mirrors
/
poi
mirror of https://github.com/apache/poi.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 100 Wiki Activity
Browse Source

Bug 66425: Avoid an AssertionError found via oss-fuzz 

We try to avoid throwing AssertionError to be triggered by input data, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911514 13f79535-47bb-0310-9956-ffa450edef68
tags/REL_5_2_4
Dominik Stadler 9 months ago
parent
f6b1435db1
commit
2c5264277a
5 changed files with 14 additions and 1 deletions
Split View Show Diff Stats
  1. 2
    0
      poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
  2. 8
    1
      poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
  3. 4
    0
      poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
  4. BIN
      test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt
  5. BIN
      test-data/spreadsheet/stress.xls

+ 2
- 0
poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java View File

@@ -84,6 +84,8 @@ public class HSLFFileHandler extends SlideShowHandler {
}

handleExtracting(file);

handleAdditional(file);
}

public static void main(String[] args) throws Exception {

+ 8
- 1
poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java View File

@@ -20,6 +20,8 @@ package org.apache.poi.hslf.record;
import java.util.Map;
import java.util.function.Supplier;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.ddf.EscherRecord;
import org.apache.poi.ddf.EscherRecordFactory;
import org.apache.poi.ddf.EscherSerializationListener;
@@ -32,6 +34,8 @@ import org.apache.poi.util.LittleEndian;
* the slide layout as specified in the SlideAtom record.
*/
public class EscherPlaceholder extends EscherRecord {
private static final Logger LOG = LogManager.getLogger(EscherPlaceholder.class);

public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID;
public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder";

@@ -59,7 +63,10 @@ public class EscherPlaceholder extends EscherRecord {
size = data[offset+13];
unused = LittleEndian.getShort(data, offset+14);

assert(bytesRemaining + 8 == 16);
if (bytesRemaining + 8 != 16) {
LOG.warn("Invalid header-data received, should have 8 bytes left, but had: " + bytesRemaining);
}

return bytesRemaining + 8;
}


+ 4
- 0
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java View File

@@ -247,6 +247,10 @@ public abstract class HSLFShape implements Shape<HSLFShape,HSLFTextParagraph> {
}

public <T extends EscherRecord> T getEscherChild(int recordId){
if (_escherContainer == null) {
throw new IllegalStateException("Did not have a container for fetching children");
}

return _escherContainer.getChildById((short)recordId);
}


BIN
test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt View File


BIN
test-data/spreadsheet/stress.xls View File


Write Preview
Loading…
Cancel
Save