Bug 66425: Avoid exceptions found via poi-fuzz

Capture and report integer overflow as normal
parsing/format exceptions

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63628

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914401 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java b/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
index fdbcc8990161e23bfbc6357c1efb5e34aed8af86..d9fffabe48b3614f8a8401995befb3863ed5c601 100644 (file)
--- a/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
+++ b/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
@@ -212,7 +212,7 @@ public class XLSX2CSV {
                   styles, null, strings, sheetHandler, formatter, false);
             sheetParser.setContentHandler(handler);
             sheetParser.parse(sheetSource);
-         } catch(ParserConfigurationException e) {
+         } catch (ParserConfigurationException e) {
             throw new RuntimeException("SAX parser appears to be broken - " + e.getMessage());
          }
     }
@@ -234,7 +234,12 @@ public class XLSX2CSV {
                 String sheetName = iter.getSheetName();
                 this.output.println();
                 this.output.println(sheetName + " [index=" + index + "]:");
-                processSheet(styles, strings, new SheetToCSV(), stream);
+
+                try {
+                    processSheet(styles, strings, new SheetToCSV(), stream);
+                } catch (NumberFormatException e) {
+                    throw new IOException("Failed to parse sheet " + sheetName, e);
+                }
             }
             ++index;
         }

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
index fd008f3a3d077bf1f3e09cf9b7ba90b18584da68..c79024e3b4e010f217c798bdb6cc724e96f68d0b 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
@@ -289,7 +289,7 @@ public class XSSFEventBasedExcelExtractor
             }
 
             return text.toString();
-        } catch (IOException | OpenXML4JException | SAXException e) {
+        } catch (IOException | OpenXML4JException | SAXException | NumberFormatException e) {
             LOGGER.atWarn().withThrowable(e).log("Failed to load text");
             return "";
         }

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
index 9fe2ea71f08c1b944100253f4cef51bccfe0dc42..f931b2d58d6ac346be06b67cf1a7737583b2582e 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
@@ -146,7 +146,7 @@ public class XSSFSheet extends POIXMLDocumentPart implements Sheet, OoxmlSheetEx
     protected void onDocumentRead() {
         try (InputStream stream = getPackagePart().getInputStream()) {
             read(stream);
-        } catch (IOException e){
+        } catch (IOException | ArithmeticException e){
             throw new POIXMLException(e);
         }
     }

diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
new file mode 100644 (file)
index 0000000..16515d7
Binary files /dev/null and b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx differ

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 9ad1991a269306961d2741d462d0b98e63b306de..9a4e488e7b97fd5d255222d394b34296ca025c9c 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ