From 8be69305cac65b6f2b9016471bdd046edfc40182 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Sun, 14 Jul 2024 11:27:02 +0000
Subject: [PATCH] Bug 66425: Avoid exceptions found via poi-fuzz

Prevent a NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66400

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919216 13f79535-47bb-0310-9956-ffa450edef68
---
 .../poi/xssf/usermodel/XSSFVMLDrawing.java    |  5 ++++
 .../xssf/usermodel/TestXSSFVMLDrawing.java    | 24 +++++++++++++------
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java
index 5d1932c908..475fcc7cc9 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java
@@ -151,6 +151,11 @@ public final class XSSFVMLDrawing extends POIXMLDocumentPart {
             " xmlns=\""+NS_SPREADSHEETML+"\"", "")
             , xopt);
 
+        // ignore empty XML content in the stream which indicates severely broken parts in the workbook-file
+        if (root.getXml() == null) {
+            return;
+        }
+
         try (XmlCursor cur = root.getXml().newCursor()) {
             for (boolean found = cur.toFirstChild(); found; found = cur.toNextSibling()) {
                 XmlObject xo = cur.getObject();
diff --git a/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java b/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java
index 7822c97410..ce260bbe52 100644
--- a/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java
+++ b/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java
@@ -17,8 +17,10 @@
 package org.apache.poi.xssf.usermodel;
 
 import static org.apache.poi.ooxml.POIXMLTypeLoader.DEFAULT_XML_OPTIONS;
+import static org.apache.poi.xssf.XSSFTestDataSamples.openSampleWorkbook;
 import static org.apache.poi.xssf.usermodel.XSSFVMLDrawing.QNAME_VMLDRAWING;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertSame;
@@ -60,13 +62,13 @@ class TestXSSFVMLDrawing {
         XSSFVMLDrawing vml = new XSSFVMLDrawing();
         List<XmlObject> items = vml.getItems();
         assertEquals(2, items.size());
-        assertTrue(items.get(0) instanceof CTShapeLayout);
+        assertInstanceOf(CTShapeLayout.class, items.get(0));
         CTShapeLayout layout = (CTShapeLayout)items.get(0);
         assertSame(STExt.EDIT, layout.getExt());
         assertSame(STExt.EDIT, layout.getIdmap().getExt());
         assertEquals("1", layout.getIdmap().getData());
 
-        assertTrue(items.get(1) instanceof CTShapetype);
+        assertInstanceOf(CTShapetype.class, items.get(1));
         CTShapetype type = (CTShapetype)items.get(1);
         assertEquals("21600,21600", type.getCoordsize());
         assertEquals(202.0f, type.getSpt(), 0);
@@ -110,9 +112,9 @@ class TestXSSFVMLDrawing {
         vml2.read(out.toInputStream());
         List<XmlObject> items2 = vml2.getItems();
         assertEquals(3, items2.size());
-        assertTrue(items2.get(0) instanceof CTShapeLayout);
-        assertTrue(items2.get(1) instanceof CTShapetype);
-        assertTrue(items2.get(2) instanceof CTShape);
+        assertInstanceOf(CTShapeLayout.class, items2.get(0));
+        assertInstanceOf(CTShapetype.class, items2.get(1));
+        assertInstanceOf(CTShape.class, items2.get(2));
     }
 
     @Test
@@ -187,7 +189,8 @@ class TestXSSFVMLDrawing {
 
     @Test
     void bug65061_InvalidXmlns() throws IOException, XmlException {
-        // input hasn't no <?xml... declaration - as in the sample file
+        // input has no <?xml... declaration - as in the sample file
+        //noinspection HttpUrlsUsage
         String input =
             "<xml xmlns=\"http://schemas.openxmlformats.org/spreadsheetml/2006/main\" xmlns:o=\"urn:schemas-microsoft-com:office:office\" xmlns:v=\"urn:schemas-microsoft-com:vml\" xmlns:x=\"urn:schemas-microsoft-com:office:excel\">\n" +
             "<v:shapetype id=\"_x0000_t202\" coordsize=\"21600,21600\" path=\"m,l,21600r21600,l21600,xe\" o:spt=\"202\">\n" +
@@ -206,8 +209,15 @@ class TestXSSFVMLDrawing {
         List<XmlObject> objs = vml.getItems();
         assertEquals(1, objs.size());
         XmlObject xst = objs.get(0);
-        assertTrue(xst instanceof CTShapetypeImpl);
+        assertInstanceOf(CTShapetypeImpl.class, xst);
         CTShapetype st = (CTShapetype)xst;
         assertSame(STStrokeJoinStyle.MITER, st.getStrokeArray(0).getJoinstyle());
     }
+
+    @Test
+    void testInvalidFile() throws IOException {
+        try (XSSFWorkbook workbook = openSampleWorkbook("clusterfuzz-testcase-minimized-POIXSSFFuzzer-5089447305609216.xlsx")) {
+            assertNotNull(workbook);
+        }
+    }
 }
\ No newline at end of file
-- 
2.39.5