Bug 66425: Avoid an AssertionError found via oss-fuzz

We try to avoid throwing AssertionError to be triggered by input data, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911514 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2023-08-07 14:32:11 +00:00
parent f6b1435db1
commit 2c5264277a
5 changed files with 14 additions and 1 deletions

View File

@ -84,6 +84,8 @@ public class HSLFFileHandler extends SlideShowHandler {
} }
handleExtracting(file); handleExtracting(file);
handleAdditional(file);
} }
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {

View File

@ -20,6 +20,8 @@ package org.apache.poi.hslf.record;
import java.util.Map; import java.util.Map;
import java.util.function.Supplier; import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.ddf.EscherRecord; import org.apache.poi.ddf.EscherRecord;
import org.apache.poi.ddf.EscherRecordFactory; import org.apache.poi.ddf.EscherRecordFactory;
import org.apache.poi.ddf.EscherSerializationListener; import org.apache.poi.ddf.EscherSerializationListener;
@ -32,6 +34,8 @@ import org.apache.poi.util.LittleEndian;
* the slide layout as specified in the SlideAtom record. * the slide layout as specified in the SlideAtom record.
*/ */
public class EscherPlaceholder extends EscherRecord { public class EscherPlaceholder extends EscherRecord {
private static final Logger LOG = LogManager.getLogger(EscherPlaceholder.class);
public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID; public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID;
public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder"; public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder";
@ -59,7 +63,10 @@ public class EscherPlaceholder extends EscherRecord {
size = data[offset+13]; size = data[offset+13];
unused = LittleEndian.getShort(data, offset+14); unused = LittleEndian.getShort(data, offset+14);
assert(bytesRemaining + 8 == 16); if (bytesRemaining + 8 != 16) {
LOG.warn("Invalid header-data received, should have 8 bytes left, but had: " + bytesRemaining);
}
return bytesRemaining + 8; return bytesRemaining + 8;
} }

View File

@ -247,6 +247,10 @@ public abstract class HSLFShape implements Shape<HSLFShape,HSLFTextParagraph> {
} }
public <T extends EscherRecord> T getEscherChild(int recordId){ public <T extends EscherRecord> T getEscherChild(int recordId){
if (_escherContainer == null) {
throw new IllegalStateException("Did not have a container for fetching children");
}
return _escherContainer.getChildById((short)recordId); return _escherContainer.getChildById((short)recordId);
} }

Binary file not shown.