From e43c1bc9117d0c1e356f8de33cb7f9a516747242 Mon Sep 17 00:00:00 2001 From: Dominik Stadler Date: Sat, 7 Oct 2023 22:12:50 +0000 Subject: Bug 66425: Avoid Exceptions found via oss-fuzz We try to avoid throwing ConcurrentModificationException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62861 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912797 13f79535-47bb-0310-9956-ffa450edef68 --- .../hssf/record/aggregates/CustomViewSettingsRecordAggregate.java | 5 ++++- poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java | 1 + poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java | 1 + poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) (limited to 'poi') diff --git a/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java b/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java index 5b10c4ff7d..dc94c265d6 100644 --- a/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java +++ b/poi/src/main/java/org/apache/poi/hssf/record/aggregates/CustomViewSettingsRecordAggregate.java @@ -73,7 +73,10 @@ public final class CustomViewSettingsRecordAggregate extends RecordAggregate { return; } rv.visitRecord(_begin); - for (RecordBase rb : _recs) { + + // need to copy list to avoid ConcurrentModificationException + // as there are cases where the visitor modifies the list itself + for (RecordBase rb : new ArrayList<>(_recs)) { if (rb instanceof RecordAggregate) { ((RecordAggregate) rb).visitContainedRecords(rv); } else { diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java index a87f34aad8..b9abe815f4 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java @@ -56,6 +56,7 @@ class TestBiffDrawingToXml extends BaseTestIteratingXLS { excludes.put("protected_66115.xls", EncryptedDocumentException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5285517825277952.xls", IllegalArgumentException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls", IllegalArgumentException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class); return excludes; } diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java index 3b8ee50d96..218ecb93f6 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java @@ -43,6 +43,7 @@ class TestBiffViewer extends BaseTestIteratingXLS { excludes.put("poi-fuzz.xls", RecordFormatException.class); excludes.put("protected_66115.xls", RecordFormatException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", IllegalStateException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class); return excludes; } diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java index 9135eab884..7f2f85dcbb 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java @@ -46,6 +46,7 @@ class TestRecordLister extends BaseTestIteratingXLS { protected Map> getExcludes() { Map> excludes = super.getExcludes(); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", RecordFormatException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class); return excludes; } -- cgit v1.2.3