Bug 52337 - Section.getProperty(PropertyIDMap.PID_HEADINGPAIR) returns truncated byte array
Summary: Section.getProperty(PropertyIDMap.PID_HEADINGPAIR) returns truncated byte array
Status: RESOLVED FIXED
Alias: None
Product: POI
Classification: Unclassified
Component: HPSF (show other bugs)
Version: 3.8-dev
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on: 52385
Blocks: 52538
  Show dependency tree
 
Reported: 2011-12-15 02:55 UTC by Niklas Rehfeld
Modified: 2012-02-15 07:53 UTC (History)
0 users


Attachments
test document that causes the error. (112.00 KB, application/msword)
2011-12-15 02:55 UTC, Niklas Rehfeld 		Details
annotated hexdump of DocumentSummaryInformation block (1.29 KB, text/plain)
2011-12-15 03:00 UTC, Niklas Rehfeld 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Niklas Rehfeld 2011-12-15 02:55:52 UTC 
Created attachment 28072 [details]
test document that causes the error.

On certain office documents (attached is one where this happens) running the following code causes the array 'headings' truncated. So the last field (headParts) of the last VtHeadingPair is 5 or 6 bytes long instead of 8. (depending on the document)

---------------

PropertySet ps = PropertySetFactory.create(inStream);
 (!(ps instanceof DocumentSummaryInformation))
     return;
DocumentSummaryInformation dsi = (DocumentSummaryInformation) ps;
Section s = (Section) dsi.getSections().get(0);
Object hdrs = s.getProperty(PropertyIDMap.PID_HEADINGPAIR); 
byte[] headings = null;
if (hdrs == null)
     return;
headings = (byte[]) hdrs;

----------------

It happens with excel and word documents, but seemingly not with powerpoint ones. 

This problem occurs using POI 3.8 beta 6 (r1213215 from SVN, I think). It does not occur in 3.6+dfsg-2 from debian sid.

I've had a look through the Document, the relevant part (with my annotations) is: 

------------...
0000f8c0  fe ff 00 00 05 01 02 00  00 00 00 00 00 00 00 00  |................|
	 |order|vers |	sysid    |     clsid...
0000f8d0  00 00 00 00 00 00 00 00  02 00 00 00 02 d5 cd d5  |................|
		clsid...	  |#propsets=2|  fmtid 0      
0000f8e0  9c 2e 1b 10 93 97 08 00  2b 2c f9 ae 44 00 00 00  |........+,..D...|
		fmtid 0                       | offset0=68
0000f8f0  05 d5 cd d5 9c 2e 1b 10  93 97 08 00 2b 2c f9 ae  |............+,..|
				...fmtid 1...
0000f900  58 01 00 00 14 01 00 00  0c 00 00 00 01 00 00 00  |X...............| 
          offset1=344| PROPSET 0 Starts here...
0000f910  68 00 00 00 0f 00 00 00  70 00 00 00 05 00 00 00  |h.......p.......|
... etc ...
0000f9f0  61 20 74 65 73 74 00 0c  10 00 00 02 00 00 00 1e  |a test..........|
                              | type | pad |  count=1  |type=string 
0000fa00  00 00 00 06 00 00 00 54  69 74 6c 65 00 03 00 00  |.......Title....|
		  | length=6  |  string...       |type=int32
0000fa10  00 01 00 00 00 00 00 00  a8 00 00 00 03 00 00 00  |................|
	    |headparts=1|	  |-- PROPSET1 starts here
---------------

So the document seems well formed. 

I had a hunt around the POI source, but couldn't see anything obviously wrong. 

Using sun java 6 (1.6.0) 64 bit.
Comment 1 Niklas Rehfeld 2011-12-15 03:00:34 UTC 
Created attachment 28073 [details]
annotated hexdump of DocumentSummaryInformation block

The alignment on the original bug description didn't work, so here's a text file of it.
Comment 2 Yegor Kozlov 2012-01-10 07:07:46 UTC 
Thanks for the detailed investigation, it looks like the same issue as Bug 52385.

We confirmed the problem, the fix is on the way.

Yegor
Comment 3 Yegor Kozlov 2012-02-15 07:53:54 UTC 
Should be fixed in r1244388, junit added. 

Regards,
Yegor