We try to avoid throwing NullPointerException, ClassCastExceptions and StackOverflowException, but it was possible to trigger them Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62530 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62491 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912433 13f79535-47bb-0310-9956-ffa450edef68tags/REL_5_2_4
@@ -54,7 +54,7 @@ import org.w3c.dom.Element; | |||
public class WordToTextConverter extends AbstractWordConverter { | |||
private static final Logger LOG = LogManager.getLogger(WordToTextConverter.class); | |||
private static final int MAX_NESTED_CHILD_NODES = 400; | |||
private static final int MAX_NESTED_CHILD_NODES = 300; | |||
public static String getText( DirectoryNode root ) throws Exception | |||
{ |
@@ -35,7 +35,6 @@ import java.util.stream.Stream; | |||
import org.apache.poi.POIDataSamples; | |||
import org.apache.poi.hslf.exceptions.EncryptedPowerPointFileException; | |||
import org.apache.poi.hslf.exceptions.HSLFException; | |||
import org.apache.poi.hslf.exceptions.OldPowerPointFormatException; | |||
import org.apache.poi.util.IOUtils; | |||
import org.apache.commons.io.output.NullPrintStream; | |||
@@ -67,6 +66,7 @@ public abstract class BaseTestPPTIterating { | |||
EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt", FileNotFoundException.class); | |||
EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt", FileNotFoundException.class); | |||
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5962760801091584.ppt", RuntimeException.class); | |||
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt", FileNotFoundException.class); | |||
} | |||
public static Stream<Arguments> files() { |
@@ -65,7 +65,8 @@ public class TestPPTXMLDump extends BaseTestPPTIterating { | |||
// work around two files which works here but not in other tests | |||
if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt") || | |||
pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt")) { | |||
pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt") || | |||
pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt")) { | |||
throw new FileNotFoundException(); | |||
} | |||
} |
@@ -408,7 +408,9 @@ public final class CFRule12Record extends CFRuleBase implements FutureRecord { | |||
out.writeShort(priority); | |||
out.writeShort(template_type); | |||
out.writeByte(template_param_length); | |||
out.write(template_params); | |||
if (template_params != null) { | |||
out.write(template_params); | |||
} | |||
byte type = getConditionType(); | |||
if (type == CONDITION_TYPE_COLOR_SCALE) { | |||
@@ -432,7 +434,7 @@ public final class CFRule12Record extends CFRuleBase implements FutureRecord { | |||
len += getFormulaSize(getFormula1()); | |||
len += getFormulaSize(getFormula2()); | |||
len += 2 + getFormulaSize(formula_scale); | |||
len += 6 + template_params.length; | |||
len += 6 + (template_params == null ? 0 : template_params.length); | |||
byte type = getConditionType(); | |||
if (type == CONDITION_TYPE_COLOR_SCALE) { |
@@ -109,7 +109,7 @@ public class PasswordKeyEncryptor { | |||
blockSize = getIntAttr(passwordKey, "blockSize"); | |||
keyBits = getIntAttr(passwordKey, "keyBits"); | |||
hashSize = getIntAttr(passwordKey, "hashSize"); | |||
cipherAlgorithm = CipherAlgorithm.fromXmlId(passwordKey.getAttribute("cipherAlgorithm"), keyBits); | |||
cipherAlgorithm = CipherAlgorithm.fromXmlId(passwordKey.getAttribute("cipherAlgorithm"), keyBits == null ? -1 : keyBits); | |||
cipherChaining = ChainingMode.fromXmlId(passwordKey.getAttribute("cipherChaining")); | |||
hashAlgorithm = HashAlgorithm.fromEcmaId(passwordKey.getAttribute("hashAlgorithm")); | |||
saltValue = getBinAttr(passwordKey, "saltValue"); |
@@ -42,6 +42,7 @@ class TestBiffViewer extends BaseTestIteratingXLS { | |||
excludes.put("61300.xls", IndexOutOfBoundsException.class); | |||
excludes.put("poi-fuzz.xls", RecordFormatException.class); | |||
excludes.put("protected_66115.xls", RecordFormatException.class); | |||
excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", IllegalStateException.class); | |||
return excludes; | |||
} |
@@ -53,7 +53,7 @@ class TestFormulaViewer extends BaseTestIteratingXLS { | |||
@Override | |||
void runOneFile(File fileIn) throws Exception { | |||
// replace with System.out for manual tests | |||
PrintWriter out = new PrintWriter(new NullWriter()); | |||
PrintWriter out = new PrintWriter(NullWriter.INSTANCE); | |||
final Function<FormulaRecord, String> lister = (doListFormula) ? this::listFormula : this::parseFormulaRecord; | |||
@@ -21,6 +21,7 @@ import java.io.IOException; | |||
import java.io.InputStream; | |||
import java.io.PrintWriter; | |||
import java.util.Locale; | |||
import java.util.Map; | |||
import org.apache.commons.io.output.NullWriter; | |||
import org.apache.poi.hssf.record.ContinueRecord; | |||
@@ -28,6 +29,7 @@ import org.apache.poi.hssf.record.Record; | |||
import org.apache.poi.hssf.record.RecordFactory; | |||
import org.apache.poi.hssf.record.RecordInputStream; | |||
import org.apache.poi.poifs.filesystem.POIFSFileSystem; | |||
import org.apache.poi.util.RecordFormatException; | |||
/** | |||
* This is a low-level debugging class, which simply prints out what records come in what order. | |||
@@ -40,10 +42,17 @@ import org.apache.poi.poifs.filesystem.POIFSFileSystem; | |||
*/ | |||
class TestRecordLister extends BaseTestIteratingXLS { | |||
@Override | |||
protected Map<String, Class<? extends Throwable>> getExcludes() { | |||
Map<String, Class<? extends Throwable>> excludes = super.getExcludes(); | |||
excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", RecordFormatException.class); | |||
return excludes; | |||
} | |||
@Override | |||
void runOneFile(File fileIn) throws IOException { | |||
// replace it with System.out if you like it more verbatim | |||
PrintWriter out = new PrintWriter(new NullWriter()); | |||
PrintWriter out = new PrintWriter(NullWriter.INSTANCE); | |||
try (POIFSFileSystem fs = new POIFSFileSystem(fileIn, true); | |||
InputStream din = BiffViewer.getPOIFSInputStream(fs)) { |
@@ -28,11 +28,13 @@ import static org.junit.jupiter.api.Assertions.assertThrows; | |||
import static org.junit.jupiter.api.Assertions.assertTrue; | |||
import static org.junit.jupiter.api.Assertions.fail; | |||
import java.io.ByteArrayOutputStream; | |||
import java.io.File; | |||
import java.io.FileInputStream; | |||
import java.io.FileOutputStream; | |||
import java.io.IOException; | |||
import java.io.InputStream; | |||
import java.io.OutputStream; | |||
import java.util.ArrayList; | |||
import java.util.Collection; | |||
import java.util.List; | |||
@@ -69,6 +71,7 @@ import org.apache.poi.ss.usermodel.Row; | |||
import org.apache.poi.ss.usermodel.Sheet; | |||
import org.apache.poi.ss.usermodel.SheetConditionalFormatting; | |||
import org.apache.poi.ss.usermodel.Workbook; | |||
import org.apache.poi.ss.usermodel.WorkbookFactory; | |||
import org.apache.poi.ss.util.CellRangeAddress; | |||
import org.apache.poi.util.IOUtils; | |||
import org.apache.poi.util.TempFile; | |||
@@ -1217,4 +1220,15 @@ public final class TestHSSFWorkbook extends BaseTestWorkbook { | |||
void createDrawing() { | |||
// the dimensions for this image are different than for XSSF and SXSSF | |||
} | |||
@Test | |||
void writeInvalidFile() throws Exception { | |||
try (Workbook wb = WorkbookFactory.create( | |||
samples.getFile("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls"), | |||
null, true)) { | |||
try (OutputStream out = new ByteArrayOutputStream()) { | |||
wb.write(out); | |||
} | |||
} | |||
} | |||
} |