aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Stadler <centic@apache.org>2023-09-11 18:25:18 +0000
committerDominik Stadler <centic@apache.org>2023-09-11 18:25:18 +0000
commitcc9d1c7c705be85916d00533841e761696027bd4 (patch)
treee6abccff1019f4c1c2a9df20536da9b2b2ad2f9a
parent481c00bc6f8dbc659816b200058698e00d027808 (diff)
downloadpoi-cc9d1c7c705be85916d00533841e761696027bd4.tar.gz
poi-cc9d1c7c705be85916d00533841e761696027bd4.zip
Bug 66425: Avoid a NullPointerException found via oss-fuzz
We try to avoid throwing NullPointerException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62225 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912253 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--poi-ooxml/src/main/java/org/apache/poi/xwpf/model/XWPFCommentsDecorator.java6
-rw-r--r--test-data/document/clusterfuzz-testcase-minimized-POIXWPFFuzzer-5564805011079168.docxbin0 -> 34995 bytes
2 files changed, 5 insertions, 1 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/xwpf/model/XWPFCommentsDecorator.java b/poi-ooxml/src/main/java/org/apache/poi/xwpf/model/XWPFCommentsDecorator.java
index 3c70801345..062639d45e 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xwpf/model/XWPFCommentsDecorator.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xwpf/model/XWPFCommentsDecorator.java
@@ -16,6 +16,8 @@
==================================================================== */
package org.apache.poi.xwpf.model;
+import java.math.BigInteger;
+
import org.apache.poi.xwpf.usermodel.XWPFComment;
import org.apache.poi.xwpf.usermodel.XWPFParagraph;
import org.openxmlformats.schemas.wordprocessingml.x2006.main.CTMarkupRange;
@@ -38,7 +40,9 @@ public class XWPFCommentsDecorator extends XWPFParagraphDecorator {
commentText = new StringBuilder(64);
for (CTMarkupRange anchor : paragraph.getCTP().getCommentRangeStartArray()) {
- if ((comment = paragraph.getDocument().getCommentByID(anchor.getId().toString())) != null) {
+ BigInteger id = anchor.getId();
+ if (id != null &&
+ (comment = paragraph.getDocument().getCommentByID(id.toString())) != null) {
commentText.append("\tComment by ")
.append(comment.getAuthor())
.append(": ")
diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIXWPFFuzzer-5564805011079168.docx b/test-data/document/clusterfuzz-testcase-minimized-POIXWPFFuzzer-5564805011079168.docx
new file mode 100644
index 0000000000..5fad14ce58
--- /dev/null
+++ b/test-data/document/clusterfuzz-testcase-minimized-POIXWPFFuzzer-5564805011079168.docx
Binary files differ