From 0210af791ee17d3cdda6671ddfe008a07a2bd4f0 Mon Sep 17 00:00:00 2001 From: Dominik Stadler Date: Sun, 5 Dec 2021 15:34:16 +0000 Subject: [PATCH] Fix issues found when fuzzing Apache POI via Jazzer Catch and handle a possible NullPointerException in commons-compress We can handle this gracefully for now and can remove this again when commons-compress is fixed, see isse COMPRESS-598 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1895598 13f79535-47bb-0310-9956-ffa450edef68 --- .../util/ZipArchiveThresholdInputStream.java | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipArchiveThresholdInputStream.java b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipArchiveThresholdInputStream.java index 5bcfd8f1c0..97ed930c37 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipArchiveThresholdInputStream.java +++ b/poi-ooxml/src/main/java/org/apache/poi/openxml4j/util/ZipArchiveThresholdInputStream.java @@ -110,7 +110,18 @@ public class ZipArchiveThresholdInputStream extends FilterInputStream { final InputStreamStatistics stats = (InputStreamStatistics)in; final long payloadSize = stats.getUncompressedCount(); - final long rawSize = stats.getCompressedCount(); + + long rawSize; + try { + rawSize = stats.getCompressedCount(); + } catch (NullPointerException e) { + // this can happen with a very specially crafted file + // see https://issues.apache.org/jira/browse/COMPRESS-598 for a related bug-report + // therefore we try to handle this gracefully for now + // this try/catch can be removed when COMPRESS-598 is fixed + rawSize = 0; + } + final String entryName = entry == null ? "not set" : entry.getName(); // check the file size first, in case we are working on uncompressed streams @@ -158,4 +169,4 @@ public class ZipArchiveThresholdInputStream extends FilterInputStream { void setEntry(ZipArchiveEntry entry) { this.entry = entry; } -} \ No newline at end of file +} -- 2.39.5