From: Dominik Stadler Date: Sat, 7 Oct 2023 22:12:18 +0000 (+0000) Subject: Bug 66425: Avoid a NullPointerException found via oss-fuzz X-Git-Tag: REL_5_2_5~75 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=c331c5d26a45a7c5bc1d8cc9030b939ead644f08;p=poi.git Bug 66425: Avoid a NullPointerException found via oss-fuzz We try to avoid throwing NullPointerException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62626 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912792 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java index 4da9c9fea7..8b8845186d 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java @@ -68,6 +68,7 @@ public abstract class BaseTestPPTIterating { EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5962760801091584.ppt", RuntimeException.class); EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt", FileNotFoundException.class); EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt", FileNotFoundException.class); + EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt", FileNotFoundException.class); } public static Stream files() { diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java index 499e22cf33..d2dd0b34b9 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java @@ -67,7 +67,8 @@ public class TestPPTXMLDump extends BaseTestPPTIterating { if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt") || pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt") || pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt") || - pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt")) { + pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt") || + pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt")) { throw new FileNotFoundException(); } } diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java index 3d08cf7fbf..fc2828ed0d 100644 --- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java +++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionHeader.java @@ -79,10 +79,14 @@ public class AgileEncryptionHeader extends EncryptionHeader { keyData.getHashAlgorithm() + " @ " + hashSize + " bytes"); } + if (keyData.getSaltSize() == null) { + throw new EncryptedDocumentException("Invalid salt length: " + keyData.getSaltSize()); + } + int saltLength = keyData.getSaltSize(); setKeySalt(keyData.getSaltValue()); if (getKeySalt().length != saltLength) { - throw new EncryptedDocumentException("Invalid salt length"); + throw new EncryptedDocumentException("Invalid salt length: " + getKeySalt().length + " and " + saltLength); } DataIntegrity di = ed.getDataIntegrity(); diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt new file mode 100644 index 0000000000..567a0f7f15 Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4838893004128256.ppt differ diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls index aa7d2883c7..2352603880 100644 Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ