Bug 66425: Avoid exceptions found via poi-fuzz

Prevent too deep nesting by throwing an exception
instead of just not parsing more nesting-levels as
this still caused OOMs.

Allow to adjust the limit via static setter as elsewhere
to give users a chance to parse very complicated files
if really necessary.

https://issues.oss-fuzz.com/issues/42528505

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923277 13f79535-47bb-0310-9956-ffa450edef68

Author: centic9

poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java

@@ -30,7 +30,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more
 public class PointerContainingStream extends Stream { // TODO - instantiable superclass
     private static final Logger LOG = PoiLogManager.getLogger(PointerContainingStream.class);
 
-    private static final int MAX_CHILDREN_NESTING = 500;
+    private static int MAX_CHILDREN_NESTING = 500;
 
     private final Pointer[] childPointers;
     private Stream[] childStreams;
@@ -42,7 +42,7 @@ protected PointerContainingStream(Pointer pointer, StreamStore store, ChunkFacto
         super(pointer, store);
         this.chunkFactory = chunkFactory;
         this.pointerFactory = pointerFactory;
-        
+
         // Have the child pointers identified and created
         childPointers = pointerFactory.createContainerPointers(pointer, store.getContents());
     }
@@ -69,14 +69,15 @@ public void findChildren(byte[] documentData) {
 
     private void findChildren(byte[] documentData, int nesting) {
         if (nesting > MAX_CHILDREN_NESTING) {
-            LOG.warn("Encountered too deep nesting, cannot fully process stream " +
-                    " with more than " + MAX_CHILDREN_NESTING + " nested children." +
-                    " Some data could not be parsed.");
-            return;
+            throw new IllegalArgumentException("Encountered too deep nesting, cannot process stream " +
+                    "with more than " + MAX_CHILDREN_NESTING + " nested children. " +
+                    "Some data could not be parsed. You can call setMaxChildrenNesting() to adjust " +
+                    "this limit.");
         }
 
         // For each pointer, generate the Stream it points to
         childStreams = new Stream[childPointers.length];
+
         for(int i=0; i<childPointers.length; i++) {
             Pointer ptr = childPointers[i];
             childStreams[i] = Stream.createStream(ptr, documentData, chunkFactory, pointerFactory);
@@ -95,4 +96,12 @@ private void findChildren(byte[] documentData, int nesting) {
             }
         }
     }
+
+    public static int getMaxChildrenNesting() {
+        return MAX_CHILDREN_NESTING;
+    }
+
+    public static void setMaxChildrenNesting(int maxChildrenNesting) {
+        MAX_CHILDREN_NESTING = maxChildrenNesting;
+    }
 }