]> source.dussan.org Git - poi.git/commitdiff
projects / poi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6fae5bb)
Bug 66425: Avoid Exceptions found via oss-fuzz
authorDominik Stadler <centic@apache.org>
Sat, 7 Oct 2023 22:12:30 +0000 (22:12 +0000)
committerDominik Stadler <centic@apache.org>
Sat, 7 Oct 2023 22:12:30 +0000 (22:12 +0000)
We try to avoid throwing NullPointerExceptions or endless allocations,
but it was possible to trigger one here with a specially
crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62706

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912794 13f79535-47bb-0310-9956-ffa450edef68

poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java patch | blob | history
test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx [new file with mode: 0644] patch | blob
test-data/spreadsheet/stress.xls patch | blob | history

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java b/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
index ab6077449ecfcd1b710162583d0d5c9370a1bc05..4e50cad5971847c7193be4fa48633731ae6a5a93 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
@@ -25,6 +25,8 @@ import java.util.List;
 import com.microsoft.schemas.office.visio.x2012.main.PageType;
 import com.microsoft.schemas.office.visio.x2012.main.PagesDocument;
 import com.microsoft.schemas.office.visio.x2012.main.PagesType;
+import com.microsoft.schemas.office.visio.x2012.main.RelType;
+
 import org.apache.poi.ooxml.POIXMLDocumentPart;
 import org.apache.poi.ooxml.POIXMLException;
 import org.apache.poi.openxml4j.opc.PackagePart;
@@ -68,7 +70,12 @@ public class XDGFPages extends XDGFXMLDocumentPart {
             // this iteration is ordered by page number
             for (PageType pageSettings: _pagesObject.getPageArray()) {
 
-                String relId = pageSettings.getRel().getId();
+                RelType rel = pageSettings.getRel();
+                if (rel == null) {
+                    throw new IllegalStateException("Could not read relation for page settings");
+                }
+
+                String relId = rel.getId();
 
                 POIXMLDocumentPart pageContentsPart = getRelationById(relId);
                 if (pageContentsPart == null)
diff --git a/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx b/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx
new file mode 100644 (file)
index 0000000..041c8fb
Binary files /dev/null and b/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index d06a4e4d5b74ce0d1ad463948d8cab670be9244e..50e923e810d017d375c34e5fc0bf460df4499adb 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ
Mirror of Apache POI: https://github.com/apache/poi