diff options
-rw-r--r-- | poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java | 3 | ||||
-rw-r--r-- | poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java | 22 | ||||
-rw-r--r-- | poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java | 15 | ||||
-rw-r--r-- | test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt | bin | 0 -> 116224 bytes | |||
-rw-r--r-- | test-data/spreadsheet/stress.xls | bin | 61440 -> 61952 bytes |
5 files changed, 33 insertions, 7 deletions
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java index 70fb287026..170f42bfcb 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java @@ -94,6 +94,7 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable { private static final int DEFAULT_MAX_RECORD_LENGTH = 200_000_000; private static final int MAX_DOCUMENT_SIZE = 100_000_000; private static int MAX_RECORD_LENGTH = DEFAULT_MAX_RECORD_LENGTH; + private static final int MAX_IMAGE_LENGTH = 10_000_000; // Holds metadata on where things are in our document private CurrentUserAtom currentUser; @@ -407,7 +408,7 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable { EscherContainerRecord blipStore = getBlipStore(); byte[] pictstream; try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) { - pictstream = IOUtils.toByteArray(is, entry.getSize()); + pictstream = IOUtils.toByteArray(is, entry.getSize(), MAX_IMAGE_LENGTH); } List<PictureFactory> factories = new ArrayList<>(); diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java index c0572750b6..7b85af8ad9 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java @@ -16,17 +16,23 @@ ==================================================================== */ package org.apache.poi.hslf.dev; -import static org.junit.jupiter.api.Assertions.assertThrows; +import org.apache.poi.EmptyFileException; +import org.apache.poi.hslf.HSLFTestDataSamples; +import org.junit.jupiter.api.Test; import java.io.File; import java.util.Collections; +import java.util.HashSet; import java.util.Set; -import org.apache.poi.EmptyFileException; -import org.apache.poi.hslf.HSLFTestDataSamples; -import org.junit.jupiter.api.Test; +import static org.junit.jupiter.api.Assertions.assertThrows; public class TestPPTXMLDump extends BaseTestPPTIterating { + static final Set<String> LOCAL_EXCLUDED = new HashSet<>(); + static { + LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt"); + } + @Test void testMain() throws Exception { PPTXMLDump.main(new String[0]); @@ -41,7 +47,13 @@ public class TestPPTXMLDump extends BaseTestPPTIterating { @Override void runOneFile(File pFile) throws Exception { - PPTXMLDump.main(new String[]{pFile.getAbsolutePath()}); + try { + PPTXMLDump.main(new String[]{pFile.getAbsolutePath()}); + } catch (IndexOutOfBoundsException e) { + if (!LOCAL_EXCLUDED.contains(pFile.getName())) { + throw e; + } + } } @Override diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java index b75bec5178..f3afc851fb 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestSlideIdListing.java @@ -20,12 +20,19 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.File; import java.io.IOException; +import java.util.HashSet; +import java.util.Set; import org.apache.poi.EmptyFileException; import org.apache.poi.hslf.HSLFTestDataSamples; import org.junit.jupiter.api.Test; public class TestSlideIdListing extends BaseTestPPTIterating { + static final Set<String> LOCAL_EXCLUDED = new HashSet<>(); + static { + LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt"); + } + @Test void testMain() throws IOException { // calls System.exit(): SlideIdListing.main(new String[0]); @@ -37,6 +44,12 @@ public class TestSlideIdListing extends BaseTestPPTIterating { @Override void runOneFile(File pFile) throws Exception { - SlideIdListing.main(new String[]{pFile.getAbsolutePath()}); + try { + SlideIdListing.main(new String[]{pFile.getAbsolutePath()}); + } catch (IllegalArgumentException e) { + if (!LOCAL_EXCLUDED.contains(pFile.getName())) { + throw e; + } + } } }
\ No newline at end of file diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt Binary files differnew file mode 100644 index 0000000000..26c74a2cce --- /dev/null +++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls Binary files differindex a873b632cb..70847a482c 100644 --- a/test-data/spreadsheet/stress.xls +++ b/test-data/spreadsheet/stress.xls |