the best" );
_cpEnd = _cpStart;
}
}
diff -up src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java.CVE-2012-0213 src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java
--- src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java.CVE-2012-0213 2012-03-17 07:21:43.000000000 -0600
+++ src/scratchpad/src/org/apache/poi/hwpf/model/UnhandledDataStructure.java 2012-05-10 22:07:30.879770399 -0600
@@ -18,6 +18,7 @@
package org.apache.poi.hwpf.model;
import org.apache.poi.util.Internal;
+import java.util.Arrays;
@Internal
public final class UnhandledDataStructure
@@ -27,13 +28,12 @@ public final class UnhandledDataStructur
public UnhandledDataStructure(byte[] buf, int offset, int length)
{
// System.out.println("Yes, using my code");
- _buf = new byte[length];
- if (offset + length > buf.length)
+ if (offset + length > buf.length || (offset | length | offset+length) < 0)
{
throw new IndexOutOfBoundsException("buffer length is " + buf.length +
"but code is trying to read " + length + " from offset " + offset);
}
- System.arraycopy(buf, offset, _buf, 0, length);
+ _buf = Arrays.copyOfRange(buf, offset, offset + length);
}
byte[] getBuf()
distrib
>
Mageia
>
3
>
i586
>
media
>
core-release-src
>
by-pkgid
>
5090aa892df97509015af0b64f024ddc
>
files
>
3
