Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61306

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911573 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2023-08-09 10:09:16 +00:00
parent b757cf607e
commit ccec6c4bf8
4 changed files with 7 additions and 2 deletions

View File

@ -35,6 +35,7 @@ import org.apache.poi.hslf.exceptions.CorruptPowerPointFileException;
import org.apache.poi.hslf.exceptions.OldPowerPointFormatException; import org.apache.poi.hslf.exceptions.OldPowerPointFormatException;
import org.apache.poi.poifs.filesystem.DirectoryNode; import org.apache.poi.poifs.filesystem.DirectoryNode;
import org.apache.poi.poifs.filesystem.DocumentEntry; import org.apache.poi.poifs.filesystem.DocumentEntry;
import org.apache.poi.poifs.filesystem.Entry;
import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.apache.poi.util.IOUtils; import org.apache.poi.util.IOUtils;
import org.apache.poi.util.LittleEndian; import org.apache.poi.util.LittleEndian;
@ -120,8 +121,11 @@ public class CurrentUserAtom {
*/ */
public CurrentUserAtom(DirectoryNode dir) throws IOException { public CurrentUserAtom(DirectoryNode dir) throws IOException {
// Decide how big it is // Decide how big it is
DocumentEntry docProps = final Entry entry = dir.getEntry("Current User");
(DocumentEntry)dir.getEntry("Current User"); if (!(entry instanceof DocumentEntry)) {
throw new IllegalArgumentException("Had unexpected type of entry for name: Current User: " + entry.getClass());
}
DocumentEntry docProps = (DocumentEntry) entry;
// If it's clearly junk, bail out // If it's clearly junk, bail out
if(docProps.getSize() > 131072) { if(docProps.getSize() > 131072) {

View File

@ -60,6 +60,7 @@ public abstract class BaseTestPPTIterating {
static final Map<String,Class<? extends Throwable>> EXCLUDED = new HashMap<>(); static final Map<String,Class<? extends Throwable>> EXCLUDED = new HashMap<>();
static { static {
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt", Exception.class); EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt", Exception.class);
EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt", RuntimeException.class);
} }
public static Stream<Arguments> files() { public static Stream<Arguments> files() {

Binary file not shown.