Author: centic Date: Wed Sep 6 09:48:21 2023 New Revision: 1912125 URL: http://svn.apache.org/viewvc?rev=1912125&view=rev Log: Bug 66425: Avoid a NullPointerException found via oss-fuzz
We try to avoid throwing NullPointerException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62074 Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-6123461607817216.xlsx (with props) Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/XSSFReader.java poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFWorkbook.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/XSSFReader.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/XSSFReader.java?rev=1912125&r1=1912124&r2=1912125&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/XSSFReader.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/XSSFReader.java Wed Sep 6 09:48:21 2023 @@ -380,6 +380,10 @@ public class XSSFReader { */ @Override public InputStream next() { + if (!sheetIterator.hasNext()) { + throw new IllegalStateException("Cannot get next from iterator"); + } + xssfSheetRef = sheetIterator.next(); String sheetId = xssfSheetRef.getId(); Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFWorkbook.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFWorkbook.java?rev=1912125&r1=1912124&r2=1912125&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFWorkbook.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFWorkbook.java Wed Sep 6 09:48:21 2023 @@ -831,7 +831,7 @@ public class XSSFWorkbook extends POIXML private XSSFName createAndStoreName(CTDefinedName ctName) { XSSFName name = new XSSFName(ctName, this); namedRanges.add(name); - namedRangesByName.put(ctName.getName().toLowerCase(Locale.ENGLISH), name); + namedRangesByName.put(ctName.getName() == null ? null : ctName.getName().toLowerCase(Locale.ENGLISH), name); return name; } Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-6123461607817216.xlsx URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-6123461607817216.xlsx?rev=1912125&view=auto ============================================================================== Binary file - no diff available. Propchange: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-6123461607817216.xlsx ------------------------------------------------------------------------------ --- svn:mime-type (added) +++ svn:mime-type Wed Sep 6 09:48:21 2023 @@ -0,0 +1 @@ +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912125&r1=1912124&r2=1912125&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
