aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Stadler <centic@apache.org>2023-08-07 12:09:31 +0000
committerDominik Stadler <centic@apache.org>2023-08-07 12:09:31 +0000
commitf6b1435db196b4a2d7079191a15a4018915f70a5 (patch)
tree61b99deb8af4911e041e7d058b750f68516224d2
parented12f1bb499a09f69d43412fe010cd26ba1e40d6 (diff)
downloadpoi-f6b1435db196b4a2d7079191a15a4018915f70a5.tar.gz
poi-f6b1435db196b4a2d7079191a15a4018915f70a5.zip
Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61243 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911507 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java10
-rw-r--r--poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java7
-rw-r--r--poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java21
-rw-r--r--poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java28
-rw-r--r--test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.docbin0 -> 9216 bytes
-rw-r--r--test-data/spreadsheet/stress.xlsbin59392 -> 59392 bytes
6 files changed, 45 insertions, 21 deletions
diff --git a/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java b/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java
index fff7daa8ec..705bed2e53 100644
--- a/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java
+++ b/poi-integration/src/test/java/org/apache/poi/stress/HPSFFileHandler.java
@@ -43,8 +43,6 @@ import org.apache.poi.util.TempFile;
import org.junit.jupiter.api.Test;
public class HPSFFileHandler extends POIFSFileHandler {
- private static final String NL = System.getProperty("line.separator");
-
private static final ThreadLocal<File> copyOutput = ThreadLocal.withInitial(HPSFFileHandler::getTempFile);
static final Set<String> EXCLUDES_HANDLE_ADD = StressTestUtils.unmodifiableHashSet(
@@ -140,12 +138,10 @@ public class HPSFFileHandler extends POIFSFileHandler {
try (InputStream stream = new FileInputStream(path)) {
handleFile(stream, path);
}
- }
- // a test-case to test this locally without executing the full TestAllFiles
- @Test
- void testExtractor() {
- File file = new File("test-data/hpsf/TestBug44375.xls");
+ File file = new File(path);
assertDoesNotThrow(() -> handleExtracting(file));
+
+ handleAdditional(file);
}
}
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java
index 5a69dbbb3f..325abc6df8 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java
@@ -47,6 +47,7 @@ import org.apache.poi.poifs.filesystem.DirectoryEntry;
import org.apache.poi.poifs.filesystem.DirectoryNode;
import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.DocumentInputStream;
+import org.apache.poi.poifs.filesystem.Entry;
import org.apache.poi.poifs.filesystem.FileMagic;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.apache.poi.util.IOUtils;
@@ -337,7 +338,11 @@ public abstract class HWPFDocumentCore extends POIDocument {
*/
protected byte[] getDocumentEntryBytes(String name, int encryptionOffset, final int len) throws IOException {
DirectoryNode dir = getDirectory();
- DocumentEntry documentProps = (DocumentEntry)dir.getEntry(name);
+ final Entry entry = dir.getEntry(name);
+ if (!(entry instanceof DocumentEntry)) {
+ throw new IllegalArgumentException("Had unexpected type of entry for name: " + name + ": " + entry);
+ }
+ DocumentEntry documentProps = (DocumentEntry) entry;
int streamSize = documentProps.getSize();
boolean isEncrypted = (encryptionOffset > -1 && getEncryptionInfo() != null);
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
index a809fa7d5e..9f97d63309 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
@@ -23,6 +23,7 @@ import java.io.FilenameFilter;
import java.io.StringWriter;
import java.util.Arrays;
import java.util.List;
+import java.util.Locale;
import java.util.stream.Stream;
import javax.xml.transform.OutputKeys;
@@ -52,16 +53,26 @@ public class TestWordToConverterSuite
"password_password_cryptoapi.doc",
// WORD 2.0 file
"word2.doc",
- // Corrupt file
- "Fuzzed.doc"
+ // Excel file
+ "TestRobert_Flaherty.doc",
+ // Corrupt files
+ "Fuzzed.doc",
+ "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc",
+ "TestHPSFWritingFunctionality.doc"
);
public static Stream<Arguments> files() {
- File directory = POIDataSamples.getDocumentInstance().getFile("../document" );
- FilenameFilter ff = (dir, name) -> name.endsWith(".doc") && !failingFiles.contains(name);
+ return Stream.concat(
+ Arrays.stream(getFiles(POIDataSamples.getDocumentInstance().getFile(""))),
+ Arrays.stream(getFiles(POIDataSamples.getHPSFInstance().getFile("")))
+ ).map(Arguments::of);
+ }
+
+ private static File[] getFiles(File directory) {
+ FilenameFilter ff = (dir, name) -> name.toLowerCase(Locale.ROOT).endsWith(".doc") && !failingFiles.contains(name);
File[] docs = directory.listFiles(ff);
assertNotNull(docs);
- return Arrays.stream(docs).map(Arguments::of);
+ return docs;
}
@ParameterizedTest
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
index 64d89486d0..0d084157c9 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
@@ -25,9 +25,10 @@ import java.io.FileInputStream;
import java.io.FilenameFilter;
import java.io.InputStream;
import java.util.Arrays;
+import java.util.List;
+import java.util.Locale;
import java.util.stream.Stream;
-import org.apache.commons.io.filefilter.SuffixFileFilter;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.EncryptedDocumentException;
@@ -44,6 +45,14 @@ import org.junit.jupiter.params.provider.MethodSource;
public class TestWordToTextConverter {
private static final Logger LOG = LogManager.getLogger(WordToTextConverter.class);
+ private static final List<String> failingFiles = Arrays.asList(
+ // Excel file
+ "TestRobert_Flaherty.doc",
+ // Corrupt files
+ "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc",
+ "TestHPSFWritingFunctionality.doc"
+ );
+
/**
* [FAILING] Bug 47731 - Word Extractor considers text copied from some
* website as an embedded object
@@ -104,13 +113,16 @@ public class TestWordToTextConverter {
}
public static Stream<Arguments> files() {
- String dataDirName = System.getProperty(POIDataSamples.TEST_PROPERTY,
- new File("test-data").exists() ? "test-data" : "../test-data");
-
- File[] documents = new File(dataDirName, "document").listFiles(
- (FilenameFilter) new SuffixFileFilter(".doc"));
- assertNotNull(documents);
+ return Stream.concat(
+ Arrays.stream(getFiles(POIDataSamples.getDocumentInstance().getFile(""))),
+ Arrays.stream(getFiles(POIDataSamples.getHPSFInstance().getFile("")))
+ ).map(Arguments::of);
+ }
- return Arrays.stream(documents).map(Arguments::of);
+ private static File[] getFiles(File directory) {
+ FilenameFilter ff = (dir, name) -> name.toLowerCase(Locale.ROOT).endsWith(".doc") && !failingFiles.contains(name);
+ File[] docs = directory.listFiles(ff);
+ assertNotNull(docs);
+ return docs;
}
}
diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc
new file mode 100644
index 0000000000..191f096c3f
--- /dev/null
+++ b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc
Binary files differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index bfa0cd3f93..97591849fd 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls
Binary files differ