From dev-return-43402-archive-asf-public=cust-asf.ponee.io@poi.apache.org Thu Jan 2 18:16:25 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 0B0AF180647 for ; Thu, 2 Jan 2020 19:16:24 +0100 (CET) Received: (qmail 42849 invoked by uid 500); 2 Jan 2020 18:16:24 -0000 Mailing-List: contact dev-help@poi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "POI Developers List" Delivered-To: mailing list dev@poi.apache.org Received: (qmail 42837 invoked by uid 99); 2 Jan 2020 18:16:24 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Jan 2020 18:16:24 +0000 Received: from bz-he-de.apache.org (bz-he-de.apache.org [148.251.237.210]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id 4AD6AE027F for ; Thu, 2 Jan 2020 18:16:23 +0000 (UTC) Received: by bz-he-de.apache.org (ASF Mail Server at bz-he-de.apache.org, from userid 33) id 177226A006A; Thu, 2 Jan 2020 18:16:22 +0000 (UTC) From: bugzilla@apache.org To: dev@poi.apache.org Subject: [Bug 64045] New: XSSFWorkbook constructor doesn't close ZipFile if an exception occurs Date: Thu, 02 Jan 2020 18:16:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: POI X-Bugzilla-Component: XSSF X-Bugzilla-Version: 4.1.1-FINAL X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: radistao@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@poi.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 https://bz.apache.org/bugzilla/show_bug.cgi?id=3D64045 Bug ID: 64045 Summary: XSSFWorkbook constructor doesn't close ZipFile if an exception occurs Product: POI Version: 4.1.1-FINAL Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: XSSF Assignee: dev@poi.apache.org Reporter: radistao@gmail.com Target Milestone: --- Created attachment 36943 --> https://bz.apache.org/bugzilla/attachment.cgi?id=3D36943&action=3Dedit Corrupted XLSX file with malformed _rels/.rels XML When a user creates XSSFWorkbook instance from some file or stream resource, but exception happens in the process, ZipFile can't be closed by the develo= per (neither explicitly catching an exception nor using `try-with-resource` statement), but closes later invoking ZipFile#finalize() during garbage collecting.=20 The message "Cleaning up unclosed ZipFile for archive ..." is printed to stderr. Because the behavior is depended on encapsulated GC behavior it's hard to supply a simple working code snippet to reproduce.=20 The bug is observable in a web application when multiple XLSX files are uploaded and parsed with some time pauses. But from the source code perspective it could be also understood. Imagine we want to print sheets number in an XLSX workbook: 1)=20 try (final var workbook =3D new XSSFWorkbook(inputFile)) { System.out.println(workbook.getNumberOfSheets()); } catch (Exception e) { // constructor throws POIXMLException, or XMLException, or InvalidFormatException // workbook is null } 2) The steps in the source code starting from XSSFWorkbook(File)=20 XSSFWorkbook(File) -> OPCPackage#open(File) -> ZipPackage(File) -> ZipFile(= ...) =20=20=20 https://github.com/apache/poi/blob/a0770034fcc878a697b715d0b6a6e53406b2d02d= /src/ooxml/java/org/apache/poi/xssf/usermodel/XSSFWorkbook.java#L324 =20=20=20 https://github.com/apache/commons-compress/blob/master/src/main/java/org/ap= ache/commons/compress/archivers/zip/ZipFile.java#L363 This creates a private ZipFile closable instance inside OPCPackage and continues the workbook constructor XSSFWorkbook(OPCPackage pkg): POIXMLDocument(OPCPackage pkg) -> POIXMLDocumentPart(OPCPackage pkg, String coreDocumentRel) -> POIXMLDocumentPart#getPartFromOPCPackage(OPCPackage pkg, String coreDocumentRel) -> throw new POIXMLException("OOXML file structure broken/invalid - no core document found!"); =20=20=20 https://github.com/apache/poi/blob/a0770034fcc878a697b715d0b6a6e53406b2d02d= /src/ooxml/java/org/apache/poi/ooxml/POIXMLDocumentPart.java#L753 Even if we catch the exception we can't close/release the ZipFile instance because it's private! In the same time we don't have a XSSFWorkbook to close/autoclose it in case of an exception. The object is detached from the thread and becomes available for GC, but the file stream is still not closed! Note: 1) other ZIP/OOXML parsers likely affected (like DOCX, PPTX) 2) other exceptions (like "POIXMLException: org.apache.xmlbeans.XmlExceptio= n: error: DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.") also create such detached closable source instances. 2) Some methods have proper exception handlers, like OPCPackage#open(File, PackageAccess): https://github.com/apache/poi/blob/a0770034fcc878a697b715d0b6a6e53406b2d02d= /src/ooxml/java/org/apache/poi/openxml4j/opc/OPCPackage.java#L228 catch (InvalidFormatException | RuntimeException e) { IOUtils.closeQuietly(pack); throw e; } --=20 You are receiving this mail because: You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org For additional commands, e-mail: dev-help@poi.apache.org