Author: centic Date: Wed Aug 23 08:26:27 2023 New Revision: 1911860 URL: http://svn.apache.org/viewvc?rev=1911860&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61578 Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt (with props) Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java?rev=1911860&r1=1911859&r2=1911860&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java (original) +++ poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java Wed Aug 23 08:26:27 2023 @@ -404,7 +404,11 @@ public final class HSLFSlideShowImpl ext return; } - DocumentEntry entry = (DocumentEntry) getDirectory().getEntry("Pictures"); + final Entry en = getDirectory().getEntry("Pictures"); + if (!(en instanceof DocumentEntry)) { + throw new IllegalArgumentException("Had unexpected type of entry for name: Pictures: " + en.getClass()); + } + DocumentEntry entry = (DocumentEntry) en; EscherContainerRecord blipStore = getBlipStore(); byte[] pictstream; try (DocumentInputStream is = getDirectory().createDocumentInputStream(entry)) { Modified: poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java?rev=1911860&r1=1911859&r2=1911860&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java (original) +++ poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java Wed Aug 23 08:26:27 2023 @@ -21,6 +21,7 @@ import org.apache.poi.hslf.HSLFTestDataS import org.junit.jupiter.api.Test; import java.io.File; +import java.io.IOException; import java.util.Collections; import java.util.HashSet; import java.util.Set; @@ -31,6 +32,7 @@ public class TestPPTXMLDump extends Base static final Set<String> LOCAL_EXCLUDED = new HashSet<>(); static { LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-5306877435838464.ppt"); + LOCAL_EXCLUDED.add("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt"); } @Test @@ -49,7 +51,7 @@ public class TestPPTXMLDump extends Base void runOneFile(File pFile) throws Exception { try { PPTXMLDump.main(new String[]{pFile.getAbsolutePath()}); - } catch (IndexOutOfBoundsException e) { + } catch (IndexOutOfBoundsException | IOException e) { if (!LOCAL_EXCLUDED.contains(pFile.getName())) { throw e; } Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt URL: http://svn.apache.org/viewvc/poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt?rev=1911860&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6032591399288832.ppt ------------------------------------------------------------------------------ svn:mime-type = application/vnd.ms-powerpoint Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911860&r1=1911859&r2=1911860&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
