Bug 66425: Avoid an AssertionError found via oss-fuzz

We try to avoid throwing AssertionError to be triggered by input data, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911514 13f79535-47bb-0310-9956-ffa450edef68

5 files changed, 14 insertions, 1 deletions

diff --git a/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java b/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
index d496d0b85a..f25da02fa8 100644
--- a/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
+++ b/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
@@ -84,6 +84,8 @@ public class HSLFFileHandler extends SlideShowHandler {
         }
 
         handleExtracting(file);
+
+        handleAdditional(file);
     }
 
     public static void main(String[] args) throws Exception {
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
index 28dff25ce9..f474f2171c 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
@@ -20,6 +20,8 @@ package org.apache.poi.hslf.record;
 import java.util.Map;
 import java.util.function.Supplier;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.poi.ddf.EscherRecord;
 import org.apache.poi.ddf.EscherRecordFactory;
 import org.apache.poi.ddf.EscherSerializationListener;
@@ -32,6 +34,8 @@ import org.apache.poi.util.LittleEndian;
  * the slide layout as specified in the SlideAtom record.
  */
 public class EscherPlaceholder extends EscherRecord {
+    private static final Logger LOG = LogManager.getLogger(EscherPlaceholder.class);
+
     public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID;
     public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder";
 
@@ -59,7 +63,10 @@ public class EscherPlaceholder extends EscherRecord {
         size = data[offset+13];
         unused = LittleEndian.getShort(data, offset+14);
 
-        assert(bytesRemaining + 8 == 16);
+        if (bytesRemaining + 8 != 16) {
+            LOG.warn("Invalid header-data received, should have 8 bytes left, but had: " + bytesRemaining);
+        }
+
         return bytesRemaining + 8;
     }
 
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
index 8dd66e94fe..007259230f 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
@@ -247,6 +247,10 @@ public abstract class HSLFShape implements Shape<HSLFShape,HSLFTextParagraph> {
     }
 
     public <T extends EscherRecord> T getEscherChild(int recordId){
+        if (_escherContainer == null) {
+            throw new IllegalStateException("Did not have a container for fetching children");
+        }
+
         return _escherContainer.getChildById((short)recordId);
     }
 
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt
new file mode 100644
index 0000000000..c70d8259a8
--- /dev/null
+++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 97591849fd..301d3e61fc 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls