Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61330 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911586 13f79535-47bb-0310-9956-ffa450edef68
author: Dominik Stadler <centic@apache.org> 2023-08-10 06:14:44 +0000
committer: Dominik Stadler <centic@apache.org> 2023-08-10 06:14:44 +0000
commit: 80264d564868ccb11b7264be7befa546f6d55780 (patch)
tree: a20af0fd5320008ac49c29214475b8691c32d216
parent: 316738c9d042980ba450d2b4234682bfc723cd53 (diff)
download: poi-80264d564868ccb11b7264be7befa546f6d55780.tar.gz
poi-80264d564868ccb11b7264be7befa546f6d55780.zip
3 files changed, 29 insertions, 23 deletions
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java b/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java
index 83e5159813..a171fede40 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java
@@ -181,32 +181,38 @@ public class AttachmentChunks implements ChunkGroup {
         // - ATTACH_LONG_PATHNAME
         // - ATTACH_SIZE
         final int chunkId = chunk.getChunkId();
-        if (chunkId == ATTACH_DATA.id) {
-            if (chunk instanceof ByteChunk) {
-                attachData = (ByteChunk) chunk;
-            } else if (chunk instanceof DirectoryChunk) {
-                attachmentDirectory = (DirectoryChunk) chunk;
+
+        try {
+            if (chunkId == ATTACH_DATA.id) {
+                if (chunk instanceof ByteChunk) {
+                    attachData = (ByteChunk) chunk;
+                } else if (chunk instanceof DirectoryChunk) {
+                    attachmentDirectory = (DirectoryChunk) chunk;
+                } else {
+                    LOG.atError().log("Unexpected data chunk of type {}", chunk.getEntryName());
+                }
+            } else if (chunkId == ATTACH_EXTENSION.id) {
+                attachExtension = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_FILENAME.id) {
+                attachFileName = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_LONG_FILENAME.id) {
+                attachLongFileName = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_MIME_TAG.id) {
+                attachMimeTag = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_RENDERING.id) {
+                attachRenderingWMF = (ByteChunk) chunk;
+            } else if (chunkId == ATTACH_CONTENT_ID.id) {
+                attachContentId = (StringChunk) chunk;
             } else {
-                LOG.atError().log("Unexpected data chunk of type {}", chunk.getEntryName());
+                LOG.atWarn().log("Currently unsupported attachment chunk property will be ignored. {}", chunk.getEntryName());
             }
-        } else if (chunkId == ATTACH_EXTENSION.id) {
-            attachExtension = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_FILENAME.id) {
-            attachFileName = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_LONG_FILENAME.id) {
-            attachLongFileName = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_MIME_TAG.id) {
-            attachMimeTag = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_RENDERING.id) {
-            attachRenderingWMF = (ByteChunk) chunk;
-        } else if (chunkId == ATTACH_CONTENT_ID.id) {
-            attachContentId = (StringChunk) chunk;
-        } else {
-            LOG.atWarn().log("Currently unsupported attachment chunk property will be ignored. {}", chunk.getEntryName());
-        }
 
-        // And add to the main list
-        allChunks.add(chunk);
+            // And add to the main list
+            allChunks.add(chunk);
+        } catch (ClassCastException e) {
+            throw new IllegalArgumentException("ChunkId and type of chunk did not match, had id " +
+                    chunkId + " and type of chunk: " + chunk.getClass(), e);
+        }
     }
 
     /**
diff --git a/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg b/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg
new file mode 100644
index 0000000000..8c03724852
--- /dev/null
+++ b/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index b8bae8e3d9..6b2bb8488f 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls
author	Dominik Stadler <centic@apache.org>	2023-08-10 06:14:44 +0000
committer	Dominik Stadler <centic@apache.org>	2023-08-10 06:14:44 +0000
commit	80264d564868ccb11b7264be7befa546f6d55780 (patch)
tree	a20af0fd5320008ac49c29214475b8691c32d216
parent	316738c9d042980ba450d2b4234682bfc723cd53 (diff)
download	poi-80264d564868ccb11b7264be7befa546f6d55780.tar.gz poi-80264d564868ccb11b7264be7befa546f6d55780.zip