diff options
| author | Dominik Stadler <centic@apache.org> | 2023-08-07 20:01:19 +0000 |
|---|---|---|
| committer | Dominik Stadler <centic@apache.org> | 2023-08-07 20:01:19 +0000 |
| commit | 163ff25594bb2751ea2ea5e3df4f82fdf9219304 (patch) | |
| tree | e060a2367bc285df2d7138ed1db10ed8e942b558 /poi-examples | |
| parent | f3997b49efaef3987f87e212ec41635b4339bbf9 (diff) | |
| download | poi-163ff25594bb2751ea2ea5e3df4f82fdf9219304.tar.gz poi-163ff25594bb2751ea2ea5e3df4f82fdf9219304.zip | |
Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file
Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61266
git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911523 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi-examples')
| -rw-r--r-- | poi-examples/src/test/java/org/apache/poi/integration/TestXLSX2CSV.java | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/poi-examples/src/test/java/org/apache/poi/integration/TestXLSX2CSV.java b/poi-examples/src/test/java/org/apache/poi/integration/TestXLSX2CSV.java index b172b38295..0867f12b81 100644 --- a/poi-examples/src/test/java/org/apache/poi/integration/TestXLSX2CSV.java +++ b/poi-examples/src/test/java/org/apache/poi/integration/TestXLSX2CSV.java @@ -18,6 +18,7 @@ package org.apache.poi.integration; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.PrintStream; @@ -26,6 +27,7 @@ import java.nio.charset.StandardCharsets; import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream; import org.apache.poi.examples.xssf.eventusermodel.XLSX2CSV; +import org.apache.poi.ooxml.POIXMLException; import org.apache.poi.openxml4j.opc.OPCPackage; import org.apache.poi.openxml4j.opc.PackageAccess; import org.apache.poi.xssf.XSSFTestDataSamples; @@ -95,6 +97,25 @@ public class TestXLSX2CSV { } @Test + public void testInvalidSampleFile() throws Exception { + final UnsynchronizedByteArrayOutputStream outputBytes = UnsynchronizedByteArrayOutputStream.builder().get(); + PrintStream out = new PrintStream(outputBytes, true, StandardCharsets.UTF_8.name()); + + // The package open is instantaneous, as it should be. + try (OPCPackage p = OPCPackage.open(XSSFTestDataSamples.getSampleFile("clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-5025401116950528.xlsx").getAbsolutePath(), PackageAccess.READ)) { + XLSX2CSV xlsx2csv = new XLSX2CSV(p, out, -1); + assertThrows(POIXMLException.class, + xlsx2csv::process); + } + + String errorOutput = errorBytes.toString(StandardCharsets.UTF_8); + assertEquals("", errorOutput); + + String output = outputBytes.toString(StandardCharsets.UTF_8); + assertEquals("", output, "Had: " + output); + } + + @Test public void testMinColumns() throws Exception { final UnsynchronizedByteArrayOutputStream outputBytes = UnsynchronizedByteArrayOutputStream.builder().get(); PrintStream out = new PrintStream(outputBytes, true, StandardCharsets.UTF_8.name()); |