Bug 66425: Avoid exceptions found via poi-fuzz

We try to avoid throwing NullPointerException, ClassCastExceptions and StackOverflowException, but it was possible
to trigger them

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62548 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62564

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912464 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java
index 9837b5c1286a9fd2713937dff7ac885bcc31cea8..2d14b4f13c4aa9e5e469e24ffd93574a2f046d0e 100644 (file)
--- a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java
@@ -214,8 +214,12 @@ public class XSLFDiagram extends XSLFGraphicFrame {
         CTGroupShapeProperties groupShapePropsCt = groupShapeCt.addNewGrpSpPr();
 
         CTGroupShapeNonVisual groupShapeNonVisualCt = groupShapeCt.addNewNvGrpSpPr();
-        groupShapeNonVisualCt.setCNvPr(msGroupShapeCt.getNvGrpSpPr().getCNvPr());
-        groupShapeNonVisualCt.setCNvGrpSpPr(msGroupShapeCt.getNvGrpSpPr().getCNvGrpSpPr());
+        final com.microsoft.schemas.office.drawing.x2008.diagram.CTGroupShapeNonVisual nvGrpSpPr =
+                msGroupShapeCt.getNvGrpSpPr();
+        if (nvGrpSpPr != null) {
+            groupShapeNonVisualCt.setCNvPr(nvGrpSpPr.getCNvPr());
+            groupShapeNonVisualCt.setCNvGrpSpPr(nvGrpSpPr.getCNvGrpSpPr());
+        }
         groupShapeNonVisualCt.setNvPr(CTApplicationNonVisualDrawingProps.Factory.newInstance());
 
         for (CTShape msShapeCt : msGroupShapeCt.getSpList()) {

diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
index 7cc9272781fc214d82773c7927aeb8019d56413c..4da9c9fea7f20b65ce24f211d647ce79197a6216 100644 (file)
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
@@ -67,6 +67,7 @@ public abstract class BaseTestPPTIterating {
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt", FileNotFoundException.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5962760801091584.ppt", RuntimeException.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt", FileNotFoundException.class);
+        EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt", FileNotFoundException.class);
     }
 
     public static Stream<Arguments> files() {

diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
index ca4eb18ac505837c90deefee33483d4b91e808f0..499e22cf3375380bda941f8d361b3a07f4fe26fc 100644 (file)
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@@ -66,7 +66,8 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
         // work around two files which works here but not in other tests
         if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt") ||
                 pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt") ||
-                pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt")) {
+                pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt") ||
+                pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt")) {
             throw new FileNotFoundException();
         }
     }

diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java
index 5ed0d14db3d64187f6c2295153e0053a486bff1c..42c80ecfd72e5b24bc31ccf291ed6162ccfe5ef4 100644 (file)
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java
@@ -60,7 +60,7 @@ public class KeyData {
         blockSize = getIntAttr(keyData, "blockSize");
         keyBits = getIntAttr(keyData, "keyBits");
         hashSize = getIntAttr(keyData, "hashSize");
-        cipherAlgorithm = CipherAlgorithm.fromXmlId(keyData.getAttribute("cipherAlgorithm"), keyBits);
+        cipherAlgorithm = CipherAlgorithm.fromXmlId(keyData.getAttribute("cipherAlgorithm"), keyBits == null ? -1 : keyBits);
         cipherChaining = ChainingMode.fromXmlId(keyData.getAttribute("cipherChaining"));
         hashAlgorithm = HashAlgorithm.fromEcmaId(keyData.getAttribute("hashAlgorithm"));
         if (cipherAlgorithm == null || cipherChaining == null || hashAlgorithm == null) {

diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt
new file mode 100644 (file)
index 0000000..bc704f0
Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt differ

diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5471515212382208.pptx b/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5471515212382208.pptx
new file mode 100644 (file)
index 0000000..c4fb4fb
Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5471515212382208.pptx differ

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 46a4282e1e7df8fc3283d5c85c4e7cde091cca80..aa7d2883c78fa0a7dbbbefa34285ad61f6ff01e5 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ