mirrors
/
poi
mirror of https://github.com/apache/poi.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 100 Wiki Activity
Browse Source

Bug 66425: Avoid a ClassCastException found via oss-fuzz 

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61317

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911565 13f79535-47bb-0310-9956-ffa450edef68
tags/REL_5_2_4
Dominik Stadler 9 months ago
parent
e25c467209
commit
fdeae16b0c
5 changed files with 9 additions and 4 deletions
Split View Show Diff Stats
  1. 5
    2
      poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java
  2. 2
    1
      poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
  3. 2
    1
      poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
  4. BIN
      test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc
  5. BIN
      test-data/spreadsheet/stress.xls

+ 5
- 2
poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java View File

@@ -54,7 +54,6 @@ import org.apache.poi.util.IOUtils;
import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndianByteArrayInputStream;


/**
* This class holds much of the core of a Word document, but
* without some of the table structure information.
@@ -187,7 +186,11 @@ public abstract class HWPFDocumentCore extends POIDocument {

DirectoryEntry objectPoolEntry = null;
if (directory.hasEntry(STREAM_OBJECT_POOL)) {
objectPoolEntry = (DirectoryEntry) directory.getEntry(STREAM_OBJECT_POOL);
final Entry entry = directory.getEntry(STREAM_OBJECT_POOL);
if (!(entry instanceof DirectoryEntry)) {
throw new IllegalArgumentException("Had unexpected type of entry for name: " + STREAM_OBJECT_POOL + ": " + entry.getClass());
}
objectPoolEntry = (DirectoryEntry) entry;
}
_objectPool = new ObjectPoolImpl(objectPoolEntry);
}

+ 2
- 1
poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java View File

@@ -59,7 +59,8 @@ public class TestWordToConverterSuite
"Fuzzed.doc",
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc",
"TestHPSFWritingFunctionality.doc",
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc"
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc"
);

public static Stream<Arguments> files() {

+ 2
- 1
poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java View File

@@ -51,7 +51,8 @@ public class TestWordToTextConverter {
// Corrupt files
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc",
"TestHPSFWritingFunctionality.doc",
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc"
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
"clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc"
);

/**

BIN
test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc View File


BIN
test-data/spreadsheet/stress.xls View File


Write Preview
Loading…
Cancel
Save