Author: centic Date: Mon Sep 11 18:25:01 2023 New Revision: 1912250 URL: http://svn.apache.org/viewvc?rev=1912250&view=rev Log: Bug 66425: Avoid a NullPointerException found via oss-fuzz
We try to avoid throwing NullPointerException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62216 Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt Modified: poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java?rev=1912250&r1=1912249&r2=1912250&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java (original) +++ poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java Mon Sep 11 18:25:01 2023 @@ -18,8 +18,10 @@ package org.apache.poi.hslf.dev; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.File; +import java.io.FileNotFoundException; import java.io.PrintStream; import java.util.ArrayList; import java.util.Arrays; @@ -61,6 +63,7 @@ public abstract class BaseTestPPTIterati static { EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt", Exception.class); EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt", RuntimeException.class); + EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt", FileNotFoundException.class); } public static Stream<Arguments> files() { @@ -95,7 +98,11 @@ public abstract class BaseTestPPTIterati } private static void findFile(List<Arguments> list, String dir) { - String[] files = new File(dir).list((arg0, arg1) -> arg1.toLowerCase(Locale.ROOT).endsWith(".ppt")); + File dirFile = new File(dir); + assertTrue(dirFile.exists(), "Directory does not exist: " + dirFile.getAbsolutePath()); + assertTrue(dirFile.isDirectory(), "Not a directory: " + dirFile.getAbsolutePath()); + + String[] files = dirFile.list((arg0, arg1) -> arg1.toLowerCase(Locale.ROOT).endsWith(".ppt")); assertNotNull(files, "Did not find any ppt files in directory " + dir); Modified: poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java?rev=1912250&r1=1912249&r2=1912250&view=diff ============================================================================== --- poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java (original) +++ poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java Mon Sep 11 18:25:01 2023 @@ -21,6 +21,7 @@ import org.apache.poi.hslf.HSLFTestDataS import org.junit.jupiter.api.Test; import java.io.File; +import java.io.FileNotFoundException; import java.io.IOException; import java.util.Collections; import java.util.HashSet; @@ -56,6 +57,11 @@ public class TestPPTXMLDump extends Base throw e; } } + + // work around one file which works here but not in other tests + if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt")) { + throw new FileNotFoundException(); + } } @Override Modified: poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java?rev=1912250&r1=1912249&r2=1912250&view=diff ============================================================================== --- poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java (original) +++ poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java Mon Sep 11 18:25:01 2023 @@ -130,6 +130,9 @@ public class CryptoAPIDecryptor extends } protected static SecretKey generateSecretKey(String password, EncryptionVerifier ver) { + if (password == null) { + throw new IllegalArgumentException("Did not receive a password"); + } if (password.length() > 255) { password = password.substring(0, 255); } Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt URL: http://svn.apache.org/viewvc/poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt?rev=1912250&view=auto ============================================================================== Binary files poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt (added) and poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt Mon Sep 11 18:25:01 2023 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912250&r1=1912249&r2=1912250&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
