Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug 66425: Avoid a ClassCastException found via oss-fuzz 

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61578

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911860 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Dominik Stadler 2023-08-23 08:26:27 +00:00
parent 1b88529d07
commit fd29772be6
4 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
View File

@ -404,7 +404,11 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
return; return;
} }
DocumentEntry entry = (DocumentEntry) getDirectory().getEntry("Pictures"); final Entry en = getDirectory().getEntry("Pictures");
if (!(en instanceof DocumentEntry)) {
throw new IllegalArgumentException("Had unexpected type of entry for name: Pictures: " + en.getClass());
}
DocumentEntry entry = (DocumentEntry) en;
EscherContainerRecord blipStore = getBlipStore(); EscherContainerRecord blipStore = getBlipStore();
byte[] pictstream; byte[] pictstream;
try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) { try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) {

4
poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
View File

@ -21,6 +21,7 @@ import org.apache.poi.hslf.HSLFTestDataSamples;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.io.File; import java.io.File;
import java.io.IOException;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
@ -31,6 +32,7 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
static final Set<String> LOCAL_EXCLUDED = new HashSet<>(); static final Set<String> LOCAL_EXCLUDED = new HashSet<>();
static { static {
LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt"); LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt");
LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt");
} }
@Test @Test
@ -49,7 +51,7 @@ public class TestPPTXMLDump extends BaseTestPPTIterating {
void runOneFile(File pFile) throws Exception { void runOneFile(File pFile) throws Exception {
try { try {
PPTXMLDump.main(new String[]{pFile.getAbsolutePath()}); PPTXMLDump.main(new String[]{pFile.getAbsolutePath()});
} catch (IndexOutOfBoundsException e) { } catch (IndexOutOfBoundsException | IOException e) {
if (!LOCAL_EXCLUDED.contains(pFile.getName())) { if (!LOCAL_EXCLUDED.contains(pFile.getName())) {
throw e; throw e;
} }

BIN
test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt Normal file
View File

Binary file not shown.

BIN
test-data/spreadsheet/stress.xls
View File

Binary file not shown.