Closed mburbea closed 2 weeks ago
Hi @mburbea , thank you for reporting the issue.
But I'm not able to repro your problem. Here is my repro step:
I could successfully get the key-value (though just the substring of the actual value).
Could you please provide the file that would crash after loading the custom properties, or could you please share a recording of your complete repro process? Thank you very much.
Your length of value exceed the 255 characters. larger values are automatically trimmed to 255 characters. This is the official doc to tell this: https://learn.microsoft.com/en-us/javascript/api/excel/excel.customproperty?view=excel-js-preview.
The fix is releasing to production, after that your length will be trimmed to 255 characters.
Thanks!
This issue has been automatically marked as stale because it is marked as needing author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. Thank you for your interest in Office Add-ins!
This issue has been closed due to inactivity. Please comment if you still need assistance and we'll re-open the issue.
The spec for custom properties do indicate that they must be between 1 and 255. However, since an xlsx is an xml document, and vba/3rd com addins may not care it is possible to create a property with such a long payload. When trying to read such a property excel will freeze and then crash.
Your Environment
Expected behavior
Running the following snippet won't crash when run against a workbook with a too long custom property::
and will load all custom properties possibly even this invalid one.
Current behavior
Excel will freeze up for about 10 seconds and then crash.
Steps to reproduce
you can manually insert a string like the following into the custom properties section of a document.
It is likely that vba can do it too.
Context
My addin allows users to create a report and will take screenshots of various workbook name ranges that the user selects. I save into the workbook which ones are currently selected in custom properties prefixed with my addin initials. Thus I load all custom doc properties and then do a regex search for any property. Unfortunately, I've discovered some poorly poorly behaved com addin is storing large base64 strings in the custom properties section of documents. While I can give the users some vba to help find and remove these out of spec properties, it is a poor experience for my users when excel crashes.