Author: centic Date: Mon Aug 7 14:32:11 2023 New Revision: 1911514 URL: http://svn.apache.org/viewvc?rev=1911514&view=rev Log: Bug 66425: Avoid an AssertionError found via oss-fuzz
We try to avoid throwing AssertionError to be triggered by input data, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251 Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt (with props) Modified: poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java?rev=1911514&r1=1911513&r2=1911514&view=diff ============================================================================== --- poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java (original) +++ poi/trunk/poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java Mon Aug 7 14:32:11 2023 @@ -84,6 +84,8 @@ public class HSLFFileHandler extends Sli } handleExtracting(file); + + handleAdditional(file); } public static void main(String[] args) throws Exception { Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java?rev=1911514&r1=1911513&r2=1911514&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java Mon Aug 7 14:32:11 2023 @@ -20,6 +20,8 @@ package org.apache.poi.hslf.record; import java.util.Map; import java.util.function.Supplier; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.apache.poi.ddf.EscherRecord; import org.apache.poi.ddf.EscherRecordFactory; import org.apache.poi.ddf.EscherSerializationListener; @@ -32,6 +34,8 @@ import org.apache.poi.util.LittleEndian; * the slide layout as specified in the SlideAtom record. */ public class EscherPlaceholder extends EscherRecord { + private static final Logger LOG = LogManager.getLogger(EscherPlaceholder.class); + public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID; public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder"; @@ -59,7 +63,10 @@ public class EscherPlaceholder extends E size = data[offset+13]; unused = LittleEndian.getShort(data, offset+14); - assert(bytesRemaining + 8 == 16); + if (bytesRemaining + 8 != 16) { + LOG.warn("Invalid header-data received, should have 8 bytes left, but had: " + bytesRemaining); + } + return bytesRemaining + 8; } Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java?rev=1911514&r1=1911513&r2=1911514&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java Mon Aug 7 14:32:11 2023 @@ -247,6 +247,10 @@ public abstract class HSLFShape implemen } public <T extends EscherRecord> T getEscherChild(int recordId){ + if (_escherContainer == null) { + throw new IllegalStateException("Did not have a container for fetching children"); + } + return _escherContainer.getChildById((short)recordId); } Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt URL: http://svn.apache.org/viewvc/poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt?rev=1911514&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911514&r1=1911513&r2=1911514&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
