]> source.dussan.org Git - poi.git/commitdiff
projects / poi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f6b1435)
Bug 66425: Avoid an AssertionError found via oss-fuzz
authorDominik Stadler <centic@apache.org>
Mon, 7 Aug 2023 14:32:11 +0000 (14:32 +0000)
committerDominik Stadler <centic@apache.org>
Mon, 7 Aug 2023 14:32:11 +0000 (14:32 +0000)
We try to avoid throwing AssertionError to be triggered by input data, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911514 13f79535-47bb-0310-9956-ffa450edef68

poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java patch | blob | history
poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java patch | blob | history
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java patch | blob | history
test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt [new file with mode: 0644] patch | blob
test-data/spreadsheet/stress.xls patch | blob | history

diff --git a/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java b/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
index d496d0b85aae8d267769ae4f98d7d130360babd3..f25da02fa8a19ca1592bc7786e763d757020b9a6 100644 (file)
--- a/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
+++ b/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
@@ -84,6 +84,8 @@ public class HSLFFileHandler extends SlideShowHandler {
         }
 
         handleExtracting(file);
+
+        handleAdditional(file);
     }
 
     public static void main(String[] args) throws Exception {
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
index 28dff25ce92313cb4c937ccb2c1fda46c51c19e3..f474f2171c18a1441d7adca5be71f09ce86c16ba 100644 (file)
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
@@ -20,6 +20,8 @@ package org.apache.poi.hslf.record;
 import java.util.Map;
 import java.util.function.Supplier;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.poi.ddf.EscherRecord;
 import org.apache.poi.ddf.EscherRecordFactory;
 import org.apache.poi.ddf.EscherSerializationListener;
@@ -32,6 +34,8 @@ import org.apache.poi.util.LittleEndian;
  * the slide layout as specified in the SlideAtom record.
  */
 public class EscherPlaceholder extends EscherRecord {
+    private static final Logger LOG = LogManager.getLogger(EscherPlaceholder.class);
+
     public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID;
     public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder";
 
@@ -59,7 +63,10 @@ public class EscherPlaceholder extends EscherRecord {
         size = data[offset+13];
         unused = LittleEndian.getShort(data, offset+14);
 
-        assert(bytesRemaining + 8 == 16);
+        if (bytesRemaining + 8 != 16) {
+            LOG.warn("Invalid header-data received, should have 8 bytes left, but had: " + bytesRemaining);
+        }
+
         return bytesRemaining + 8;
     }
 
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
index 8dd66e94fee1cd24574739037de2accd4c91d2be..007259230f294bc85ece03f46cb99b10c9704e8e 100644 (file)
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
@@ -247,6 +247,10 @@ public abstract class HSLFShape implements Shape<HSLFShape,HSLFTextParagraph> {
     }
 
     public <T extends EscherRecord> T getEscherChild(int recordId){
+        if (_escherContainer == null) {
+            throw new IllegalStateException("Did not have a container for fetching children");
+        }
+
         return _escherContainer.getChildById((short)recordId);
     }
 
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt
new file mode 100644 (file)
index 0000000..c70d825
Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 97591849fd3a702c78859172afb9d48ed1d6410a..301d3e61fc37a2fa0ad653a6c193a8899c0bdd56 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ
Mirror of Apache POI: https://github.com/apache/poi