Author: centic Date: Sat Oct 7 22:12:25 2023 New Revision: 1912793 URL: http://svn.apache.org/viewvc?rev=1912793&view=rev Log: Bug 66425: Avoid Exceptions found via oss-fuzz
We try to avoid throwing NullPointerExceptions or endless allocations, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62697 Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls Modified: poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java poi/trunk/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java poi/trunk/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java?rev=1912793&r1=1912792&r2=1912793&view=diff ============================================================================== --- poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java (original) +++ poi/trunk/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java Sat Oct 7 22:12:25 2023 @@ -48,7 +48,9 @@ class SSTDeserializer { UnicodeString str; if (in.available() == 0 && (!in.hasNextRecord() || in.getNextSid() != ContinueRecord.sid)) { LOG.atError().log("Ran out of data before creating all the strings! String at index {}", box(i)); - str = new UnicodeString(""); + + // not much sense in trying to continue reading in this case, file seems to be broken + return; } else { str = new UnicodeString(in); } Modified: poi/trunk/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java?rev=1912793&r1=1912792&r2=1912793&view=diff ============================================================================== --- poi/trunk/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java (original) +++ poi/trunk/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java Sat Oct 7 22:12:25 2023 @@ -169,7 +169,8 @@ public final class DocumentInputStream e throw new IllegalArgumentException("buffer must not be null"); } if (off < 0 || len < 0 || b.length < off + len) { - throw new IndexOutOfBoundsException("can't read past buffer boundaries"); + throw new IndexOutOfBoundsException("can't read past buffer boundaries with off: " + off + + ", len: " + len + ", b.length: " + b.length); } if (len == 0) { return 0; Modified: poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java?rev=1912793&r1=1912792&r2=1912793&view=diff ============================================================================== --- poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java (original) +++ poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java Sat Oct 7 22:12:25 2023 @@ -88,6 +88,7 @@ public abstract class BaseTestIteratingX excludes.put("64130.xls", OldExcelFormatException.class); // fuzzed binaries excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls", RuntimeException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls", RuntimeException.class); return excludes; } Modified: poi/trunk/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java?rev=1912793&r1=1912792&r2=1912793&view=diff ============================================================================== --- poi/trunk/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java (original) +++ poi/trunk/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java Sat Oct 7 22:12:25 2023 @@ -18,6 +18,7 @@ package org.apache.poi.hssf.record; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.IOException; import java.io.InputStream; @@ -137,6 +138,7 @@ final class TestSSTDeserializer { deserializer.manufactureStrings(2, in); assertEquals("At a dinner party or", strings.get(0) + ""); - assertEquals("", strings.get(1) + ""); + assertThrows(IndexOutOfBoundsException.class, + () -> strings.get(1)); } } Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls?rev=1912793&view=auto ============================================================================== Binary files poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls (added) and poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls Sat Oct 7 22:12:25 2023 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912793&r1=1912792&r2=1912793&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
