Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61578 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911860 13f79535-47bb-0310-9956-ffa450edef68
2023-08-23 08:26:27 +00:00 · 2023-08-23 08:26:27 +00:00 · fd29772be6
parent 1b88529d07
commit fd29772be6
4 changed files with 8 additions and 2 deletions
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
@ -404,7 +404,11 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
            return;
        }

-        DocumentEntry entry = (DocumentEntry) getDirectory().getEntry("Pictures");
+        final Entry en = getDirectory().getEntry("Pictures");
+        if (!(en instanceof DocumentEntry)) {
+            throw new IllegalArgumentException("Had unexpected type of entry for name: Pictures: " + en.getClass());
+        }
+        DocumentEntry entry = (DocumentEntry) en;
        EscherContainerRecord blipStore = getBlipStore();
        byte[] pictstream;
        try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) {
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@ -21,6 +21,7 @@ import org.apache.poi.hslf.HSLFTestDataSamples;
 import org.junit.jupiter.api.Test;

 import java.io.File;
+import java.io.IOException;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
@ -31,6 +32,7 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
    static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
    static {
        LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
+        LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt");
    }

    @Test
@ -49,7 +51,7 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
    void runOneFile(File pFile) throws Exception {
        try {
           PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
-        } catch (IndexOutOfBoundsException e) {
+        } catch (IndexOutOfBoundsException | IOException e) {
            if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
                throw e;
            }
--- a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt
+++ b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt
--- a/test-data/spreadsheet/stress.xls
+++ b/test-data/spreadsheet/stress.xls