]> source.dussan.org Git - poi.git/commitdiff
projects / poi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a428428)
Bug 66425: Avoid a NullPointerException found via oss-fuzz
authorDominik Stadler <centic@apache.org>
Sat, 7 Oct 2023 22:12:18 +0000 (22:12 +0000)
committerDominik Stadler <centic@apache.org>
Sat, 7 Oct 2023 22:12:18 +0000 (22:12 +0000)
We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62626

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912792 13f79535-47bb-0310-9956-ffa450edef68

poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java patch | blob | history
poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java patch | blob | history
poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java patch | blob | history
test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt [new file with mode: 0644] patch | blob
test-data/spreadsheet/stress.xls patch | blob | history

diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
index 4da9c9fea7f20b65ce24f211d647ce79197a6216..8b8845186d4068ea460d659cbf15ef9585cf3c63 100644 (file)
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
@@ -68,6 +68,7 @@ public abstract class BaseTestPPTIterating {
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5962760801091584.ppt", RuntimeException.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt", FileNotFoundException.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt", FileNotFoundException.class);
+        EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt", FileNotFoundException.class);
     }
 
     public static Stream<Arguments> files() {
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
index 499e22cf3375380bda941f8d361b3a07f4fe26fc..d2dd0b34b915a22b87c6e9b704448d7e50cd6450 100644 (file)
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@@ -67,7 +67,8 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
         if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt") ||
                 pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt") ||
                 pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt") ||
-                pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt")) {
+                pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt") ||
+                pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt")) {
             throw new FileNotFoundException();
         }
     }
diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java
index 3d08cf7fbf618a78dd0dbb1cddb496c07732d164..fc2828ed0dd6cb49ff9d334d16a2a4be8ebc00ec 100644 (file)
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java
@@ -79,10 +79,14 @@ public class AgileEncryptionHeader extends EncryptionHeader {
                     keyData.getHashAlgorithm() + " @ " + hashSize + " bytes");
         }
 
+        if (keyData.getSaltSize() == null) {
+            throw new EncryptedDocumentException("Invalid salt length: " + keyData.getSaltSize());
+        }
+
         int saltLength = keyData.getSaltSize();
         setKeySalt(keyData.getSaltValue());
         if (getKeySalt().length != saltLength) {
-            throw new EncryptedDocumentException("Invalid salt length");
+            throw new EncryptedDocumentException("Invalid salt length: " + getKeySalt().length + " and " + saltLength);
         }
 
         DataIntegrity di = ed.getDataIntegrity();
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt
new file mode 100644 (file)
index 0000000..567a0f7
Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index aa7d2883c78fa0a7dbbbefa34285ad61f6ff01e5..2352603880adcfa88e6188ee15a73d67353179c1 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ
Mirror of Apache POI: https://github.com/apache/poi