aboutsummaryrefslogtreecommitdiffstats
path: root/poi
diff options
context:
space:
mode:
authorDominik Stadler <centic@apache.org>2023-10-07 22:12:43 +0000
committerDominik Stadler <centic@apache.org>2023-10-07 22:12:43 +0000
commit5cd4fa548843e89525e48d6180ab6f3c5eb9833e (patch)
tree94b27e1b7789dfdba4da0257fad530b13561a18e /poi
parenteb11f3324f6fc7f156839db24a85c21016f6003c (diff)
downloadpoi-5cd4fa548843e89525e48d6180ab6f3c5eb9833e.tar.gz
poi-5cd4fa548843e89525e48d6180ab6f3c5eb9833e.zip
Bug 66425: Avoid Exceptions found via oss-fuzz
We try to avoid throwing ClassCastExceptions, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62795 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912796 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'poi')
-rw-r--r--poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java6
-rw-r--r--poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java6
-rw-r--r--poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java2
-rw-r--r--poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java1
-rw-r--r--poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java10
5 files changed, 21 insertions, 4 deletions
diff --git a/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java b/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java
index acd3541cf7..a60fec9fd6 100644
--- a/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java
+++ b/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java
@@ -466,7 +466,11 @@ public final class InternalWorkbook {
"There are only " + numfonts + " font records, but you asked for index " + idx);
}
- return ( FontRecord ) records.get((records.getFontpos() - (numfonts - 1)) + index);
+ Record record = records.get((records.getFontpos() - (numfonts - 1)) + index);
+ if (!(record instanceof FontRecord)) {
+ throw new IllegalStateException("Did not have the expected record-type FontRecord: " + record.getClass());
+ }
+ return ( FontRecord ) record;
}
/**
diff --git a/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java b/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java
index fff9250a68..080938367b 100644
--- a/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java
+++ b/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java
@@ -51,7 +51,11 @@ public class HSSFShapeFactory {
public static void createShapeTree(EscherContainerRecord container, EscherAggregate agg, HSSFShapeContainer out, DirectoryNode root) {
if (container.getRecordId() == EscherContainerRecord.SPGR_CONTAINER) {
ObjRecord obj = null;
- EscherClientDataRecord clientData = ((EscherContainerRecord) container.getChild(0)).getChildById(EscherClientDataRecord.RECORD_ID);
+ EscherRecord child = container.getChild(0);
+ if (!(child instanceof EscherContainerRecord)) {
+ throw new IllegalArgumentException("Had unexpected type of child: " + child.getClass());
+ }
+ EscherClientDataRecord clientData = ((EscherContainerRecord) child).getChildById(EscherClientDataRecord.RECORD_ID);
if (null != clientData) {
obj = (ObjRecord) agg.getShapeToObjMapping().get(clientData);
}
diff --git a/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java b/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
index e5c0b259a0..2f7215b0bb 100644
--- a/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
+++ b/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
@@ -87,7 +87,7 @@ public class LittleEndianByteArrayInputStream extends ByteArrayInputStream imple
public void setReadIndex(int pos) {
if (pos < 0 || pos >= count) {
- throw new IndexOutOfBoundsException();
+ throw new IndexOutOfBoundsException("Invalid position: " + pos + " with count " + count);
}
this.pos = pos;
}
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
index ea39f5147d..a87f34aad8 100644
--- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
@@ -55,6 +55,7 @@ class TestBiffDrawingToXml extends BaseTestIteratingXLS {
excludes.put("44958_1.xls", RecordInputStream.LeftoverDataException.class);
excludes.put("protected_66115.xls", EncryptedDocumentException.class);
excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5285517825277952.xls", IllegalArgumentException.class);
+ excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls", IllegalArgumentException.class);
return excludes;
}
diff --git a/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java b/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java
index 9a3bd3d649..e21e359767 100644
--- a/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java
+++ b/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java
@@ -21,6 +21,7 @@ import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertSame;
+import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.ByteArrayInputStream;
@@ -163,6 +164,12 @@ class TestDrawingAggregate {
DrawingAggregateInfo info = DrawingAggregateInfo.get(sheet);
if(info != null) {
aggs.put(i, info);
+ if (file.getName().equals("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls")) {
+ assertThrows(IllegalArgumentException.class,
+ sheet::getDrawingPatriarch);
+ return;
+ }
+
HSSFPatriarch p = sheet.getDrawingPatriarch();
// compare aggregate.serialize() with raw bytes from the record stream
@@ -172,7 +179,8 @@ class TestDrawingAggregate {
byte[] dgBytes2 = agg.serialize();
assertEquals(dgBytes1.length, dgBytes2.length, "different size of raw data ande aggregate.serialize()");
- assertArrayEquals(dgBytes1, dgBytes2, "raw drawing data (" + dgBytes1.length + " bytes) and aggregate.serialize() are different.");
+ assertArrayEquals(dgBytes1, dgBytes2,
+ "raw drawing data (" + dgBytes1.length + " bytes) and aggregate.serialize() are different.");
}
}