Author: centic Date: Mon Sep 11 18:25:13 2023 New Revision: 1912252 URL: http://svn.apache.org/viewvc?rev=1912252&view=rev Log: Bug 66425: Avoid a ClassCastException found via oss-fuzz
We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62170 Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5463285576892416.pptx Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSheet.java poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSlide.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSheet.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSheet.java?rev=1912252&r1=1912251&r2=1912252&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSheet.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSheet.java Mon Sep 11 18:25:13 2023 @@ -395,7 +395,11 @@ implements XSLFShapeContainer, Sheet<XSL if(sp.length == 0) { throw new IllegalStateException("CTGroupShape was not found"); } - _spTree = (CTGroupShape)sp[0]; + XmlObject xmlObject = sp[0]; + if (!(xmlObject instanceof CTGroupShape)) { + throw new IllegalArgumentException("Had unexpected type of entry: " + xmlObject.getClass()); + } + _spTree = (CTGroupShape) xmlObject; } return _spTree; } Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSlide.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSlide.java?rev=1912252&r1=1912251&r2=1912252&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSlide.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFSlide.java Mon Sep 11 18:25:13 2023 @@ -271,9 +271,9 @@ implements Slide<XSLFShape,XSLFTextParag */ @Override public XSLFBackground getBackground() { - CTBackground bg = _slide.getCSld().getBg(); - if(bg != null) { - return new XSLFBackground(bg, this); + if(_slide.getCSld() != null && + _slide.getCSld().getBg() != null) { + return new XSLFBackground(_slide.getCSld().getBg(), this); } else { return getMasterSheet().getBackground(); } Added: poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5463285576892416.pptx URL: http://svn.apache.org/viewvc/poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5463285576892416.pptx?rev=1912252&view=auto ============================================================================== Binary files poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5463285576892416.pptx (added) and poi/trunk/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-5463285576892416.pptx Mon Sep 11 18:25:13 2023 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912252&r1=1912251&r2=1912252&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
