Bug 66425: Avoid exceptions found via poi-fuzz

We try to avoid throwing NullPointerException, ClassCastExceptions
and StackOverflowException, but it was possible to trigger them

Also improve some exception messages

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62698
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62606
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62685

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912707 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
index ceccd10635124f4bce18f462da66a74c19a98e5a..c744f2ab731e8769fa8545b51667982a55b613b9 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
@@ -67,6 +67,10 @@ public class XSLFGraphicFrame extends XSLFShape implements GraphicalFrame<XSLFSh
     @Override
     public Rectangle2D getAnchor(){
         CTTransform2D xfrm = ((CTGraphicalObjectFrame)getXmlObject()).getXfrm();
+        if (xfrm == null) {
+            throw new IllegalArgumentException("Could not retrieve an Xfrm from the XML object");
+        }
+
         CTPoint2D off = xfrm.getOff();
         double x = Units.toPoints(POIXMLUnits.parseLength(off.xgetX()));
         double y = Units.toPoints(POIXMLUnits.parseLength(off.xgetY()));

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
index f84c37d08edd6594169b22dd5585f964dbc0ece6..d22ab8df1975dc1946d981ca2868b85fb87b7c31 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
@@ -766,7 +766,7 @@ public class XSLFTableCell extends XSLFTextShape implements TableCell<XSLFShape,
                 return super.isBold();
             } else {
                 final CTTextCharacterProperties rPr = super.getRPr(false);
-                if (rPr.isSetB()) {
+                if (rPr != null && rPr.isSetB()) {
                     // If this run has bold set locally, then it overrides table cell style.
                     return rPr.getB();
                 } else {
@@ -784,7 +784,7 @@ public class XSLFTableCell extends XSLFTextShape implements TableCell<XSLFShape,
                 return super.isItalic();
             } else {
                 final CTTextCharacterProperties rPr = super.getRPr(false);
-                if (rPr.isSetI()) {
+                if (rPr != null && rPr.isSetI()) {
                     // If this run has italic set locally, then it overrides table cell style.
                     return rPr.getI();
                 } else {

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java
index ea1c7e1bfb592503c5290159bd5833ba9c94203c..f74e6b0dbbf697f1153acf5503ebaf2b43fc131d 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java
@@ -96,8 +96,12 @@ public class SXSSFSheet implements Sheet, OoxmlSheetExtensions {
         setRandomAccessWindowSize(_workbook.getRandomAccessWindowSize());
         try {
             _autoSizeColumnTracker = new AutoSizeColumnTracker(this);
-        } catch (UnsatisfiedLinkError | InternalError e) {
-            LOG.atWarn().log("Failed to create AutoSizeColumnTracker, possibly due to fonts not being installed in your OS", e);
+        } catch (UnsatisfiedLinkError | NoClassDefFoundError | InternalError |
+                 // thrown when no fonts are available in the workbook
+                 IndexOutOfBoundsException e) {
+            LOG.atWarn()
+                    .withThrowable(e)
+                    .log("Failed to create AutoSizeColumnTracker, possibly due to fonts not being installed in your OS");
         }
     }
 

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java b/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
index c4a91ad9693ada863bfdb825a077cf318100805d..62817dd2c15109e612e0ac048b5a8071b8550e2b 100644 (file)
--- a/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
@@ -30,7 +30,7 @@ import org.apache.poi.hdgf.pointers.PointerFactory;
 public class PointerContainingStream extends Stream { // TODO - instantiable superclass
     private static final Logger LOG = LogManager.getLogger(PointerContainingStream.class);
 
-    private static final int MAX_CHILDREN_NESTING = 1000;
+    private static final int MAX_CHILDREN_NESTING = 500;
 
     private final Pointer[] childPointers;
     private Stream[] childStreams;

diff --git a/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java b/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java
index 0334925cd81fc38615cebe6667524cfefa68464c..91a00265ff4d658caff622a25904728c10dbd973 100644 (file)
--- a/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java
+++ b/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java
@@ -89,7 +89,7 @@ public final class OldStringRecord implements GenericRecord {
         try {
             return CodePageUtil.getStringFromCodePage(data, cp);
         } catch (UnsupportedEncodingException uee) {
-            throw new IllegalArgumentException("Unsupported codepage requested", uee);
+            throw new IllegalArgumentException("Unsupported codepage requested: " + cp, uee);
         }
     }