mirrors
/
poi
mirror of https://github.com/apache/poi.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 100 Wiki Activity
Browse Source

Bug 66425: Avoid a ClassCastException found via oss-fuzz 

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61578

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911860 13f79535-47bb-0310-9956-ffa450edef68
tags/REL_5_2_4
Dominik Stadler 8 months ago
parent
1b88529d07
commit
fd29772be6
4 changed files with 8 additions and 2 deletions
Split View Show Diff Stats
  1. 5
    1
      poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
  2. 3
    1
      poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
  3. BIN
      test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt
  4. BIN
      test-data/spreadsheet/stress.xls

+ 5
- 1
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java View File

@@ -404,7 +404,11 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
return;
}

DocumentEntry entry = (DocumentEntry) getDirectory().getEntry("Pictures");
final Entry en = getDirectory().getEntry("Pictures");
if (!(en instanceof DocumentEntry)) {
throw new IllegalArgumentException("Had unexpected type of entry for name: Pictures: " + en.getClass());
}
DocumentEntry entry = (DocumentEntry) en;
EscherContainerRecord blipStore = getBlipStore();
byte[] pictstream;
try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) {

+ 3
- 1
poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java View File

@@ -21,6 +21,7 @@ import org.apache.poi.hslf.HSLFTestDataSamples;
import org.junit.jupiter.api.Test;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@@ -31,6 +32,7 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
static {
LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt");
}

@Test
@@ -49,7 +51,7 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
void runOneFile(File pFile) throws Exception {
try {
PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
} catch (IndexOutOfBoundsException e) {
} catch (IndexOutOfBoundsException | IOException e) {
if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
throw e;
}

BIN
test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt View File


BIN
test-data/spreadsheet/stress.xls View File


Write Preview
Loading…
Cancel
Save