diff options
author | Dominik Stadler <centic@apache.org> | 2023-08-07 12:09:31 +0000 |
---|---|---|
committer | Dominik Stadler <centic@apache.org> | 2023-08-07 12:09:31 +0000 |
commit | f6b1435db196b4a2d7079191a15a4018915f70a5 (patch) | |
tree | 61b99deb8af4911e041e7d058b750f68516224d2 | |
parent | ed12f1bb499a09f69d43412fe010cd26ba1e40d6 (diff) | |
download | poi-f6b1435db196b4a2d7079191a15a4018915f70a5.tar.gz poi-f6b1435db196b4a2d7079191a15a4018915f70a5.zip |
Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file
Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61243
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911507 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java | 10 | ||||
-rw-r--r-- | poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java | 7 | ||||
-rw-r--r-- | poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java | 21 | ||||
-rw-r--r-- | poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java | 28 | ||||
-rw-r--r-- | test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc | bin | 0 -> 9216 bytes | |||
-rw-r--r-- | test-data/spreadsheet/stress.xls | bin | 59392 -> 59392 bytes |
6 files changed, 45 insertions, 21 deletions
diff --git a/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java b/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java index fff7daa8ec..705bed2e53 100644 --- a/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java +++ b/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java @@ -43,8 +43,6 @@ import org.apache.poi.util.TempFile; import org.junit.jupiter.api.Test; public class HPSFFileHandler extends POIFSFileHandler { - private static final String NL = System.getProperty("line.separator"); - private static final ThreadLocal<File> copyOutput = ThreadLocal.withInitial(HPSFFileHandler::getTempFile); static final Set<String> EXCLUDES_HANDLE_ADD = StressTestUtils.unmodifiableHashSet( @@ -140,12 +138,10 @@ public class HPSFFileHandler extends POIFSFileHandler { try (InputStream stream = new FileInputStream(path)) { handleFile(stream, path); } - } - // a test-case to test this locally without executing the full TestAllFiles - @Test - void testExtractor() { - File file = new File("test-data/hpsf/TestBug44375.xls"); + File file = new File(path); assertDoesNotThrow(() -> handleExtracting(file)); + + handleAdditional(file); } } diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java index 5a69dbbb3f..325abc6df8 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java @@ -47,6 +47,7 @@ import org.apache.poi.poifs.filesystem.DirectoryEntry; import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.poifs.filesystem.DocumentEntry; import org.apache.poi.poifs.filesystem.DocumentInputStream; +import org.apache.poi.poifs.filesystem.Entry; import org.apache.poi.poifs.filesystem.FileMagic; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.util.IOUtils; @@ -337,7 +338,11 @@ public abstract class HWPFDocumentCore extends POIDocument { */ protected byte[] getDocumentEntryBytes(String name, int encryptionOffset, final int len) throws IOException { DirectoryNode dir = getDirectory(); - DocumentEntry documentProps = (DocumentEntry)dir.getEntry(name); + final Entry entry = dir.getEntry(name); + if (!(entry instanceof DocumentEntry)) { + throw new IllegalArgumentException("Had unexpected type of entry for name: " + name + ": " + entry); + } + DocumentEntry documentProps = (DocumentEntry) entry; int streamSize = documentProps.getSize(); boolean isEncrypted = (encryptionOffset > -1 && getEncryptionInfo() != null); diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java index a809fa7d5e..9f97d63309 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java @@ -23,6 +23,7 @@ import java.io.FilenameFilter; import java.io.StringWriter; import java.util.Arrays; import java.util.List; +import java.util.Locale; import java.util.stream.Stream; import javax.xml.transform.OutputKeys; @@ -52,16 +53,26 @@ public class TestWordToConverterSuite "password_password_cryptoapi.doc", // WORD 2.0 file "word2.doc", - // Corrupt file - "Fuzzed.doc" + // Excel file + "TestRobert_Flaherty.doc", + // Corrupt files + "Fuzzed.doc", + "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc", + "TestHPSFWritingFunctionality.doc" ); public static Stream<Arguments> files() { - File directory = POIDataSamples.getDocumentInstance().getFile("../document" ); - FilenameFilter ff = (dir, name) -> name.endsWith(".doc") && !failingFiles.contains(name); + return Stream.concat( + Arrays.stream(getFiles(POIDataSamples.getDocumentInstance().getFile(""))), + Arrays.stream(getFiles(POIDataSamples.getHPSFInstance().getFile(""))) + ).map(Arguments::of); + } + + private static File[] getFiles(File directory) { + FilenameFilter ff = (dir, name) -> name.toLowerCase(Locale.ROOT).endsWith(".doc") && !failingFiles.contains(name); File[] docs = directory.listFiles(ff); assertNotNull(docs); - return Arrays.stream(docs).map(Arguments::of); + return docs; } @ParameterizedTest diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java index 64d89486d0..0d084157c9 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java @@ -25,9 +25,10 @@ import java.io.FileInputStream; import java.io.FilenameFilter; import java.io.InputStream; import java.util.Arrays; +import java.util.List; +import java.util.Locale; import java.util.stream.Stream; -import org.apache.commons.io.filefilter.SuffixFileFilter; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.poi.EncryptedDocumentException; @@ -44,6 +45,14 @@ import org.junit.jupiter.params.provider.MethodSource; public class TestWordToTextConverter { private static final Logger LOG = LogManager.getLogger(WordToTextConverter.class); + private static final List<String> failingFiles = Arrays.asList( + // Excel file + "TestRobert_Flaherty.doc", + // Corrupt files + "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc", + "TestHPSFWritingFunctionality.doc" + ); + /** * [FAILING] Bug 47731 - Word Extractor considers text copied from some * website as an embedded object @@ -104,13 +113,16 @@ public class TestWordToTextConverter { } public static Stream<Arguments> files() { - String dataDirName = System.getProperty(POIDataSamples.TEST_PROPERTY, - new File("test-data").exists() ? "test-data" : "../test-data"); - - File[] documents = new File(dataDirName, "document").listFiles( - (FilenameFilter) new SuffixFileFilter(".doc")); - assertNotNull(documents); + return Stream.concat( + Arrays.stream(getFiles(POIDataSamples.getDocumentInstance().getFile(""))), + Arrays.stream(getFiles(POIDataSamples.getHPSFInstance().getFile(""))) + ).map(Arguments::of); + } - return Arrays.stream(documents).map(Arguments::of); + private static File[] getFiles(File directory) { + FilenameFilter ff = (dir, name) -> name.toLowerCase(Locale.ROOT).endsWith(".doc") && !failingFiles.contains(name); + File[] docs = directory.listFiles(ff); + assertNotNull(docs); + return docs; } } diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc Binary files differnew file mode 100644 index 0000000000..191f096c3f --- /dev/null +++ b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls Binary files differindex bfa0cd3f93..97591849fd 100644 --- a/test-data/spreadsheet/stress.xls +++ b/test-data/spreadsheet/stress.xls |