Loading an invalid compound document file

[nmnhut2010]

I found that the method CompoundFile.LoadDirectories fail to handle the case where the starting sector of a directory entry is invalid.

With the sample file FTC07.zip, the starting sector of the directory entry #42 is equal to 6553868 which is invalid. Adding the below line to Line 685, we can check directoryEntries[42].StartSetc Console.WriteLine(directoryEntries[42].StartSetc); // 6553868

We should check de.StartSetc in the method CompoundFile.LoadDirectories. If de.StartSetc is greater than this.sectors.Count, we should raise an exception that the file is invalid.

private void LoadDirectories()
{
	List<Sector> directoryChain
		= GetSectorChain(header.FirstDirectorySectorID, SectorType.Normal);

	if (header.FirstDirectorySectorID == Sector.ENDOFCHAIN)
		header.FirstDirectorySectorID = directoryChain[0].Id;

	StreamView dirReader
		= new StreamView(directoryChain, GetSectorSize(), directoryChain.Count * GetSectorSize(), sourceStream);


	while (dirReader.Position < directoryChain.Count * GetSectorSize())
	{
		IDirectoryEntry de
		= DirectoryEntry.New(String.Empty, StgType.StgInvalid, directoryEntries);

		//We are not inserting dirs. Do not use 'InsertNewDirectoryEntry'
		de.Read(dirReader);
                // We should check de.StartSetc here
                if(de.StartSetc > sectors.Count)
                {
                        throw new CFException("Compound File is invalid");    
                }
	}
}

Sorry for my bad description about the issue. Best regards, Nhut M. Ngo

[bormm]

@nmnhut2010 @salaros This project is a old fork of the original OpenMcdf source hosted on sourceforge. I would recommend using and improving the original now, after it also moved to github a while ago: (https://github.com/ironfede/openmcdf).