diff options
author | Dominik Stadler <centic@apache.org> | 2024-07-14 11:27:02 +0000 |
---|---|---|
committer | Dominik Stadler <centic@apache.org> | 2024-07-14 11:27:02 +0000 |
commit | 8be69305cac65b6f2b9016471bdd046edfc40182 (patch) | |
tree | bc1bf26cdd49a25bc34fb204d2723df66b4f4683 | |
parent | a0421651334ce1344b6085274ab4a7284a266bf5 (diff) | |
download | poi-8be69305cac65b6f2b9016471bdd046edfc40182.tar.gz poi-8be69305cac65b6f2b9016471bdd046edfc40182.zip |
Bug 66425: Avoid exceptions found via poi-fuzz
Prevent a NullPointerException
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66400
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919216 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java | 5 | ||||
-rw-r--r-- | poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java | 24 |
2 files changed, 22 insertions, 7 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java index 5d1932c908..475fcc7cc9 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java +++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFVMLDrawing.java @@ -151,6 +151,11 @@ public final class XSSFVMLDrawing extends POIXMLDocumentPart { " xmlns=\""+NS_SPREADSHEETML+"\"", "") , xopt); + // ignore empty XML content in the stream which indicates severely broken parts in the workbook-file + if (root.getXml() == null) { + return; + } + try (XmlCursor cur = root.getXml().newCursor()) { for (boolean found = cur.toFirstChild(); found; found = cur.toNextSibling()) { XmlObject xo = cur.getObject(); diff --git a/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java b/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java index 7822c97410..ce260bbe52 100644 --- a/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java +++ b/poi-ooxml/src/test/java/org/apache/poi/xssf/usermodel/TestXSSFVMLDrawing.java @@ -17,8 +17,10 @@ package org.apache.poi.xssf.usermodel; import static org.apache.poi.ooxml.POIXMLTypeLoader.DEFAULT_XML_OPTIONS; +import static org.apache.poi.xssf.XSSFTestDataSamples.openSampleWorkbook; import static org.apache.poi.xssf.usermodel.XSSFVMLDrawing.QNAME_VMLDRAWING; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertSame; @@ -60,13 +62,13 @@ class TestXSSFVMLDrawing { XSSFVMLDrawing vml = new XSSFVMLDrawing(); List<XmlObject> items = vml.getItems(); assertEquals(2, items.size()); - assertTrue(items.get(0) instanceof CTShapeLayout); + assertInstanceOf(CTShapeLayout.class, items.get(0)); CTShapeLayout layout = (CTShapeLayout)items.get(0); assertSame(STExt.EDIT, layout.getExt()); assertSame(STExt.EDIT, layout.getIdmap().getExt()); assertEquals("1", layout.getIdmap().getData()); - assertTrue(items.get(1) instanceof CTShapetype); + assertInstanceOf(CTShapetype.class, items.get(1)); CTShapetype type = (CTShapetype)items.get(1); assertEquals("21600,21600", type.getCoordsize()); assertEquals(202.0f, type.getSpt(), 0); @@ -110,9 +112,9 @@ class TestXSSFVMLDrawing { vml2.read(out.toInputStream()); List<XmlObject> items2 = vml2.getItems(); assertEquals(3, items2.size()); - assertTrue(items2.get(0) instanceof CTShapeLayout); - assertTrue(items2.get(1) instanceof CTShapetype); - assertTrue(items2.get(2) instanceof CTShape); + assertInstanceOf(CTShapeLayout.class, items2.get(0)); + assertInstanceOf(CTShapetype.class, items2.get(1)); + assertInstanceOf(CTShape.class, items2.get(2)); } @Test @@ -187,7 +189,8 @@ class TestXSSFVMLDrawing { @Test void bug65061_InvalidXmlns() throws IOException, XmlException { - // input hasn't no <?xml... declaration - as in the sample file + // input has no <?xml... declaration - as in the sample file + //noinspection HttpUrlsUsage String input = "<xml xmlns=\"http://schemas.openxmlformats.org/spreadsheetml/2006/main\" xmlns:o=\"urn:schemas-microsoft-com:office:office\" xmlns:v=\"urn:schemas-microsoft-com:vml\" xmlns:x=\"urn:schemas-microsoft-com:office:excel\">\n" + "<v:shapetype id=\"_x0000_t202\" coordsize=\"21600,21600\" path=\"m,l,21600r21600,l21600,xe\" o:spt=\"202\">\n" + @@ -206,8 +209,15 @@ class TestXSSFVMLDrawing { List<XmlObject> objs = vml.getItems(); assertEquals(1, objs.size()); XmlObject xst = objs.get(0); - assertTrue(xst instanceof CTShapetypeImpl); + assertInstanceOf(CTShapetypeImpl.class, xst); CTShapetype st = (CTShapetype)xst; assertSame(STStrokeJoinStyle.MITER, st.getStrokeArray(0).getJoinstyle()); } + + @Test + void testInvalidFile() throws IOException { + try (XSSFWorkbook workbook = openSampleWorkbook("clusterfuzz-testcase-minimized-POIXSSFFuzzer-5089447305609216.xlsx")) { + assertNotNull(workbook); + } + } }
\ No newline at end of file |