stress.xls

centic Mon, 11 Sep 2023 11:26:11 -0700

Author: centic
Date: Mon Sep 11 18:25:06 2023
New Revision: 1912251

URL: http://svn.apache.org/viewvc?rev=1912251&view=rev
Log:
Bug 66425: Avoid a NullPointerException found via oss-fuzz


We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62208

Added:
    
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-6504225896792064.xlsx
Modified:
    
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/ReadOnlySharedStringsTable.java
    poi/trunk/test-data/spreadsheet/stress.xls

Modified: 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/ReadOnlySharedStringsTable.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/ReadOnlySharedStringsTable.java?rev=1912251&r1=1912250&r2=1912251&view=diff
==============================================================================
--- 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/ReadOnlySharedStringsTable.java
 (original)
+++ 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/ReadOnlySharedStringsTable.java
 Mon Sep 11 18:25:06 2023
@@ -259,7 +259,7 @@ public class ReadOnlySharedStringsTable
         } else if ("rPh".equals(localName)) {
             inRPh = true;
             //append space...this assumes that rPh always comes after regular 
<t>
-            if (includePhoneticRuns && characters.length() > 0) {
+            if (includePhoneticRuns && characters != null && 
characters.length() > 0) {
                 characters.append(" ");
             }
         }
@@ -287,7 +287,9 @@ public class ReadOnlySharedStringsTable
     public void characters(char[] ch, int start, int length) throws 
SAXException {
         if (tIsOpen) {
             if (inRPh && includePhoneticRuns) {
-                characters.append(ch, start, length);
+                if (characters != null) {
+                    characters.append(ch, start, length);
+                }
             } else if (! inRPh){
                 if (characters != null) {
                     characters.append(ch, start, length);

Added: 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-6504225896792064.xlsx
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-6504225896792064.xlsx?rev=1912251&view=auto
==============================================================================
Binary files 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-6504225896792064.xlsx
 (added) and 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-6504225896792064.xlsx
 Mon Sep 11 18:25:06 2023 differ

Modified: poi/trunk/test-data/spreadsheet/stress.xls
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912251&r1=1912250&r2=1912251&view=diff
==============================================================================
Binary files - no diff available.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1912251 - in /poi/trunk: poi-ooxml/src/main/java/org/apache/poi/xssf/eventusermodel/ReadOnlySharedStringsTable.java test-data/spreadsheet/clusterfuzz-testcase-minimized-XLSX2CSVFuzzer-6504225896792064.xlsx test-data/spreadsheet/stress.xls

Reply via email to