aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java3
-rw-r--r--poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java22
-rw-r--r--poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java15
-rw-r--r--test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.pptbin0 -> 116224 bytes
-rw-r--r--test-data/spreadsheet/stress.xlsbin61440 -> 61952 bytes
5 files changed, 33 insertions, 7 deletions
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
index 70fb287026..170f42bfcb 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
@@ -94,6 +94,7 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
private static final int DEFAULT_MAX_RECORD_LENGTH = 200_000_000;
private static final int MAX_DOCUMENT_SIZE = 100_000_000;
private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH;
+ private static final int MAX_IMAGE_LENGTH = 10_000_000;
// Holds metadata on where things are in our document
private CurrentUserAtom currentUser;
@@ -407,7 +408,7 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
EscherContainerRecord blipStore = getBlipStore();
byte[] pictstream;
try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) {
- pictstream = IOUtils.toByteArray(is, entry.getSize());
+ pictstream = IOUtils.toByteArray(is, entry.getSize(), MAX_IMAGE_LENGTH);
}
List<PictureFactory> factories = new ArrayList<>();
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
index c0572750b6..7b85af8ad9 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@@ -16,17 +16,23 @@
==================================================================== */
package org.apache.poi.hslf.dev;
-import static org.junit.jupiter.api.Assertions.assertThrows;
+import org.apache.poi.EmptyFileException;
+import org.apache.poi.hslf.HSLFTestDataSamples;
+import org.junit.jupiter.api.Test;
import java.io.File;
import java.util.Collections;
+import java.util.HashSet;
import java.util.Set;
-import org.apache.poi.EmptyFileException;
-import org.apache.poi.hslf.HSLFTestDataSamples;
-import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertThrows;
public class TestPPTXMLDump extends BaseTestPPTIterating {
+ static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
+ static {
+ LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+ }
+
@Test
void testMain() throws Exception {
PPTXMLDump.main(new String[0]);
@@ -41,7 +47,13 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
@Override
void runOneFile(File pFile) throws Exception {
- PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
+ try {
+ PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
+ } catch (IndexOutOfBoundsException e) {
+ if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
+ throw e;
+ }
+ }
}
@Override
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
index b75bec5178..f3afc851fb 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java
@@ -20,12 +20,19 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.File;
import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
import org.apache.poi.EmptyFileException;
import org.apache.poi.hslf.HSLFTestDataSamples;
import org.junit.jupiter.api.Test;
public class TestSlideIdListing extends BaseTestPPTIterating {
+ static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
+ static {
+ LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+ }
+
@Test
void testMain() throws IOException {
// calls System.exit(): SlideIdListing.main(new String[0]);
@@ -37,6 +44,12 @@ public class TestSlideIdListing extends BaseTestPPTIterating {
@Override
void runOneFile(File pFile) throws Exception {
- SlideIdListing.main(new String[]{pFile.getAbsolutePath()});
+ try {
+ SlideIdListing.main(new String[]{pFile.getAbsolutePath()});
+ } catch (IllegalArgumentException e) {
+ if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
+ throw e;
+ }
+ }
}
} \ No newline at end of file
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt
new file mode 100644
index 0000000000..26c74a2cce
--- /dev/null
+++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt
Binary files differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index a873b632cb..70847a482c 100644
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls
Binary files differ