Bug 66425: Avoid exceptions found via poi-fuzz

Change an assertion which can be triggered via an
input-document.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63309

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914403 13f79535-47bb-0310-9956-ffa450edef68

5 files changed, 7 insertions, 3 deletions

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java
index 59163a578c..ecf46adc83 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/PICFAndOfficeArtData.java
@@ -88,7 +88,9 @@ public class PICFAndOfficeArtData {
 
             // [MS-ODRAW] allows for multiple records in a OfficeArtInlineSpContainer, which is what we're parsing here.
             //   However, in the context of a HWPF document, there should be only 1.
-            assert _blipRecords.size() == 1;
+            if (_blipRecords.size() != 1) {
+                throw new IllegalStateException("Should only have one BLIP-Record, but had: " + _blipRecords.size());
+            }
         }
     }
 
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
index a2aac7b19f..efa007af47 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
@@ -60,7 +60,8 @@ public class TestWordToConverterSuite {
         "TestHPSFWritingFunctionality.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc",
-        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc"
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc",
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc"
     );
 
     public static Stream<Arguments> files() {
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
index 2b2cfed94e..ab9f6d6cd4 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
@@ -53,7 +53,8 @@ public class TestWordToTextConverter {
         "TestHPSFWritingFunctionality.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc",
-        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc"
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc",
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc"
     );
 
     /**
diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc
new file mode 100644
index 0000000000..922ebf7fd1
--- /dev/null
+++ b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 1afd350acd..31a8b184cd 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls