Author: centic Date: Thu Aug 10 06:14:44 2023 New Revision: 1911586 URL: http://svn.apache.org/viewvc?rev=1911586&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61330 Added: poi/trunk/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg (with props) Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java?rev=1911586&r1=1911585&r2=1911586&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java Thu Aug 10 06:14:44 2023 @@ -181,32 +181,38 @@ public class AttachmentChunks implements // - ATTACH_LONG_PATHNAME // - ATTACH_SIZE final int chunkId = chunk.getChunkId(); - if (chunkId == ATTACH_DATA.id) { - if (chunk instanceof ByteChunk) { - attachData = (ByteChunk) chunk; - } else if (chunk instanceof DirectoryChunk) { - attachmentDirectory = (DirectoryChunk) chunk; + + try { + if (chunkId == ATTACH_DATA.id) { + if (chunk instanceof ByteChunk) { + attachData = (ByteChunk) chunk; + } else if (chunk instanceof DirectoryChunk) { + attachmentDirectory = (DirectoryChunk) chunk; + } else { + LOG.atError().log("Unexpected data chunk of type {}", chunk.getEntryName()); + } + } else if (chunkId == ATTACH_EXTENSION.id) { + attachExtension = (StringChunk) chunk; + } else if (chunkId == ATTACH_FILENAME.id) { + attachFileName = (StringChunk) chunk; + } else if (chunkId == ATTACH_LONG_FILENAME.id) { + attachLongFileName = (StringChunk) chunk; + } else if (chunkId == ATTACH_MIME_TAG.id) { + attachMimeTag = (StringChunk) chunk; + } else if (chunkId == ATTACH_RENDERING.id) { + attachRenderingWMF = (ByteChunk) chunk; + } else if (chunkId == ATTACH_CONTENT_ID.id) { + attachContentId = (StringChunk) chunk; } else { - LOG.atError().log("Unexpected data chunk of type {}", chunk.getEntryName()); + LOG.atWarn().log("Currently unsupported attachment chunk property will be ignored. {}", chunk.getEntryName()); } - } else if (chunkId == ATTACH_EXTENSION.id) { - attachExtension = (StringChunk) chunk; - } else if (chunkId == ATTACH_FILENAME.id) { - attachFileName = (StringChunk) chunk; - } else if (chunkId == ATTACH_LONG_FILENAME.id) { - attachLongFileName = (StringChunk) chunk; - } else if (chunkId == ATTACH_MIME_TAG.id) { - attachMimeTag = (StringChunk) chunk; - } else if (chunkId == ATTACH_RENDERING.id) { - attachRenderingWMF = (ByteChunk) chunk; - } else if (chunkId == ATTACH_CONTENT_ID.id) { - attachContentId = (StringChunk) chunk; - } else { - LOG.atWarn().log("Currently unsupported attachment chunk property will be ignored. {}", chunk.getEntryName()); - } - // And add to the main list - allChunks.add(chunk); + // And add to the main list + allChunks.add(chunk); + } catch (ClassCastException e) { + throw new IllegalArgumentException("ChunkId and type of chunk did not match, had id " + + chunkId + " and type of chunk: " + chunk.getClass(), e); + } } /** Added: poi/trunk/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg URL: http://svn.apache.org/viewvc/poi/trunk/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg?rev=1911586&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg ------------------------------------------------------------------------------ svn:mime-type = application/vnd.ms-outlook Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911586&r1=1911585&r2=1911586&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
