Bug 66425: Avoid exceptions found via poi-fuzz

Prevent NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64943

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915004 13f79535-47bb-0310-9956-ffa450edef68

5 files changed, 8 insertions, 2 deletions

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java
index d6f410d286..186feb2118 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java
@@ -745,6 +745,10 @@ public abstract class AbstractWordConverter {
             }
             case FIELD_DROP_DOWN: {
                 Range fieldContent = field.firstSubrange(parentRange);
+                if (fieldContent == null) {
+                    throw new IllegalStateException("Cannot read field content from field " + field + " and range " + parentRange);
+                }
+
                 CharacterRun cr = fieldContent.getCharacterRun(fieldContent
                     .numCharacterRuns() - 1);
                 String[] values = cr.getDropDownListValues();
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
index efa007af47..0eb956e88c 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
@@ -61,7 +61,8 @@ public class TestWordToConverterSuite {
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc",
-        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc"
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc",
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc"
     );
 
     public static Stream<Arguments> files() {
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
index ab9f6d6cd4..cb72d510f5 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
@@ -54,7 +54,8 @@ public class TestWordToTextConverter {
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc",
-        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc"
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc",
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc"
     );
 
     /**
diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc
new file mode 100644
index 0000000000..85f57dba2c
--- /dev/null
+++ b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 26af0e5ba3..f04e974e02 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls