Author: centic Date: Thu Aug 24 08:48:45 2023 New Revision: 1911890 URL: http://svn.apache.org/viewvc?rev=1911890&view=rev Log: Bug 66425: Avoid a NullPointerException found via oss-fuzz
We try to avoid throwing NullPointerException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61441 Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5205835528404992.pptx (with props) Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java?rev=1911890&r1=1911889&r2=1911890&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/openxml4j/opc/PackageRelationshipCollection.java Thu Aug 24 08:48:45 2023 @@ -45,14 +45,9 @@ public final class PackageRelationshipCo private final TreeMap<String, PackageRelationship> relationshipsByID = new TreeMap<>(); /** - * Package relationships ordered by type. - */ - private final TreeMap<String, PackageRelationship> relationshipsByType = new TreeMap<>(); - - /** * A lookup of internal relationships to avoid */ - private HashMap<String, PackageRelationship> internalRelationshipsByTargetName = new HashMap<>(); + private final HashMap<String, PackageRelationship> internalRelationshipsByTargetName = new HashMap<>(); /** @@ -195,7 +190,6 @@ public final class PackageRelationshipCo (relPart == null ? "<null>" : relPart.getId()) + " for relationship: " + relPart); } relationshipsByID.put(relPart.getId(), relPart); - relationshipsByType.put(relPart.getRelationshipType(), relPart); } /** @@ -214,8 +208,8 @@ public final class PackageRelationshipCo */ public PackageRelationship addRelationship(URI targetUri, TargetMode targetMode, String relationshipType, String id) { - if (id == null || id.length() == 0) { - // Generate a unique ID is id parameter is null. + if (id == null || id.isEmpty()) { + // Generate a unique ID if id parameter is null. if (nextRelationshipId == -1) { nextRelationshipId = size() + 1; } @@ -245,7 +239,6 @@ public final class PackageRelationshipCo PackageRelationship rel = relationshipsByID.get(id); if (rel != null) { relationshipsByID.remove(rel.getId()); - relationshipsByType.values().remove(rel); internalRelationshipsByTargetName.values().remove(rel); } } @@ -277,6 +270,11 @@ public final class PackageRelationshipCo * @return The package relationship identified by the specified id. */ public PackageRelationship getRelationshipByID(String id) { + if (id == null) { + throw new IllegalArgumentException("Cannot read relationship, provided ID is empty: " + id + + ", having relationships: " + relationshipsByID.keySet()); + } + return relationshipsByID.get(id); } @@ -418,7 +416,6 @@ public final class PackageRelationshipCo */ public void clear() { relationshipsByID.clear(); - relationshipsByType.clear(); internalRelationshipsByTargetName.clear(); } Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5205835528404992.pptx URL: http://svn.apache.org/viewvc/poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5205835528404992.pptx?rev=1911890&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5205835528404992.pptx ------------------------------------------------------------------------------ --- svn:mime-type (added) +++ svn:mime-type Thu Aug 24 08:48:45 2023 @@ -0,0 +1 @@ +application/vnd.openxmlformats-officedocument.presentationml.presentation Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1911890&r1=1911889&r2=1911890&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
