svn commit: r1912707 - in /poi/trunk: poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/ poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/ poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/ poi/src/main/java/org/apache/poi/hssf/record/

Mon, 02 Oct 2023 23:05:35 -0700 

Author: centic
Date: Tue Oct  3 06:05:30 2023
New Revision: 1912707

URL: http://svn.apache.org/viewvc?rev=1912707&view=rev
Log:
Bug 66425: Avoid exceptions found via poi-fuzz

We try to avoid throwing NullPointerException, ClassCastExceptions 
and StackOverflowException, but it was possible to trigger them

Also improve some exception messages

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62698
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62606
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62685

Modified:
    
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
    
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
    
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java
    
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
    poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java

Modified: 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java?rev=1912707&r1=1912706&r2=1912707&view=diff
==============================================================================
--- 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
 (original)
+++ 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFGraphicFrame.java
 Tue Oct  3 06:05:30 2023
@@ -67,6 +67,10 @@ public class XSLFGraphicFrame extends XS
     @Override
     public Rectangle2D getAnchor(){
         CTTransform2D xfrm = 
((CTGraphicalObjectFrame)getXmlObject()).getXfrm();
+        if (xfrm == null) {
+            throw new IllegalArgumentException("Could not retrieve an Xfrm 
from the XML object");
+        }
+
         CTPoint2D off = xfrm.getOff();
         double x = Units.toPoints(POIXMLUnits.parseLength(off.xgetX()));
         double y = Units.toPoints(POIXMLUnits.parseLength(off.xgetY()));

Modified: 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java?rev=1912707&r1=1912706&r2=1912707&view=diff
==============================================================================
--- 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
 (original)
+++ 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFTableCell.java
 Tue Oct  3 06:05:30 2023
@@ -766,7 +766,7 @@ public class XSLFTableCell extends XSLFT
                 return super.isBold();
             } else {
                 final CTTextCharacterProperties rPr = super.getRPr(false);
-                if (rPr.isSetB()) {
+                if (rPr != null && rPr.isSetB()) {
                     // If this run has bold set locally, then it overrides 
table cell style.
                     return rPr.getB();
                 } else {
@@ -784,7 +784,7 @@ public class XSLFTableCell extends XSLFT
                 return super.isItalic();
             } else {
                 final CTTextCharacterProperties rPr = super.getRPr(false);
-                if (rPr.isSetI()) {
+                if (rPr != null && rPr.isSetI()) {
                     // If this run has italic set locally, then it overrides 
table cell style.
                     return rPr.getI();
                 } else {

Modified: 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java?rev=1912707&r1=1912706&r2=1912707&view=diff
==============================================================================
--- 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java 
(original)
+++ 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/streaming/SXSSFSheet.java 
Tue Oct  3 06:05:30 2023
@@ -96,8 +96,12 @@ public class SXSSFSheet implements Sheet
         setRandomAccessWindowSize(_workbook.getRandomAccessWindowSize());
         try {
             _autoSizeColumnTracker = new AutoSizeColumnTracker(this);
-        } catch (UnsatisfiedLinkError | InternalError e) {
-            LOG.atWarn().log("Failed to create AutoSizeColumnTracker, possibly 
due to fonts not being installed in your OS", e);
+        } catch (UnsatisfiedLinkError | NoClassDefFoundError | InternalError |
+                 // thrown when no fonts are available in the workbook
+                 IndexOutOfBoundsException e) {
+            LOG.atWarn()
+                    .withThrowable(e)
+                    .log("Failed to create AutoSizeColumnTracker, possibly due 
to fonts not being installed in your OS");
         }
     }
 

Modified: 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java?rev=1912707&r1=1912706&r2=1912707&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hdgf/streams/PointerContainingStream.java
 Tue Oct  3 06:05:30 2023
@@ -30,7 +30,7 @@ import org.apache.poi.hdgf.pointers.Poin
 public class PointerContainingStream extends Stream { // TODO - instantiable 
superclass
     private static final Logger LOG = 
LogManager.getLogger(PointerContainingStream.class);
 
-    private static final int MAX_CHILDREN_NESTING = 1000;
+    private static final int MAX_CHILDREN_NESTING = 500;
 
     private final Pointer[] childPointers;
     private Stream[] childStreams;

Modified: 
poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java?rev=1912707&r1=1912706&r2=1912707&view=diff
==============================================================================
--- poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java 
(original)
+++ poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/OldStringRecord.java 
Tue Oct  3 06:05:30 2023
@@ -89,7 +89,7 @@ public final class OldStringRecord imple
         try {
             return CodePageUtil.getStringFromCodePage(data, cp);
         } catch (UnsupportedEncodingException uee) {
-            throw new IllegalArgumentException("Unsupported codepage 
requested", uee);
+            throw new IllegalArgumentException("Unsupported codepage 
requested: " + cp, uee);
         }
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to