Author: centic Date: Sat Oct 7 22:12:30 2023 New Revision: 1912794 URL: http://svn.apache.org/viewvc?rev=1912794&view=rev Log: Bug 66425: Avoid Exceptions found via oss-fuzz
We try to avoid throwing NullPointerExceptions or endless allocations, but it was possible to trigger one here with a specially crafted input-file Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62706 Added: poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java URL: http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java?rev=1912794&r1=1912793&r2=1912794&view=diff ============================================================================== --- poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java (original) +++ poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xdgf/usermodel/XDGFPages.java Sat Oct 7 22:12:30 2023 @@ -25,6 +25,8 @@ import java.util.List; import com.microsoft.schemas.office.visio.x2012.main.PageType; import com.microsoft.schemas.office.visio.x2012.main.PagesDocument; import com.microsoft.schemas.office.visio.x2012.main.PagesType; +import com.microsoft.schemas.office.visio.x2012.main.RelType; + import org.apache.poi.ooxml.POIXMLDocumentPart; import org.apache.poi.ooxml.POIXMLException; import org.apache.poi.openxml4j.opc.PackagePart; @@ -68,7 +70,12 @@ public class XDGFPages extends XDGFXMLDo // this iteration is ordered by page number for (PageType pageSettings: _pagesObject.getPageArray()) { - String relId = pageSettings.getRel().getId(); + RelType rel = pageSettings.getRel(); + if (rel == null) { + throw new IllegalStateException("Could not read relation for page settings"); + } + + String relId = rel.getId(); POIXMLDocumentPart pageContentsPart = getRelationById(relId); if (pageContentsPart == null) Added: poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx URL: http://svn.apache.org/viewvc/poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx?rev=1912794&view=auto ============================================================================== Binary files poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx (added) and poi/trunk/test-data/diagram/clusterfuzz-testcase-minimized-POIVisioFuzzer-6358126418591744.vsdx Sat Oct 7 22:12:30 2023 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912794&r1=1912793&r2=1912794&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
