Avoid some NullPointerException and ClassCastExceptions found when fuzzing Apache POI

This mostly only makes thrown runtime-exceptions a bit more consistent and
improves information in exceptions.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1906360 13f79535-47bb-0310-9956-ffa450edef68

7 files changed, 54 insertions, 10 deletions

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/ExObjList.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/ExObjList.java
index 6ccdae947b..160f6bd428 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/ExObjList.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/ExObjList.java
@@ -117,7 +117,8 @@ public class ExObjList extends RecordContainer {
         for (Record child : _children) {
             if (child instanceof ExHyperlink) {
                 ExHyperlink rec = (ExHyperlink) child;
-                if (rec.getExHyperlinkAtom().getNumber() == id) {
+                if (rec.getExHyperlinkAtom() != null &&
+                        rec.getExHyperlinkAtom().getNumber() == id) {
                     return rec;
                 }
             }
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
index 41692b77fe..9993a9e357 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
@@ -63,7 +63,11 @@ public final class HSLFShapeFactory {
 
     public static HSLFGroupShape createShapeGroup(EscherContainerRecord spContainer, ShapeContainer<HSLFShape,HSLFTextParagraph> parent){
         boolean isTable = false;
-        EscherContainerRecord ecr = (EscherContainerRecord)spContainer.getChild(0);
+        EscherRecord child = spContainer.getChild(0);
+        if (!(child instanceof EscherContainerRecord)) {
+            throw new RecordFormatException("Did not have a EscherContainerRecord: " + child);
+        }
+        EscherContainerRecord ecr = (EscherContainerRecord) child;
         EscherRecord opt = HSLFShape.getEscherChild(ecr, EscherRecordTypes.USER_DEFINED);
 
         if (opt != null) {
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSheet.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSheet.java
index effe54e372..543ed41828 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSheet.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSheet.java
@@ -172,6 +172,9 @@ public abstract class HSLFSheet implements HSLFShapeContainer, Sheet<HSLFShape,H
                 continue;
             }
 
+            if (!(r instanceof EscherContainerRecord)) {
+                throw new IllegalArgumentException("Did not have a EscherContainerRecord: " + r);
+            }
             EscherContainerRecord sp = (EscherContainerRecord)r;
             HSLFShape sh = HSLFShapeFactory.createShape(sp, null);
             sh.setSheet(this);
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
index 983da60f8e..8c7effc7f3 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
@@ -120,11 +120,17 @@ public class HSLFSlideShowEncrypted implements Closeable {
             recordMap.put(encOffset, r);
         }
 
+        if (!(r instanceof DocumentEncryptionAtom)) {
+            throw new EncryptedPowerPointFileException("Did not have a DocumentEncryptionAtom: " + r);
+        }
         this.dea = (DocumentEncryptionAtom)r;
 
         String pass = Biff8EncryptionKey.getCurrentUserPassword();
         EncryptionInfo ei = getEncryptionInfo();
         try {
+            if (ei == null || ei.getDecryptor() == null) {
+                throw new IllegalStateException("Invalid encryption-info: " + ei);
+            }
             if(!ei.getDecryptor().verifyPassword(pass != null ? pass : Decryptor.DEFAULT_PASSWORD)) {
                 throw new EncryptedPowerPointFileException("PowerPoint file is encrypted. The correct password needs to be set via Biff8EncryptionKey.setCurrentUserPassword()");
             }
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
index a33dd2608b..953ef3733a 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
@@ -310,10 +310,11 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
 
     private void initRecordOffsets(byte[] docstream, int usrOffset, NavigableMap<Integer, Record> recordMap, Map<Integer, Integer> offset2id) {
         while (usrOffset != 0) {
-            UserEditAtom usr = (UserEditAtom) Record.buildRecordAtOffset(docstream, usrOffset);
-            if (usr == null) {
-                throw new CorruptPowerPointFileException("Powerpoint document contains no user edit atom");
+            Record builtRecord = Record.buildRecordAtOffset(docstream, usrOffset);
+            if (!(builtRecord instanceof UserEditAtom)) {
+                throw new CorruptPowerPointFileException("Did not have a user edit atom: " + builtRecord);
             }
+            UserEditAtom usr = (UserEditAtom) builtRecord;
 
             recordMap.put(usrOffset, usr);
 
@@ -500,6 +501,9 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
         //  records share an offset.
         Map<Integer, List<EscherBSERecord>> unmatchedRecords = new HashMap<>();
         for (EscherRecord child : blipStore) {
+            if (!(child instanceof EscherBSERecord)) {
+                throw new CorruptPowerPointFileException("Did not have a EscherBSERecord: " + child);
+            }
             EscherBSERecord record = (EscherBSERecord) child;
             unmatchedRecords.computeIfAbsent(record.getOffset(), k -> new ArrayList<>()).add(record);
         }
@@ -984,7 +988,13 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
     private EscherContainerRecord getBlipStore() {
         Document documentRecord = null;
         for (Record record : _records) {
+            if (record == null) {
+                throw new CorruptPowerPointFileException("Did not have a valid record: " + record);
+            }
             if (record.getRecordType() == RecordTypes.Document.typeID) {
+                if (!(record instanceof Document)) {
+                    throw new CorruptPowerPointFileException("Did not have a Document: " + record);
+                }
                 documentRecord = (Document) record;
                 break;
             }
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/StyleSheet.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/StyleSheet.java
index c9b8880f28..348c23677f 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/StyleSheet.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/model/StyleSheet.java
@@ -62,7 +62,7 @@ public final class StyleSheet {
     /**
      * General information about a stylesheet
      */
-    private Stshif _stshif;
+    private final Stshif _stshif;
 
     StyleDescription[] _styleDescriptions;
 
@@ -205,6 +205,10 @@ public final class StyleSheet {
     @Deprecated
     private void createPap(int istd) {
         StyleDescription sd = _styleDescriptions[istd];
+        if (sd == null) {
+            throw new IllegalStateException("Cannot create Pap, empty styleDescription, had : " + _styleDescriptions.length + " descriptions");
+        }
+
         ParagraphProperties pap = sd.getPAP();
         byte[] papx = sd.getPAPX();
         int baseIndex = sd.getBaseStyle();
@@ -212,7 +216,11 @@ public final class StyleSheet {
             ParagraphProperties parentPAP = new ParagraphProperties();
             if (baseIndex != NIL_STYLE) {
 
-                parentPAP = _styleDescriptions[baseIndex].getPAP();
+                StyleDescription styleDescription = _styleDescriptions[baseIndex];
+                if (styleDescription == null) {
+                    throw new IllegalStateException("Cannot create Pap, empty styleDescription, had : " + _styleDescriptions.length + " descriptions");
+                }
+                parentPAP = styleDescription.getPAP();
                 if (parentPAP == null) {
                     if (baseIndex == istd) {
                         // Oh dear, style claims that it is its own parent
@@ -220,7 +228,7 @@ public final class StyleSheet {
                     }
                     // Create the parent style
                     createPap(baseIndex);
-                    parentPAP = _styleDescriptions[baseIndex].getPAP();
+                    parentPAP = styleDescription.getPAP();
                 }
 
             }
@@ -247,6 +255,10 @@ public final class StyleSheet {
     @Deprecated
     private void createChp(int istd) {
         StyleDescription sd = _styleDescriptions[istd];
+        if (sd == null) {
+            throw new IllegalStateException("Cannot create Chp, empty styleDescription, had : " + _styleDescriptions.length + " descriptions");
+        }
+
         CharacterProperties chp = sd.getCHP();
         byte[] chpx = sd.getCHPX();
         int baseIndex = sd.getBaseStyle();
@@ -263,10 +275,15 @@ public final class StyleSheet {
         if (chp == null && chpx != null) {
             CharacterProperties parentCHP = new CharacterProperties();
             if (baseIndex != NIL_STYLE) {
-                parentCHP = _styleDescriptions[baseIndex].getCHP();
+                StyleDescription styleDescription = _styleDescriptions[baseIndex];
+                if (styleDescription == null) {
+                    throw new IllegalStateException("Cannot create Chp, empty styleDescription, had : " + _styleDescriptions.length + " descriptions");
+                }
+
+                parentCHP = styleDescription.getCHP();
                 if (parentCHP == null) {
                     createChp(baseIndex);
-                    parentCHP = _styleDescriptions[baseIndex].getCHP();
+                    parentCHP = styleDescription.getCHP();
                 }
                 if (parentCHP == null) {
                     parentCHP = new CharacterProperties();
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/sprm/TableSprmUncompressor.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/sprm/TableSprmUncompressor.java
index 54cab16890..267f6b6875 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/sprm/TableSprmUncompressor.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/sprm/TableSprmUncompressor.java
@@ -285,6 +285,9 @@ public final class TableSprmUncompressor extends SprmUncompressor {
 
         for (int c = itcFirst; c < itcLim; c++) {
           TableCellDescriptor tableCellDescriptor = newTAP.getRgtc()[c];
+          if (tableCellDescriptor == null) {
+            throw new IllegalStateException("Cannot unCompress TAP, empty table cell descriptor, had : " + newTAP.getRgtc().length + " Rgtc");
+          }
 
           if ((grfbrc & 0x01) != 0) {
             tableCellDescriptor.setFtsCellPaddingTop(ftsWidth);