Apache POI creates xlsx file which it can't open later. Zip bomb detected

0
votes

When I create xlsx file with Apache POI sometimes (when the file is big) it creates such a file that can't be opened by this same Apache POI while MS Excel or LibreOffice Calc open it without problems.

When I try to open this workbook with Apache POI it says that

Zip bomb detected

I can open it only if I call ZipSecureFile.setMinInflateRatio(0) or resave it in LibreOffice (MS Excel doesn't help here).

How to fix this? Why POI creates file which it can't open?

1
javaexcelapache-poi
In my answer to this Question I have told something about how zip bomb detection works. So not "POI creates file which it can't open" but you are doing this with your code. Probably because you are using test data which are exactly the same thousands of times and so leads to unlikely data compression rates .Axel Richter
the data is real, it is copied from another xlsx (which is created in MS Excel) with some changes. That source xlsx is opened and read perfectly, generated isn't (with POI). And as I said if I save it without any changes in libreOffice it's opened without any problems, so the problem is definitely not in datamykola

1 Answers

2
votes

Simply do as the error message suggests and set the limits differently via

ZipSecureFile.setMinInflateRatio(0)

You seem to have a rather special use-case which produces a file that is similar to some files that malicious users could use to make your server crash, use up CPU or go out of memory. To avoid this, Apache POI has this limit, but allows to set it differently if needed. So if the file is not coming from untrusted users, you can easily adjust these limits to avoid the error message.

Excel or LibreOffice might optimize the file-content more than Apache POI does and thus produce a file that does not reach these limits.