aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Stadler <centic@apache.org>2023-08-07 16:18:46 +0000
committerDominik Stadler <centic@apache.org>2023-08-07 16:18:46 +0000
commit8e40aabb187903a8d8cf60d6bbff23d3023751a6 (patch)
treeb4fdb670de0c2b6d33ce2e44c4308c168393d49f
parent738d533a83669b1335cbd9a069c3491bc05aae1f (diff)
downloadpoi-8e40aabb187903a8d8cf60d6bbff23d3023751a6.tar.gz
poi-8e40aabb187903a8d8cf60d6bbff23d3023751a6.zip
Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61259 Also fix handling of NullPointerException git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911517 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java23
-rw-r--r--poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java7
-rw-r--r--test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.pptbin0 -> 15360 bytes
-rw-r--r--test-data/spreadsheet/stress.xlsbin60416 -> 60928 bytes
4 files changed, 22 insertions, 8 deletions
diff --git a/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java b/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java
index ed96cde4e8..5171158965 100644
--- a/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java
+++ b/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java
@@ -253,13 +253,22 @@ public class TestAllFiles {
Exception e = assertThrows((Class<? extends Exception>)exClass, exec, errPrefix + " expected " + exClass);
String actMsg = pathReplace(e.getMessage());
- // verify that message is either null for both or set for both
- assertTrue(actMsg != null || StringUtils.isBlank(exMessage),
- errPrefix + " for " + exClass + " expected message '" + exMessage + "' but had '" + actMsg + "'");
-
- if (actMsg != null) {
- assertTrue(actMsg.contains(exMessage),
- errPrefix + "Message: " + actMsg + " - didn't contain: " + exMessage);
+ // perform special handling of NullPointerException as
+ // JDK started to add more information in some newer JDK, so
+ // it sometimes has a message and sometimes not!
+ if (NullPointerException.class.isAssignableFrom(exClass)) {
+ if (actMsg != null) {
+ assertTrue(actMsg.contains(exMessage), errPrefix + "Message: "+actMsg+" - didn't contain: "+exMessage);
+ }
+ } else {
+ // verify that message is either null for both or set for both
+ assertTrue(actMsg != null || StringUtils.isBlank(exMessage),
+ errPrefix + " for " + exClass + " expected message '" + exMessage + "' but had '" + actMsg + "'");
+
+ if (actMsg != null) {
+ assertTrue(actMsg.contains(exMessage),
+ errPrefix + "Message: " + actMsg + " - didn't contain: " + exMessage);
+ }
}
} else {
assertDoesNotThrow(exec, errPrefix);
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
index 54edf47faa..70fb287026 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
@@ -72,6 +72,7 @@ import org.apache.poi.poifs.crypt.EncryptionInfo;
import org.apache.poi.poifs.filesystem.DirectoryNode;
import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.DocumentInputStream;
+import org.apache.poi.poifs.filesystem.Entry;
import org.apache.poi.poifs.filesystem.EntryUtils;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.apache.poi.sl.usermodel.PictureData;
@@ -229,7 +230,11 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
}
// Get the main document stream
- DocumentEntry docProps = (DocumentEntry)dir.getEntry(POWERPOINT_DOCUMENT);
+ final Entry entry = dir.getEntry(POWERPOINT_DOCUMENT);
+ if (!(entry instanceof DocumentEntry)) {
+ throw new IllegalArgumentException("Had unexpected type of entry for name: " + POWERPOINT_DOCUMENT + ": " + entry.getClass());
+ }
+ DocumentEntry docProps = (DocumentEntry) entry;
// Grab the document stream
int len = docProps.getSize();
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt
new file mode 100644
index 0000000000..a47bcf56be
--- /dev/null
+++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt
Binary files differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 3018e322b3..3215a910a3 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls
Binary files differ
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 16:45:49 +0000