Author: centic Date: Wed Aug 9 07:23:04 2023 New Revision: 1911565 URL: http://svn.apache.org/viewvc?rev=1911565&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61317 Added: poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc (with props) Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java?rev=1911565&r1=1911564&r2=1911565&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hwpf/HWPFDocumentCore.java Wed Aug 9 07:23:04 2023 @@ -54,7 +54,6 @@ import org.apache.poi.util.IOUtils; import org.apache.poi.util.Internal; import org.apache.poi.util.LittleEndianByteArrayInputStream; - /** * This class holds much of the core of a Word document, but * without some of the table structure information. @@ -187,7 +186,11 @@ public abstract class HWPFDocumentCore e DirectoryEntry objectPoolEntry = null; if (directory.hasEntry(STREAM_OBJECT_POOL)) { - objectPoolEntry = (DirectoryEntry) directory.getEntry(STREAM_OBJECT_POOL); + final Entry entry = directory.getEntry(STREAM_OBJECT_POOL); + if (!(entry instanceof DirectoryEntry)) { + throw new IllegalArgumentException("Had unexpected type of entry for name: " + STREAM_OBJECT_POOL + ": " + entry.getClass()); + } + objectPoolEntry = (DirectoryEntry) entry; } _objectPool = new ObjectPoolImpl(objectPoolEntry); } Modified: poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java?rev=1911565&r1=1911564&r2=1911565&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java (original) +++ poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToConverterSuite.java Wed Aug 9 07:23:04 2023 @@ -59,7 +59,8 @@ public class TestWordToConverterSuite "Fuzzed.doc", "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc", "TestHPSFWritingFunctionality.doc", - "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc" + "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc", + "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc" ); public static Stream<Arguments> files() { Modified: poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java?rev=1911565&r1=1911564&r2=1911565&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java (original) +++ poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hwpf/converter/TestWordToTextConverter.java Wed Aug 9 07:23:04 2023 @@ -51,7 +51,8 @@ public class TestWordToTextConverter { // Corrupt files "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5418937293340672.doc", "TestHPSFWritingFunctionality.doc", - "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc" + "clusterfuzz-testcase-minimized-POIHWPFFuzzer-4947285593948160.doc", + "clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc" ); /** Added: poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc URL: http://svn.apache.org/viewvc/poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc?rev=1911565&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/document/clusterfuzz-testcase-minimized-POIHWPFFuzzer-5440721166139392.doc ------------------------------------------------------------------------------ svn:mime-type = application/msword Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911565&r1=1911564&r2=1911565&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
