Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61162

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911459 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java b/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java
index 5897803e74db1e485cb598accf13efe425d5e574..a9e10430ac92e277ca11c4d0beb39edc1c3e75e4 100644 (file)
--- a/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java
+++ b/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java
@@ -45,22 +45,16 @@ public class HPBFFileHandler extends POIFSFileHandler {
     void test() throws Exception {
         File file = new File("test-data/publisher/SampleBrochure.pub");
 
-        InputStream stream = new FileInputStream(file);
-        try {
+        try (InputStream stream = new FileInputStream(file)) {
             handleFile(stream, file.getPath());
-        } finally {
-            stream.close();
         }
 
         handleExtracting(file);
 
-        stream = new FileInputStream(file);
-        try {
+        try (InputStream stream = new FileInputStream(file)) {
             try (PublisherTextExtractor extractor = new PublisherTextExtractor(stream)) {
                 assertNotNull(extractor.getText());
             }
-        } finally {
-            stream.close();
         }
     }
 

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java b/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java
index a723fc2cc19cf58070830e36fe474e69c58a8ed7..c3d44099de12bff32ebb8012773e5fc11918ba00 100644 (file)
--- a/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java
@@ -23,6 +23,7 @@ import java.io.InputStream;
 
 import org.apache.commons.io.input.UnsynchronizedByteArrayInputStream;
 import org.apache.poi.poifs.filesystem.DirectoryNode;
+import org.apache.poi.poifs.filesystem.Entry;
 import org.apache.poi.util.IOUtils;
 
 /**
@@ -57,7 +58,11 @@ public abstract class HPBFPart {
         DirectoryNode dir = baseDir;
         for(int i=0; i<path.length-1; i++) {
             try {
-                dir = (DirectoryNode)dir.getEntry(path[i]);
+                Entry entry = dir.getEntry(path[i]);
+                if (!(entry instanceof DirectoryNode)) {
+                    throw new IllegalArgumentException("Had unexpected type of entry for path: " + path[i] + ": " + entry);
+                }
+                dir = (DirectoryNode) entry;
             } catch (FileNotFoundException e) {
                 throw new IllegalArgumentException("File invalid - failed to find directory entry '"
                         + path[i] + "': " + e);

diff --git a/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub b/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub
new file mode 100644 (file)
index 0000000..d2dfadc
Binary files /dev/null and b/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub differ

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 37ff2aae1355f45668194e6fdedbbd7b4ea57c9b..1032a86a92d98429da0b6f81b25cdebd0dcd66c4 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ