From ccec6c4bf8484fef87584723781dc4b7370ec459 Mon Sep 17 00:00:00 2001 From: Dominik Stadler Date: Wed, 9 Aug 2023 10:09:16 +0000 Subject: [PATCH] Bug 66425: Avoid a ClassCastException found via oss-fuzz We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61306 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911573 13f79535-47bb-0310-9956-ffa450edef68 --- .../poi/hslf/record/CurrentUserAtom.java | 8 ++++++-- .../poi/hslf/dev/BaseTestPPTIterating.java | 1 + ...nimized-POIHSLFFuzzer-6710128412590080.ppt | Bin 0 -> 9732 bytes test-data/spreadsheet/stress.xls | Bin 62976 -> 63488 bytes 4 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java index 70e422b838..3bdcee13b9 100644 --- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java +++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java @@ -35,6 +35,7 @@ import org.apache.poi.hslf.exceptions.CorruptPowerPointFileException; import org.apache.poi.hslf.exceptions.OldPowerPointFormatException; import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.poifs.filesystem.DocumentEntry; +import org.apache.poi.poifs.filesystem.Entry; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.util.IOUtils; import org.apache.poi.util.LittleEndian; @@ -120,8 +121,11 @@ public class CurrentUserAtom { */ public CurrentUserAtom(DirectoryNode dir) throws IOException { // Decide how big it is - DocumentEntry docProps = - (DocumentEntry)dir.getEntry("Current User"); + final Entry entry = dir.getEntry("Current User"); + if (!(entry instanceof DocumentEntry)) { + throw new IllegalArgumentException("Had unexpected type of entry for name: Current User: " + entry.getClass()); + } + DocumentEntry docProps = (DocumentEntry) entry; // If it's clearly junk, bail out if(docProps.getSize() > 131072) { diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java index 4dac9d21bd..0af50391db 100644 --- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java +++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java @@ -60,6 +60,7 @@ public abstract class BaseTestPPTIterating { static final Map> EXCLUDED = new HashMap<>(); static { EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt", Exception.class); + EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt", RuntimeException.class); } public static Stream files() { diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt new file mode 100644 index 0000000000000000000000000000000000000000..f47228eec7ad1fc0ca536ccf821c8384f7e7a5bd GIT binary patch literal 9732 zcmeHM4{TLe8UOCRuk^LN?!NXFsEBY!h@y_t@#aFNVZ|}xf(s4pl5H8I9q&E*veGtv zj}frCKU>K|YO6NXM_H0lJUiL&CXjv*MAkbz;wjTv{hAsZrGf4_6yeZ74x z*haEI?78{w`TzYt-#Pc(!>?4HeC9`!{~|?co>+3xE0b}7b^~RCN>Pyt6j;CLd7f?* zL2)cyLmIdMUMpcd3lIX70BG}4Kp0R4C^h6 zZkKlCU9tvN9eJ7vkMYql7DP8bn)ue@S1KPnEqmp~Prn(&RF}AW+Wq&wWL$^FUOF05 z1E_aP5_DNgD;^wKfbw!#B`eWGt}dNsifNeWrvH+UOOG7r;rOi+biG6x6`hsRqGZ1V z^irVS1==m3oJP5QVCs+(>2uxqIv6tG5)GYX7^!54tfS*+F6jHTM=C${@8$!!EpJ*i zu!SLSSu@d|n<#P;3!A_)&BXQZr~EX-miMe`RA$Q|n{lB|j@Z-#`)xT^`eilYXZ8Z* z^P$Z&wAqI8{%tWi^m3$*ITPnKJr@(gebf4k<7hAaZKRGl6LBFjO&8g1Galun9&g(D zyNWI<;aa>HuSA}+$t%mIlwo+i?6PS+_~?aOkxzF-637MfRnD^1(;?I>&wGbOBt5=S1TMn1TF=?7qhf*Ew+1lkDZ5>@Azu5A^S$X-JpMSn| zYaerxw&h>e3N`hjrIdg+xnSLd_ZI<)K#rp9-1i;hOy0b#Gp&P~%K?VOq*KmYG%-^r z3Vxkf>#_e#lUV2rs#nt>{vbF{#bk4Lq>ipM7p|m+246-DI6PnU5Z%^KRD~_;Vsll# zK1OpvXq#$Wrk(}_s3y4)4lD9RjO{o8g%rQNC<1J#_n@Mx)vNs?ujT?bJJd4K$ErOx z&EMFTP9&WhMfTdX3Y*wn2J`u|qN1nKdqnowTpJ71U74(tQIqd*S`vvQl%Y|uyBLLU zbd5rDW%~H@=!u-@2e_K!qr4nf8jI$tsWsh|7(G{zRVCViuBDR}T9<=d#mNP<5SF_OstE8W+{V9AVun$#VvKv0$*0` zxm-@=`%a#cc)UlXr$>7F5ig3yZQHg@jXQs$QM{g%^g}jeL&o{|dip)-2gKw3^1~Hg zVchFy-&J^geB@)}OW-91qI-h)Uc)%gP{Og~eIW7ve(@R_K!0GIfPW>+y>}x=N8$ll z+0n-dfPry2g~LPa7CCWbi{k%RYns)ZKR)}h0)LQ7*Dq4z+`kUcZGCX58rR+3Ew8@%JK419Ym(c(N4)-&ymkD=0=^XR5Z}Cc z_o=-3o`)rs@?ZYwFIkQ2QdWy8ar^5nAF(*F~Y4cm7@%3bz6yp16{ zi7|qm=3I79oJtx<#5LTW7-2IP0eEl}2fAFZsOxg`FneMH zs4mgnV(_CvA!BP{zQXRlj6~Gb=V2NT|h=l$Gw6>V;ACN~S>@s>V;*3-6 zmYY&}$eoEcL&{vey=YGSw<+an9+6WnTSD#;206YV^zZNaJGW)vR*rV`1?{#*Kt z#}(JXbHo8e*~tuo>148N+L9vA+LZo!0MlM|YGX~?kdjSA(U;81 zOUCoi=P=5b?EAMYGe;wnYf+|{T`Uu+nt7SFqwLG1x!I%qc6gbRtFZ%9q)bJAgK0}X zlx(ZeyPz&F>{!*6ZFTaMbjmMN3tVm2D~kFqg??V><(V#VAC2N4fsk&M>w!Tpc@uI?RcMZQ2&g zodNG;TpQ8ujXD1AjnC>r95m7HAY?XTkK?ZJ2p}Xmsd>E5H~{=OcdEBxseOI~yL5&0 z;g+VtRVOytJ}3eQDN~B!C^xJxrmXhiJmt&nrPmFmT!u5a=X&SeF9l@AC5F0G9=PW~ z9rqm2Pk4**jU7+OR^#= z%We6GH3PN@egjr;Thl4WtW+X(Jn3y!zF@i=kk{o;dOTlRFvF;Q1#^b=6|@g$vCeyn zEq29yh(0pS3sFZqN~+cmcmy$A9~Ui>6)bP2^zpK>;wb$!&hd+ za0;To%Rki}9FE-5GeLheG~h0pGSk+E9K=n~N0&&KCpG#gk7DG3XLEjiat##!|KT|` z`2VL8^(p|w!FUFnM!&Z?ET8?< zk6+`rS3Mks{{q?H4506{0_Z!d0rZ)50Q$|-0Q$ym0Pp1w0l18h0_aC40lW+UJAi(4 z20(mo02%i{;_@#?r=rICqV|@SkK)TbgjK+J{r~V~4z&)GXwg}?CuCl0)TrD<*kXhz zqnS+Fc24=t_`kzw;ajQ{HZ-BV62z2o`PqWo7m@QgBmu3bg&M99cH>p@Q-0gZu zN#?%|)W{d5)g{(6r?ud#m~%$hq3Lq#&ph_~W8bd*cy!BCSbsO1`vKQqFEDc(q2OF+ z#JUNE2hzOtA+P-J%AEW$_W?y! zF3u;PKI6U5MkMmcRGd!*1OC3H{eaq7kW96#YRftcl9}|1_Cdj9Ah65{w8td^L}ZM? zheQ_Q2Uy0rE0atp-XON>qP!Zb)0AA<+18Rx4(g|_^lE70rB`N`igoQO=;0T13m*Q;yu#@={Qd62qyMuza+hS(-}sS|nM_ZtF?n}h cNF$j`znVRgfg>DKAdbQar(Drt*E0S80DgG0p#T5? literal 0 HcmV?d00001 diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls index 76b80d3e770ee7d1f6981b1054b66c88caea02a9..e084a6c0b23cf7dee3c32553d4d9b553c520a715 100644 GIT binary patch delta 720 zcmZwDPe>F|90&04o0;8qGQitaV3g&#fu<#66zAQtWc=?CpX*zcMoM5 zB+(PRbXaFb&`#0|Iz-o?3_Y}Do+2+Qc*u^5ZofA>jY{z@^ZoJrecta)epk)^QkOMF z&jL6ql}Zmpm9oaz1m93wUTPygoWTVqm%7GkAZs-FPtE#I&E|7oZ{`l^F;a=*7AfV#D8;E( zP70+fl$heDPL)!*uF=;;ugix4^pjBT^1EGfmt)z4l+U^|CP>bq%cV_^HgS?RagsLi zmzGaDrY(o=bZJY{o@{xt<;W{umk+rC+;+FNJlZ}*+YTLYhwM|d?a{VFPkUW*>1UMW z|F9i-9o0Cm0E2XHIOnQT>&ILFbAao`_DcC88h{0h$M)Lz-C}EPU=?Uv2MRxc?JdCA M5rtx;!ThcL0ikD{{r~^~ delta 251 zcmVV?Gg#Zu$YRZ$K zI93J30{{SFv->z5AOVB38CirDv;1$e4<4Za0063m000t{000`I006?T005r5002tK z008#MlfTwbvmAhX5CNgHn2>EllU3AE6W0I+0Av6F0000!0ulhU29p2*lPK0M4xj)9 z000010H6S%00jk;h4UqoiPj_%>B|5B3Dp1qf!zQA$>jh55$ChN)