Bug 66425: Avoid Exceptions found via oss-fuzz

We try to avoid throwing NullPointerExceptions or endless allocations, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62706 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912794 13f79535-47bb-0310-9956-ffa450edef68
author: Dominik Stadler <centic@apache.org> 2023-10-07 22:12:30 +0000
committer: Dominik Stadler <centic@apache.org> 2023-10-07 22:12:30 +0000
commit: 50b4da40b8fc9db8a1c13f76af0693e17ad7e549 (patch)
tree: 62a147f24ce6cc5b3334b012f3a879948d4bdd25
parent: 6fae5bbc185301057913a800f14202be8d630cf2 (diff)
download: poi-50b4da40b8fc9db8a1c13f76af0693e17ad7e549.tar.gz
poi-50b4da40b8fc9db8a1c13f76af0693e17ad7e549.zip
3 files changed, 8 insertions, 1 deletions
diff --git a/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java b/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
index ab6077449e..4e50cad597 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
@@ -25,6 +25,8 @@ import java.util.List;
 import com.microsoft.schemas.office.visio.x2012.main.PageType;
 import com.microsoft.schemas.office.visio.x2012.main.PagesDocument;
 import com.microsoft.schemas.office.visio.x2012.main.PagesType;
+import com.microsoft.schemas.office.visio.x2012.main.RelType;
+
 import org.apache.poi.ooxml.POIXMLDocumentPart;
 import org.apache.poi.ooxml.POIXMLException;
 import org.apache.poi.openxml4j.opc.PackagePart;
@@ -68,7 +70,12 @@ public class XDGFPages extends XDGFXMLDocumentPart {
             // this iteration is ordered by page number
             for (PageType pageSettings: _pagesObject.getPageArray()) {
 
-                String relId = pageSettings.getRel().getId();
+                RelType rel = pageSettings.getRel();
+                if (rel == null) {
+                    throw new IllegalStateException("Could not read relation for page settings");
+                }
+
+                String relId = rel.getId();
 
                 POIXMLDocumentPart pageContentsPart = getRelationById(relId);
                 if (pageContentsPart == null)
diff --git a/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx b/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx
new file mode 100644
index 0000000000..041c8fb140
--- /dev/null
+++ b/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index d06a4e4d5b..50e923e810 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls
author	Dominik Stadler <centic@apache.org>	2023-10-07 22:12:30 +0000
committer	Dominik Stadler <centic@apache.org>	2023-10-07 22:12:30 +0000
commit	50b4da40b8fc9db8a1c13f76af0693e17ad7e549 (patch)
tree	62a147f24ce6cc5b3334b012f3a879948d4bdd25
parent	6fae5bbc185301057913a800f14202be8d630cf2 (diff)
download	poi-50b4da40b8fc9db8a1c13f76af0693e17ad7e549.tar.gz poi-50b4da40b8fc9db8a1c13f76af0693e17ad7e549.zip