Bug 66425: Avoid exceptions found via poi-fuzz

We try to avoid throwing NullPointerException, ClassCastExceptions and StackOverflowException, but it was possible
to trigger them

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62548 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62564

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912464 13f79535-47bb-0310-9956-ffa450edef68

7 files changed, 10 insertions, 4 deletions

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java
index 9837b5c128..2d14b4f13c 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java
@@ -214,8 +214,12 @@ public class XSLFDiagram extends XSLFGraphicFrame {
         CTGroupShapeProperties groupShapePropsCt = groupShapeCt.addNewGrpSpPr();
 
         CTGroupShapeNonVisual groupShapeNonVisualCt = groupShapeCt.addNewNvGrpSpPr();
-        groupShapeNonVisualCt.setCNvPr(msGroupShapeCt.getNvGrpSpPr().getCNvPr());
-        groupShapeNonVisualCt.setCNvGrpSpPr(msGroupShapeCt.getNvGrpSpPr().getCNvGrpSpPr());
+        final com.microsoft.schemas.office.drawing.x2008.diagram.CTGroupShapeNonVisual nvGrpSpPr =
+                msGroupShapeCt.getNvGrpSpPr();
+        if (nvGrpSpPr != null) {
+            groupShapeNonVisualCt.setCNvPr(nvGrpSpPr.getCNvPr());
+            groupShapeNonVisualCt.setCNvGrpSpPr(nvGrpSpPr.getCNvGrpSpPr());
+        }
         groupShapeNonVisualCt.setNvPr(CTApplicationNonVisualDrawingProps.Factory.newInstance());
 
         for (CTShape msShapeCt : msGroupShapeCt.getSpList()) {
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
index 7cc9272781..4da9c9fea7 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
@@ -67,6 +67,7 @@ public abstract class BaseTestPPTIterating {
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt", FileNotFoundException.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5962760801091584.ppt", RuntimeException.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt", FileNotFoundException.class);
+        EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt", FileNotFoundException.class);
     }
 
     public static Stream<Arguments> files() {
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
index ca4eb18ac5..499e22cf33 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@@ -66,7 +66,8 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
         // work around two files which works here but not in other tests
         if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt") ||
                 pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5681320547975168.ppt") ||
-                pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt")) {
+                pFile.getName().equals("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5231088823566336.ppt") ||
+                pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt")) {
             throw new FileNotFoundException();
         }
     }
diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java
index 5ed0d14db3..42c80ecfd7 100644
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/agile/KeyData.java
@@ -60,7 +60,7 @@ public class KeyData {
         blockSize = getIntAttr(keyData, "blockSize");
         keyBits = getIntAttr(keyData, "keyBits");
         hashSize = getIntAttr(keyData, "hashSize");
-        cipherAlgorithm = CipherAlgorithm.fromXmlId(keyData.getAttribute("cipherAlgorithm"), keyBits);
+        cipherAlgorithm = CipherAlgorithm.fromXmlId(keyData.getAttribute("cipherAlgorithm"), keyBits == null ? -1 : keyBits);
         cipherChaining = ChainingMode.fromXmlId(keyData.getAttribute("cipherChaining"));
         hashAlgorithm = HashAlgorithm.fromEcmaId(keyData.getAttribute("hashAlgorithm"));
         if (cipherAlgorithm == null || cipherChaining == null || hashAlgorithm == null) {
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt
new file mode 100644
index 0000000000..bc704f01bf
--- /dev/null
+++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-6411649193738240.ppt
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5471515212382208.pptx b/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5471515212382208.pptx
new file mode 100644
index 0000000000..c4fb4fbdf3
--- /dev/null
+++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5471515212382208.pptx
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 46a4282e1e..aa7d2883c7 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls