From 94ace1c4b0469d1e5909e26d47b8a76491c0b106 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Sat, 30 Dec 2023 19:39:31 +0000
Subject: Bug 66425: Avoid exceptions found via poi-fuzz

Prevent NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64943

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915004 13f79535-47bb-0310-9956-ffa450edef68
---
 .../poi/hwpf/converter/AbstractWordConverter.java   |   4 ++++
 .../hwpf/converter/TestWordToConverterSuite.java    |   3 ++-
 .../poi/hwpf/converter/TestWordToTextConverter.java |   3 ++-
 ...ase-minimized-POIHWPFFuzzer-6610789829836800.doc | Bin 0 -> 39249 bytes
 test-data/spreadsheet/stress.xls                    | Bin 63488 -> 63488 bytes
 5 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java
index d6f410d286..186feb2118 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hwpf/converter/AbstractWordConverter.java
@@ -745,6 +745,10 @@ public abstract class AbstractWordConverter {
             }
             case FIELD_DROP_DOWN: {
                 Range fieldContent = field.firstSubrange(parentRange);
+                if (fieldContent == null) {
+                    throw new IllegalStateException("Cannot read field content from field " + field + " and range " + parentRange);
+                }
+
                 CharacterRun cr = fieldContent.getCharacterRun(fieldContent
                     .numCharacterRuns() - 1);
                 String[] values = cr.getDropDownListValues();
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
index efa007af47..0eb956e88c 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java
@@ -61,7 +61,8 @@ public class TestWordToConverterSuite {
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc",
-        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc"
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc",
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc"
     );
 
     public static Stream<Arguments> files() {
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
index ab9f6d6cd4..cb72d510f5 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java
@@ -54,7 +54,8 @@ public class TestWordToTextConverter {
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc",
         "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5050208641482752.doc",
-        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc"
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4892412469968896.doc",
+        "clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc"
     );
 
     /**
diff --git a/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc
new file mode 100644
index 0000000000..85f57dba2c
Binary files /dev/null and b/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-6610789829836800.doc differ
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 26af0e5ba3..f04e974e02 100644
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ
-- 
cgit v1.2.3