Author: centic Date: Tue Aug 8 08:48:13 2023 New Revision: 1911536 URL: http://svn.apache.org/viewvc?rev=1911536&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61276 Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls (with props) Modified: poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/TextObjectRecord.java poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/TextObjectRecord.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/TextObjectRecord.java?rev=1911536&r1=1911535&r2=1911536&view=diff ============================================================================== --- poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/TextObjectRecord.java (original) +++ poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/TextObjectRecord.java Tue Aug 8 08:48:13 2023 @@ -127,6 +127,9 @@ public final class TextObjectRecord exte throw new RecordFormatException("Read " + ptgs.length + " tokens but expected exactly 1"); } + if (!(ptgs[0] instanceof OperandPtg)) { + throw new IllegalArgumentException("Had unexpected type of ptg at index 0: " + ptgs[0].getClass()); + } _linkRefPtg = (OperandPtg) ptgs[0]; _unknownPostFormulaByte = in.remaining() > 0 ? in.readByte() : null; } else { Modified: poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java?rev=1911536&r1=1911535&r2=1911536&view=diff ============================================================================== --- poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java (original) +++ poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java Tue Aug 8 08:48:13 2023 @@ -86,6 +86,8 @@ public abstract class BaseTestIteratingX excludes.put("61300.xls", RecordFormatException.class); // BIFF 5 excludes.put("64130.xls", OldExcelFormatException.class); + // fuzzed binaries + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls", RuntimeException.class); return excludes; } Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls?rev=1911536&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls ------------------------------------------------------------------------------ svn:mime-type = application/vnd.ms-excel Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911536&r1=1911535&r2=1911536&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
