From 50b4da40b8fc9db8a1c13f76af0693e17ad7e549 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Sat, 7 Oct 2023 22:12:30 +0000
Subject: Bug 66425: Avoid Exceptions found via oss-fuzz

We try to avoid throwing NullPointerExceptions or endless allocations,
but it was possible to trigger one here with a specially
crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62706

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912794 13f79535-47bb-0310-9956-ffa450edef68
---
 .../org/apache/poi/xdgf/usermodel/XDGFPages.java    |   9 ++++++++-
 ...e-minimized-POIVisioFuzzer-6358126418591744.vsdx | Bin 0 -> 33741 bytes
 test-data/spreadsheet/stress.xls                    | Bin 56832 -> 57344 bytes
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java b/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
index ab6077449e..4e50cad597 100644
--- a/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
+++ b/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java
@@ -25,6 +25,8 @@ import java.util.List;
 import com.microsoft.schemas.office.visio.x2012.main.PageType;
 import com.microsoft.schemas.office.visio.x2012.main.PagesDocument;
 import com.microsoft.schemas.office.visio.x2012.main.PagesType;
+import com.microsoft.schemas.office.visio.x2012.main.RelType;
+
 import org.apache.poi.ooxml.POIXMLDocumentPart;
 import org.apache.poi.ooxml.POIXMLException;
 import org.apache.poi.openxml4j.opc.PackagePart;
@@ -68,7 +70,12 @@ public class XDGFPages extends XDGFXMLDocumentPart {
             // this iteration is ordered by page number
             for (PageType pageSettings: _pagesObject.getPageArray()) {
 
-                String relId = pageSettings.getRel().getId();
+                RelType rel = pageSettings.getRel();
+                if (rel == null) {
+                    throw new IllegalStateException("Could not read relation for page settings");
+                }
+
+                String relId = rel.getId();
 
                 POIXMLDocumentPart pageContentsPart = getRelationById(relId);
                 if (pageContentsPart == null)
diff --git a/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx b/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx
new file mode 100644
index 0000000000..041c8fb140
Binary files /dev/null and b/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index d06a4e4d5b..50e923e810 100644
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ
-- 
cgit v1.2.3