Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

解析xls的时候 格式保护之后 size过大 内存溢出 #57

Open
yangjun2011022405 opened this issue Apr 22, 2019 · 8 comments
Open

解析xls的时候 格式保护之后 size过大 内存溢出 #57

yangjun2011022405 opened this issue Apr 22, 2019 · 8 comments

Comments

@yangjun2011022405
Copy link

No description provided.

@sergeilem
Copy link
Contributor

Please attach sample file.

@yangjun2011022405
Copy link
Author

对新建的xls表格进行如下操作后 https://jingyan.baidu.com/article/597035521917ee8fc00740d0.html
文件workbook.go中 235行
if phonetic_size > 0 {
var bts []byte
bts = make([]byte, phonetic_size)
err = binary.Read(buf, binary.LittleEndian, bts)
if err == io.EOF {
w.continue_apsb = phonetic_size
}
}
这个phonetic_size 值会非常大 make([]byte, phonetic_size) 会直接崩掉。

@sergeilem
Copy link
Contributor

try this fork: https://github.com/sergeilem/xls

@fengweiqiang
Copy link

试试这个分支:https//github.com/sergeilem/xls

您好,试了您的分支,还是出现了 内存溢出 @sergeilem
d1ee3514608b4fb49456e73d43245bc9.zip

@kingreatwill
Copy link

我也遇到类似的问题
oom.zip

image
image

@kingreatwill
Copy link

解决方案:https://github.com/shakinm/xlsReader

@pcjeff
Copy link

pcjeff commented Oct 21, 2020
edited
Loading

when xls files are encrypted, there will be a FilePass token (0x2f)
ref: https://stackoverflow.com/questions/25422599/parse-xls-file-with-protected-protected-workbook

we can stop parsing while reading in this token as a work around solution.

in workbook.go

 44 func (w *WorkBook) Parse(buf io.ReadSeeker) {
 45         b := new(bof)
 46         bof_pre := new(bof)
 47         // buf := bytes.NewReader(bts)
 48         offset := 0
 49         for {
 50                 if err := binary.Read(buf, binary.LittleEndian, b); err == nil {
 51                         // stop parsing if this file is encrypted
 52                         if b.Id == 0x2f { 
 53                                 break
 54                         }
 55                         bof_pre, b, offset = w.parseBof(buf, b, bof_pre, offset)
 56                 } else {
 57                         break
 58                 }
 59         }
 60 }

@rkfg
Copy link

rkfg commented Apr 13, 2021

@pcjeff thanks for this workaround! I can still open and see the .xls file contents in LibreOffice as well as edit it, but there's a padlock icon on the sheet tab. I'm not sure how exactly it "protects" the sheet. In my case this bug caused a huge allocation crashing my program with OOM in the end. I'd love to have support for encrypted/protected sheets but until then just skipping such files is acceptable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rkfg @pcjeff @yangjun2011022405 @kingreatwill @sergeilem @fengweiqiang