Bug 66425: Avoid Exceptions found via oss-fuzz

author Dominik Stadler <centic@apache.org>

Sat, 7 Oct 2023 22:12:50 +0000 (22:12 +0000)

committer Dominik Stadler <centic@apache.org>

Sat, 7 Oct 2023 22:12:50 +0000 (22:12 +0000)
author Dominik Stadler <centic@apache.org>
Sat, 7 Oct 2023 22:12:50 +0000 (22:12 +0000)
committer Dominik Stadler <centic@apache.org>
Sat, 7 Oct 2023 22:12:50 +0000 (22:12 +0000)
diff --git a/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java b/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java

index 5b10c4ff7d63a8bf627d3a1c49771ba6aaa373b2..dc94c265d673b87b3525c413b424b95caae8e779 100644 (file)
--- a/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java
+++ b/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java
@@ -73,7 +73,10 @@ public final class CustomViewSettingsRecordAggregate extends RecordAggregate {
              return;
          }
          rv.visitRecord(_begin);
-        for (RecordBase rb : _recs) {
+
+        // need to copy list to avoid ConcurrentModificationException
+        // as there are cases where the visitor modifies the list itself
+        for (RecordBase rb : new ArrayList<>(_recs)) {
              if (rb instanceof RecordAggregate) {
                  ((RecordAggregate) rb).visitContainedRecords(rv);
              } else {
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java

index a87f34aad87b19b2b6c4b831407c3721355495b3..b9abe815f41fb9938c49f4569b598be5ac0b3a0c 100644 (file)
--- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
@@ -56,6 +56,7 @@ class TestBiffDrawingToXml extends BaseTestIteratingXLS {
          excludes.put("protected_66115.xls", EncryptedDocumentException.class);
          excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5285517825277952.xls", IllegalArgumentException.class);
          excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls", IllegalArgumentException.class);
+        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class);
          return excludes;
      }
  
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java

index 3b8ee50d96b39557b79d168ad2eabc73981e1c18..218ecb93f601ae569bbe62348d74779702934b96 100644 (file)
--- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java
@@ -43,6 +43,7 @@ class TestBiffViewer extends BaseTestIteratingXLS {
          excludes.put("poi-fuzz.xls", RecordFormatException.class);
          excludes.put("protected_66115.xls", RecordFormatException.class);
          excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", IllegalStateException.class);
+        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class);
  
          return excludes;
      }
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java

index 9135eab88424e0a05e6bfbb102b68dfa2faee8d5..7f2f85dcbbc93402e4ac2edd012b6b5aa4cab9a3 100644 (file)
--- a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java
@@ -46,6 +46,7 @@ class TestRecordLister extends BaseTestIteratingXLS {
      protected Map<String, Class<? extends Throwable>> getExcludes() {
          Map<String, Class<? extends Throwable>> excludes = super.getExcludes();
          excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", RecordFormatException.class);
+        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class);
          return excludes;
      }
  
diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls

new file mode 100644 (file)

index 0000000..e409676

Binary files /dev/null and b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls

index edc99459a8dd7b3dcd83516156044b99c3d60a02..f6f4afad62066498be30ed017572eb227ed67113 100644 (file)

Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ
author	Dominik Stadler <centic@apache.org>
	Sat, 7 Oct 2023 22:12:50 +0000 (22:12 +0000)
committer	Dominik Stadler <centic@apache.org>
	Sat, 7 Oct 2023 22:12:50 +0000 (22:12 +0000)
poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java		patch \| blob \| history
poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java		patch \| blob \| history
poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java		patch \| blob \| history
poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java		patch \| blob \| history
test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls	[new file with mode: 0644]	patch \| blob
test-data/spreadsheet/stress.xls		patch \| blob \| history