aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Stadler <centic@apache.org>2023-08-10 04:54:25 +0000
committerDominik Stadler <centic@apache.org>2023-08-10 04:54:25 +0000
commit316738c9d042980ba450d2b4234682bfc723cd53 (patch)
tree471003a819d24cb75a753b6a5d1bf9a1f2109203
parentd9106c60fdaf1b207a8ecbf3a74d0cd9a734bf93 (diff)
downloadpoi-316738c9d042980ba450d2b4234682bfc723cd53.tar.gz
poi-316738c9d042980ba450d2b4234682bfc723cd53.zip
Bug 66425: Avoid a NullPointerException found via oss-fuzz
Handle some data that can be missing properly. Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61332 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911585 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/FFData.java112
-rw-r--r--test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4951943183990784.docbin0 -> 86528 bytes
2 files changed, 51 insertions, 61 deletions
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/FFData.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/FFData.java
index 50f51ed663..9166ca9588 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/FFData.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/FFData.java
@@ -30,8 +30,7 @@ import org.apache.poi.util.LittleEndianConsts;
* drop-down list box.
*/
@Internal
-public class FFData
-{
+public class FFData {
private FFDataBase _base;
/**
@@ -79,89 +78,82 @@ public class FFData
private Xstz _xstzTextFormat;
- public FFData( byte[] std, int offset )
- {
- fillFields( std, offset );
+ public FFData(byte[] std, int offset) {
+ fillFields(std, offset);
}
- public void fillFields( final byte[] std, final int startOffset ) // NOSONAR
- {
+ public void fillFields(final byte[] std, final int startOffset) { // NOSONAR
int offset = startOffset;
- this._base = new FFDataBase( std, offset );
+ this._base = new FFDataBase(std, offset);
offset += FFDataBaseAbstractType.getSize();
- this._xstzName = new Xstz( std, offset );
+ this._xstzName = new Xstz(std, offset);
offset += this._xstzName.getSize();
- if ( _base.getIType() == ITYPE_TEXT )
- {
- _xstzTextDef = new Xstz( std, offset );
+ if (_base.getIType() == ITYPE_TEXT) {
+ _xstzTextDef = new Xstz(std, offset);
offset += this._xstzTextDef.getSize();
- }
- else
- {
+ } else {
this._xstzTextDef = null;
}
- if ( _base.getIType() == ITYPE_CHCK
- || _base.getIType() == ITYPE_DROP )
- {
+ if (_base.getIType() == ITYPE_CHCK
+ || _base.getIType() == ITYPE_DROP) {
this._wDef = LittleEndian.getUShort(std, offset);
offset += LittleEndianConsts.SHORT_SIZE;
- }
- else
- {
+ } else {
this._wDef = null;
}
- _xstzTextFormat = new Xstz( std, offset );
+ _xstzTextFormat = new Xstz(std, offset);
offset += this._xstzTextFormat.getSize();
- _xstzHelpText = new Xstz( std, offset );
+ _xstzHelpText = new Xstz(std, offset);
offset += this._xstzHelpText.getSize();
- _xstzStatText = new Xstz( std, offset );
+ _xstzStatText = new Xstz(std, offset);
offset += this._xstzStatText.getSize();
- _xstzEntryMcr = new Xstz( std, offset );
+ _xstzEntryMcr = new Xstz(std, offset);
offset += this._xstzEntryMcr.getSize();
- _xstzExitMcr = new Xstz( std, offset );
+ _xstzExitMcr = new Xstz(std, offset);
offset += this._xstzExitMcr.getSize();
- if ( _base.getIType() == ITYPE_DROP ) {
- _hsttbDropList = new Sttb( std, offset );
+ if (_base.getIType() == ITYPE_DROP) {
+ _hsttbDropList = new Sttb(std, offset);
}
}
/**
* specify the default item selected (zero-based index).
*/
- public int getDefaultDropDownItemIndex()
- {
+ public int getDefaultDropDownItemIndex() {
+ if (_wDef == null) {
+ return 0;
+ }
return _wDef;
}
- public String[] getDropList()
- {
+ public String[] getDropList() {
+ if (_hsttbDropList == null) {
+ return null;
+ }
return _hsttbDropList.getData();
}
- public int getSize()
- {
+ public int getSize() {
int size = FFDataBaseAbstractType.getSize();
size += _xstzName.getSize();
- if ( _base.getIType() == ITYPE_TEXT )
- {
+ if (_base.getIType() == ITYPE_TEXT && _xstzTextDef != null) {
size += _xstzTextDef.getSize();
}
- if ( _base.getIType() == ITYPE_CHCK
- || _base.getIType() == ITYPE_DROP )
- {
+ if (_base.getIType() == ITYPE_CHCK
+ || _base.getIType() == ITYPE_DROP) {
size += LittleEndianConsts.SHORT_SIZE;
}
@@ -171,49 +163,47 @@ public class FFData
size += _xstzEntryMcr.getSize();
size += _xstzExitMcr.getSize();
- if ( _base.getIType() == ITYPE_DROP )
- {
+ if (_base.getIType() == ITYPE_DROP) {
size += _hsttbDropList.getSize();
}
return size;
}
- public String getTextDef()
- {
+ public String getTextDef() {
+ if (_xstzTextDef == null) {
+ return null;
+ }
return _xstzTextDef.getAsJavaString();
}
- public byte[] serialize()
- {
+ public byte[] serialize() {
byte[] buffer = new byte[getSize()];
int offset = 0;
- _base.serialize( buffer, offset );
+ _base.serialize(buffer, offset);
offset += FFDataBaseAbstractType.getSize();
- offset += _xstzName.serialize( buffer, offset );
+ offset += _xstzName.serialize(buffer, offset);
- if ( _base.getIType() == ITYPE_TEXT )
- {
- offset += _xstzTextDef.serialize( buffer, offset );
+ if (_base.getIType() == ITYPE_TEXT && _xstzTextDef != null) {
+ offset += _xstzTextDef.serialize(buffer, offset);
}
- if ( _base.getIType() == ITYPE_CHCK
- || _base.getIType() == ITYPE_DROP )
- {
- LittleEndian.putUShort( buffer, offset, _wDef );
+ if (_base.getIType() == ITYPE_CHCK
+ || _base.getIType() == ITYPE_DROP) {
+ LittleEndian.putUShort(buffer, offset, _wDef);
offset += LittleEndianConsts.SHORT_SIZE;
}
- offset += _xstzTextFormat.serialize( buffer, offset );
- offset += _xstzHelpText.serialize( buffer, offset );
- offset += _xstzStatText.serialize( buffer, offset );
- offset += _xstzEntryMcr.serialize( buffer, offset );
- offset += _xstzExitMcr.serialize( buffer, offset );
+ offset += _xstzTextFormat.serialize(buffer, offset);
+ offset += _xstzHelpText.serialize(buffer, offset);
+ offset += _xstzStatText.serialize(buffer, offset);
+ offset += _xstzEntryMcr.serialize(buffer, offset);
+ offset += _xstzExitMcr.serialize(buffer, offset);
- if ( _base.getIType() == ITYPE_DROP ) {
- _hsttbDropList.serialize( buffer, offset );
+ if (_base.getIType() == ITYPE_DROP) {
+ _hsttbDropList.serialize(buffer, offset);
}
return buffer;
diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4951943183990784.doc b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4951943183990784.doc
new file mode 100644
index 0000000000..1c9856a8bb
--- /dev/null
+++ b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4951943183990784.doc
Binary files differ