diff options
author | Dominik Stadler <centic@apache.org> | 2023-10-07 22:12:25 +0000 |
---|---|---|
committer | Dominik Stadler <centic@apache.org> | 2023-10-07 22:12:25 +0000 |
commit | 6fae5bbc185301057913a800f14202be8d630cf2 (patch) | |
tree | 38f796f7f630bc6b89ecae138e6999d0e20f4be7 | |
parent | c331c5d26a45a7c5bc1d8cc9030b939ead644f08 (diff) | |
download | poi-6fae5bbc185301057913a800f14202be8d630cf2.tar.gz poi-6fae5bbc185301057913a800f14202be8d630cf2.zip |
Bug 66425: Avoid Exceptions found via oss-fuzz
We try to avoid throwing NullPointerExceptions or endless allocations,
but it was possible to trigger one here with a specially
crafted input-file
Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62697
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912793 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java | 4 | ||||
-rw-r--r-- | poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java | 3 | ||||
-rw-r--r-- | poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java | 1 | ||||
-rw-r--r-- | poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java | 4 | ||||
-rw-r--r-- | test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls | bin | 0 -> 3182 bytes | |||
-rw-r--r-- | test-data/spreadsheet/stress.xls | bin | 56320 -> 56832 bytes |
6 files changed, 9 insertions, 3 deletions
diff --git a/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java b/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java index d840078c73..16786e6dae 100644 --- a/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java +++ b/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java @@ -48,7 +48,9 @@ class SSTDeserializer { UnicodeString str; if (in.available() == 0 && (!in.hasNextRecord() || in.getNextSid() != ContinueRecord.sid)) { LOG.atError().log("Ran out of data before creating all the strings! String at index {}", box(i)); - str = new UnicodeString(""); + + // not much sense in trying to continue reading in this case, file seems to be broken + return; } else { str = new UnicodeString(in); } diff --git a/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java b/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java index a4e76fab89..92021f2f26 100644 --- a/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java +++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java @@ -169,7 +169,8 @@ public final class DocumentInputStream extends InputStream implements LittleEndi throw new IllegalArgumentException("buffer must not be null"); } if (off < 0 || len < 0 || b.length < off + len) { - throw new IndexOutOfBoundsException("can't read past buffer boundaries"); + throw new IndexOutOfBoundsException("can't read past buffer boundaries with off: " + off + + ", len: " + len + ", b.length: " + b.length); } if (len == 0) { return 0; diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java b/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java index 26627b5a9b..6e18940a72 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java @@ -88,6 +88,7 @@ public abstract class BaseTestIteratingXLS { excludes.put("64130.xls", OldExcelFormatException.class); // fuzzed binaries excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls", RuntimeException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls", RuntimeException.class); return excludes; } diff --git a/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java b/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java index c627bbfc55..3dcdf87a27 100644 --- a/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java +++ b/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java @@ -18,6 +18,7 @@ package org.apache.poi.hssf.record; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.IOException; import java.io.InputStream; @@ -137,6 +138,7 @@ final class TestSSTDeserializer { deserializer.manufactureStrings(2, in); assertEquals("At a dinner party or", strings.get(0) + ""); - assertEquals("", strings.get(1) + ""); + assertThrows(IndexOutOfBoundsException.class, + () -> strings.get(1)); } } diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls Binary files differnew file mode 100644 index 0000000000..524001f77e --- /dev/null +++ b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls Binary files differindex 2352603880..d06a4e4d5b 100644 --- a/test-data/spreadsheet/stress.xls +++ b/test-data/spreadsheet/stress.xls |