diff options
author | Dominik Stadler <centic@apache.org> | 2022-03-20 06:52:51 +0000 |
---|---|---|
committer | Dominik Stadler <centic@apache.org> | 2022-03-20 06:52:51 +0000 |
commit | d648c6d652f1d56f05adeb17f3f5891c0202ac57 (patch) | |
tree | e1e71618b2150bacf87016709cbd5500969d7052 | |
parent | 9df7e2d8479c8dfcc365e1766407517c90427d6b (diff) | |
download | poi-d648c6d652f1d56f05adeb17f3f5891c0202ac57.tar.gz poi-d648c6d652f1d56f05adeb17f3f5891c0202ac57.zip |
Fix issues found when fuzzing Apache POI via Jazzer
Throw RecordFormatException instead of NPE or assertion for
cases that can be triggered by a malformed document
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1899073 13f79535-47bb-0310-9956-ffa450edef68
3 files changed, 13 insertions, 3 deletions
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java index 1c6f6c3945..3b69f66a0f 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java @@ -50,6 +50,7 @@ import org.apache.poi.sl.usermodel.PresetColor; import org.apache.poi.sl.usermodel.Shape; import org.apache.poi.sl.usermodel.ShapeContainer; import org.apache.poi.sl.usermodel.ShapeType; +import org.apache.poi.util.RecordFormatException; import org.apache.poi.util.Removal; import org.apache.poi.util.StringUtil; import org.apache.poi.util.Units; @@ -167,6 +168,9 @@ public abstract class HSLFShape implements Shape<HSLFShape,HSLFTextParagraph> { LOG.atWarn().log("EscherSpRecord.FLAG_CHILD is set but EscherChildAnchorRecord was not found"); } EscherClientAnchorRecord clientRec = getEscherChild(EscherClientAnchorRecord.RECORD_ID); + if (clientRec == null) { + throw new RecordFormatException("Could not read record 'CLIENT_ANCHOR' with record-id: " + EscherClientAnchorRecord.RECORD_ID); + } x1 = clientRec.getCol1(); y1 = clientRec.getFlag(); x2 = clientRec.getDx1(); diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java index b13789f843..41692b77fe 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java @@ -42,6 +42,7 @@ import org.apache.poi.hslf.record.Record; import org.apache.poi.hslf.record.RecordTypes; import org.apache.poi.sl.usermodel.ShapeContainer; import org.apache.poi.sl.usermodel.ShapeType; +import org.apache.poi.util.RecordFormatException; /** * Create a <code>Shape</code> object depending on its type @@ -90,9 +91,12 @@ public final class HSLFShapeFactory { } public static HSLFShape createSimpleShape(EscherContainerRecord spContainer, ShapeContainer<HSLFShape,HSLFTextParagraph> parent){ - HSLFShape shape = null; EscherSpRecord spRecord = spContainer.getChildById(EscherSpRecord.RECORD_ID); + if (spRecord == null) { + throw new RecordFormatException("Could not read EscherSpRecord as child of " + spContainer.getRecordName()); + } + final HSLFShape shape; ShapeType type = ShapeType.forId(spRecord.getShapeType(), false); switch (type){ case TEXT_BOX: @@ -167,5 +171,4 @@ public final class HSLFShapeFactory { } return null; } - } diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java index 273f9e87ed..1dfeda874f 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java @@ -47,6 +47,7 @@ import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndianByteArrayInputStream; import org.apache.poi.util.LittleEndianByteArrayOutputStream; +import org.apache.poi.util.RecordFormatException; /** * This class provides helper functions for encrypted PowerPoint documents. @@ -100,7 +101,9 @@ public class HSLFSlideShowEncrypted implements Closeable { } org.apache.poi.hslf.record.Record r = recordMap.get(userEditAtomWithEncryption.getPersistPointersOffset()); - assert(r instanceof PersistPtrHolder); + if (!(r instanceof PersistPtrHolder)) { + throw new RecordFormatException("Encountered an unexpected record-type: " + r); + } PersistPtrHolder ptr = (PersistPtrHolder)r; Integer encOffset = ptr.getSlideLocationsLookup().get(userEditAtomWithEncryption.getEncryptSessionPersistIdRef()); |