diff options
| author | Dominik Stadler <centic@apache.org> | 2023-10-07 22:12:50 +0000 |
|---|---|---|
| committer | Dominik Stadler <centic@apache.org> | 2023-10-07 22:12:50 +0000 |
| commit | e43c1bc9117d0c1e356f8de33cb7f9a516747242 (patch) | |
| tree | 7e06af883bc0a6429742d5ad142a42efeeb3147b | |
| parent | 5cd4fa548843e89525e48d6180ab6f3c5eb9833e (diff) | |
| download | poi-e43c1bc9117d0c1e356f8de33cb7f9a516747242.tar.gz poi-e43c1bc9117d0c1e356f8de33cb7f9a516747242.zip | |
Bug 66425: Avoid Exceptions found via oss-fuzz
We try to avoid throwing ConcurrentModificationException,
but it was possible to trigger one here with a specially
crafted input-file
Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62861
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912797 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java | 5 | ||||
| -rw-r--r-- | poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java | 1 | ||||
| -rw-r--r-- | poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java | 1 | ||||
| -rw-r--r-- | poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java | 1 | ||||
| -rw-r--r-- | test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls | bin | 0 -> 13362 bytes | |||
| -rw-r--r-- | test-data/spreadsheet/stress.xls | bin | 57856 -> 58880 bytes |
6 files changed, 7 insertions, 1 deletions
diff --git a/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java b/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java index 5b10c4ff7d..dc94c265d6 100644 --- a/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java +++ b/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java @@ -73,7 +73,10 @@ public final class CustomViewSettingsRecordAggregate extends RecordAggregate { return; } rv.visitRecord(_begin); - for (RecordBase rb : _recs) { + + // need to copy list to avoid ConcurrentModificationException + // as there are cases where the visitor modifies the list itself + for (RecordBase rb : new ArrayList<>(_recs)) { if (rb instanceof RecordAggregate) { ((RecordAggregate) rb).visitContainedRecords(rv); } else { diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java index a87f34aad8..b9abe815f4 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java @@ -56,6 +56,7 @@ class TestBiffDrawingToXml extends BaseTestIteratingXLS { excludes.put("protected_66115.xls", EncryptedDocumentException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5285517825277952.xls", IllegalArgumentException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls", IllegalArgumentException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class); return excludes; } diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java index 3b8ee50d96..218ecb93f6 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java @@ -43,6 +43,7 @@ class TestBiffViewer extends BaseTestIteratingXLS { excludes.put("poi-fuzz.xls", RecordFormatException.class); excludes.put("protected_66115.xls", RecordFormatException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", IllegalStateException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class); return excludes; } diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java index 9135eab884..7f2f85dcbb 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java @@ -46,6 +46,7 @@ class TestRecordLister extends BaseTestIteratingXLS { protected Map<String, Class<? extends Throwable>> getExcludes() { Map<String, Class<? extends Throwable>> excludes = super.getExcludes(); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", RecordFormatException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class); return excludes; } diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls Binary files differnew file mode 100644 index 0000000000..e4096766ca --- /dev/null +++ b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls Binary files differindex edc99459a8..f6f4afad62 100644 --- a/test-data/spreadsheet/stress.xls +++ b/test-data/spreadsheet/stress.xls |