Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix issues found when fuzzing Apache POI via Jazzer 

Throw RecordFormatException instead of NPE or assertion for
cases that can be triggered by a malformed document

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1899073 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2022-03-20 06:52:51 +00:00
parent 9df7e2d847
commit d648c6d652
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
View File

@ -50,6 +50,7 @@ import org.apache.poi.sl.usermodel.PresetColor;
import org.apache.poi.sl.usermodel.Shape;
import org.apache.poi.sl.usermodel.ShapeContainer;
import org.apache.poi.sl.usermodel.ShapeType;
import org.apache.poi.util.RecordFormatException;
import org.apache.poi.util.Removal;
import org.apache.poi.util.StringUtil;
import org.apache.poi.util.Units;
@ -167,6 +168,9 @@ public abstract class HSLFShape implements Shape<HSLFShape,HSLFTextParagraph> {
LOG.atWarn().log("EscherSpRecord.FLAG_CHILD is set but EscherChildAnchorRecord was not found");
}
EscherClientAnchorRecord clientRec = getEscherChild(EscherClientAnchorRecord.RECORD_ID);
if (clientRec == null) {
throw new RecordFormatException("Could not read record 'CLIENT_ANCHOR' with record-id: " + EscherClientAnchorRecord.RECORD_ID);
}
x1 = clientRec.getCol1();
y1 = clientRec.getFlag();
x2 = clientRec.getDx1();

7
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
View File

@ -42,6 +42,7 @@ import org.apache.poi.hslf.record.Record;
import org.apache.poi.hslf.record.RecordTypes;
import org.apache.poi.sl.usermodel.ShapeContainer;
import org.apache.poi.sl.usermodel.ShapeType;
import org.apache.poi.util.RecordFormatException;
/**
* Create a <code>Shape</code> object depending on its type
@ -90,9 +91,12 @@ public final class HSLFShapeFactory {
}
public static HSLFShape createSimpleShape(EscherContainerRecord spContainer, ShapeContainer<HSLFShape,HSLFTextParagraph> parent){
HSLFShape shape = null;
EscherSpRecord spRecord = spContainer.getChildById(EscherSpRecord.RECORD_ID);
if (spRecord == null) {
throw new RecordFormatException("Could not read EscherSpRecord as child of " + spContainer.getRecordName());
}
final HSLFShape shape;
ShapeType type = ShapeType.forId(spRecord.getShapeType(), false);
switch (type){
case TEXT_BOX:
@ -167,5 +171,4 @@ public final class HSLFShapeFactory {
}
return null;
}
}

5
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
View File

@ -47,6 +47,7 @@ import org.apache.poi.util.Internal;
import org.apache.poi.util.LittleEndian;
import org.apache.poi.util.LittleEndianByteArrayInputStream;
import org.apache.poi.util.LittleEndianByteArrayOutputStream;
import org.apache.poi.util.RecordFormatException;
/**
* This class provides helper functions for encrypted PowerPoint documents.
@ -100,7 +101,9 @@ public class HSLFSlideShowEncrypted implements Closeable {
}
org.apache.poi.hslf.record.Record r = recordMap.get(userEditAtomWithEncryption.getPersistPointersOffset());
assert(r instanceof PersistPtrHolder);
if (!(r instanceof PersistPtrHolder)) {
throw new RecordFormatException("Encountered an unexpected record-type: " + r);
}
PersistPtrHolder ptr = (PersistPtrHolder)r;
Integer encOffset = ptr.getSlideLocationsLookup().get(userEditAtomWithEncryption.getEncryptSessionPersistIdRef());