Author: centic Date: Sat Aug 5 12:13:13 2023 New Revision: 1911459 URL: http://svn.apache.org/viewvc?rev=1911459&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61162 Added: poi/trunk/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub Modified: poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java?rev=1911459&r1=1911458&r2=1911459&view=diff ============================================================================== --- poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java (original) +++ poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HPBFFileHandler.java Sat Aug 5 12:13:13 2023 @@ -45,22 +45,16 @@ public class HPBFFileHandler extends POI void test() throws Exception { File file = new File("test-data/publisher/SampleBrochure.pub"); - InputStream stream = new FileInputStream(file); - try { + try (InputStream stream = new FileInputStream(file)) { handleFile(stream, file.getPath()); - } finally { - stream.close(); } handleExtracting(file); - stream = new FileInputStream(file); - try { + try (InputStream stream = new FileInputStream(file)) { try (PublisherTextExtractor extractor = new PublisherTextExtractor(stream)) { assertNotNull(extractor.getText()); } - } finally { - stream.close(); } } Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java?rev=1911459&r1=1911458&r2=1911459&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hpbf/model/HPBFPart.java Sat Aug 5 12:13:13 2023 @@ -23,6 +23,7 @@ import java.io.InputStream; import org.apache.commons.io.input.UnsynchronizedByteArrayInputStream; import org.apache.poi.poifs.filesystem.DirectoryNode; +import org.apache.poi.poifs.filesystem.Entry; import org.apache.poi.util.IOUtils; /** @@ -57,7 +58,11 @@ public abstract class HPBFPart { DirectoryNode dir = baseDir; for(int i=0; i<path.length-1; i++) { try { - dir = (DirectoryNode)dir.getEntry(path[i]); + Entry entry = dir.getEntry(path[i]); + if (!(entry instanceof DirectoryNode)) { + throw new IllegalArgumentException("Had unexpected type of entry for path: " + path[i] + ": " + entry); + } + dir = (DirectoryNode) entry; } catch (FileNotFoundException e) { throw new IllegalArgumentException("File invalid - failed to find directory entry '" + path[i] + "': " + e); Added: poi/trunk/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub URL: http://svn.apache.org/viewvc/poi/trunk/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub?rev=1911459&view=auto ============================================================================== Binary files poi/trunk/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub (added) and poi/trunk/test-data/publisher/clusterfuzz-testcase-minimized-POIHPBFFuzzer-4701121678278656.pub Sat Aug 5 12:13:13 2023 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911459&r1=1911458&r2=1911459&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
