Bug 66425: Avoid Exceptions found via oss-fuzz

We try to avoid throwing NullPointerExceptions or endless allocations, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62697 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912793 13f79535-47bb-0310-9956-ffa450edef68
2023-10-07 22:12:25 +00:00 · 2023-10-07 22:12:25 +00:00 · 6fae5bbc18
parent c331c5d26a
commit 6fae5bbc18
6 changed files with 9 additions and 3 deletions
--- a/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java
+++ b/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java
@ -48,7 +48,9 @@ class SSTDeserializer {
            UnicodeString str;
            if (in.available() == 0 && (!in.hasNextRecord() || in.getNextSid() != ContinueRecord.sid)) {
                LOG.atError().log("Ran out of data before creating all the strings! String at index {}", box(i));
-                str = new UnicodeString("");
+
+                // not much sense in trying to continue reading in this case, file seems to be broken
+                return;
            } else {
                str = new UnicodeString(in);
            }
--- a/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java
+++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java
@ -169,7 +169,8 @@ public final class DocumentInputStream extends InputStream implements LittleEndi
            throw new IllegalArgumentException("buffer must not be null");
        }
        if (off < 0 || len < 0 || b.length < off + len) {
-            throw new IndexOutOfBoundsException("can't read past buffer boundaries");
+            throw new IndexOutOfBoundsException("can't read past buffer boundaries with off: " + off +
+                    ", len: " + len + ", b.length: " + b.length);
        }
        if (len == 0) {
            return 0;
--- a/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java
@ -88,6 +88,7 @@ public abstract class BaseTestIteratingXLS {
        excludes.put("64130.xls", OldExcelFormatException.class);
        // fuzzed binaries
        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls", RuntimeException.class);
+        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls", RuntimeException.class);
        return excludes;
    }

--- a/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java
+++ b/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java
@ -18,6 +18,7 @@
 package org.apache.poi.hssf.record;

 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;

 import java.io.IOException;
 import java.io.InputStream;
@ -137,6 +138,7 @@ final class TestSSTDeserializer {
        deserializer.manufactureStrings(2, in);

        assertEquals("At a dinner party or", strings.get(0) + "");
-        assertEquals("", strings.get(1) + "");
+        assertThrows(IndexOutOfBoundsException.class,
+                () -> strings.get(1));
    }
 }
--- a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls
+++ b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls