Bug 66425: Avoid exceptions found via poi-fuzz

Capture and report integer overflow as normal
parsing/format exceptions

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63628

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914401 13f79535-47bb-0310-9956-ffa450edef68

5 files changed, 9 insertions, 4 deletions

diff --git a/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java b/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
index fdbcc89901..d9fffabe48 100644
--- a/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
+++ b/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
@@ -212,7 +212,7 @@ public class XLSX2CSV {
                   styles, null, strings, sheetHandler, formatter, false);
             sheetParser.setContentHandler(handler);
             sheetParser.parse(sheetSource);
-         } catch(ParserConfigurationException e) {
+         } catch (ParserConfigurationException e) {
             throw new RuntimeException("SAX parser appears to be broken - " + e.getMessage());
          }
     }
@@ -234,7 +234,12 @@ public class XLSX2CSV {
                 String sheetName = iter.getSheetName();
                 this.output.println();
                 this.output.println(sheetName + " [index=" + index + "]:");
-                processSheet(styles, strings, new SheetToCSV(), stream);
+
+                try {
+                    processSheet(styles, strings, new SheetToCSV(), stream);
+                } catch (NumberFormatException e) {
+                    throw new IOException("Failed to parse sheet " + sheetName, e);
+                }
             }
             ++index;
         }
diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
index fd008f3a3d..c79024e3b4 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
@@ -289,7 +289,7 @@ public class XSSFEventBasedExcelExtractor
             }
 
             return text.toString();
-        } catch (IOException | OpenXML4JException | SAXException e) {
+        } catch (IOException | OpenXML4JException | SAXException | NumberFormatException e) {
             LOGGER.atWarn().withThrowable(e).log("Failed to load text");
             return "";
         }
diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
index 9fe2ea71f0..f931b2d58d 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
@@ -146,7 +146,7 @@ public class XSSFSheet extends POIXMLDocumentPart implements Sheet, OoxmlSheetEx
     protected void onDocumentRead() {
         try (InputStream stream = getPackagePart().getInputStream()) {
             read(stream);
-        } catch (IOException e){
+        } catch (IOException | ArithmeticException e){
             throw new POIXMLException(e);
         }
     }
diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
new file mode 100644
index 0000000000..16515d7052
--- /dev/null
+++ b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 9ad1991a26..9a4e488e7b 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls