Author: centic Date: Mon Aug 7 09:42:17 2023 New Revision: 1911501 URL: http://svn.apache.org/viewvc?rev=1911501&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61249 Added: poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIFuzzer-6709287337197568.docx (with props) Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java?rev=1911501&r1=1911500&r2=1911501&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xwpf/usermodel/XWPFDocument.java Mon Aug 7 09:42:17 2023 @@ -241,48 +241,52 @@ public class XWPFDocument extends POIXML for (RelationPart rp : getRelationParts()) { POIXMLDocumentPart p = rp.getDocumentPart(); String relation = rp.getRelationship().getRelationshipType(); - if (relation.equals(XWPFRelation.STYLES.getRelation())) { - this.styles = (XWPFStyles) p; - this.styles.onDocumentRead(); - } else if (relation.equals(XWPFRelation.THEME.getRelation())) { - this.theme = (XWPFTheme) p; - this.theme.onDocumentRead(); - } else if (relation.equals(XWPFRelation.NUMBERING.getRelation())) { - this.numbering = (XWPFNumbering) p; - this.numbering.onDocumentRead(); - } else if (relation.equals(XWPFRelation.FOOTER.getRelation())) { - XWPFFooter footer = (XWPFFooter) p; - footers.add(footer); - footer.onDocumentRead(); - } else if (relation.equals(XWPFRelation.HEADER.getRelation())) { - XWPFHeader header = (XWPFHeader) p; - headers.add(header); - header.onDocumentRead(); - } else if (relation.equals(XWPFRelation.COMMENT.getRelation())) { - this.comments = (XWPFComments) p; - this.comments.onDocumentRead(); - } else if (relation.equals(XWPFRelation.SETTINGS.getRelation())) { - settings = (XWPFSettings) p; - settings.onDocumentRead(); - } else if (relation.equals(XWPFRelation.IMAGES.getRelation())) { - XWPFPictureData picData = (XWPFPictureData) p; - picData.onDocumentRead(); - registerPackagePictureData(picData); - pictures.add(picData); - } else if (relation.equals(XWPFRelation.CHART.getRelation())) { - //now we can use all methods to modify charts in XWPFDocument - XWPFChart chartData = (XWPFChart) p; - charts.add(chartData); - } else if (relation.equals(XWPFRelation.GLOSSARY_DOCUMENT.getRelation())) { - // We don't currently process the glossary itself - // Until we do, we do need to load the glossary child parts of it - for (POIXMLDocumentPart gp : p.getRelations()) { - // Trigger the onDocumentRead for all the child parts - // Otherwise we'll hit issues on Styles, Settings etc on save - // TODO: Refactor this to not need to access protected method - // from other package! Remove the static helper method once fixed!!! - POIXMLDocumentPart._invokeOnDocumentRead(gp); + try { + if (relation.equals(XWPFRelation.STYLES.getRelation())) { + this.styles = (XWPFStyles) p; + this.styles.onDocumentRead(); + } else if (relation.equals(XWPFRelation.THEME.getRelation())) { + this.theme = (XWPFTheme) p; + this.theme.onDocumentRead(); + } else if (relation.equals(XWPFRelation.NUMBERING.getRelation())) { + this.numbering = (XWPFNumbering) p; + this.numbering.onDocumentRead(); + } else if (relation.equals(XWPFRelation.FOOTER.getRelation())) { + XWPFFooter footer = (XWPFFooter) p; + footers.add(footer); + footer.onDocumentRead(); + } else if (relation.equals(XWPFRelation.HEADER.getRelation())) { + XWPFHeader header = (XWPFHeader) p; + headers.add(header); + header.onDocumentRead(); + } else if (relation.equals(XWPFRelation.COMMENT.getRelation())) { + this.comments = (XWPFComments) p; + this.comments.onDocumentRead(); + } else if (relation.equals(XWPFRelation.SETTINGS.getRelation())) { + settings = (XWPFSettings) p; + settings.onDocumentRead(); + } else if (relation.equals(XWPFRelation.IMAGES.getRelation())) { + XWPFPictureData picData = (XWPFPictureData) p; + picData.onDocumentRead(); + registerPackagePictureData(picData); + pictures.add(picData); + } else if (relation.equals(XWPFRelation.CHART.getRelation())) { + //now we can use all methods to modify charts in XWPFDocument + XWPFChart chartData = (XWPFChart) p; + charts.add(chartData); + } else if (relation.equals(XWPFRelation.GLOSSARY_DOCUMENT.getRelation())) { + // We don't currently process the glossary itself + // Until we do, we do need to load the glossary child parts of it + for (POIXMLDocumentPart gp : p.getRelations()) { + // Trigger the onDocumentRead for all the child parts + // Otherwise we'll hit issues on Styles, Settings etc on save + // TODO: Refactor this to not need to access protected method + // from other package! Remove the static helper method once fixed!!! + POIXMLDocumentPart._invokeOnDocumentRead(gp); + } } + } catch (ClassCastException e) { + throw new IllegalArgumentException("Relation and type of document-part did not match, had relation " + relation + " and type of document-part: " + p.getClass()); } } initHyperlinks(); Added: poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIFuzzer-6709287337197568.docx URL: http://svn.apache.org/viewvc/poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIFuzzer-6709287337197568.docx?rev=1911501&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIFuzzer-6709287337197568.docx ------------------------------------------------------------------------------ --- svn:mime-type (added) +++ svn:mime-type Mon Aug 7 09:42:17 2023 @@ -0,0 +1 @@ +application/vnd.openxmlformats-officedocument.wordprocessingml.document Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911501&r1=1911500&r2=1911501&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
