org...

centic Sat, 07 Oct 2023 15:12:53 -0700

Author: centic
Date: Sat Oct  7 22:12:43 2023
New Revision: 1912796

URL: http://svn.apache.org/viewvc?rev=1912796&view=rev
Log:
Bug 66425: Avoid Exceptions found via oss-fuzz


We try to avoid throwing ClassCastExceptions,
but it was possible to trigger one here with a specially
crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62795

Added:
    
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls
Modified:
    
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hssf/converter/TestExcelConverterSuite.java
    poi/trunk/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java
    
poi/trunk/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java
    
poi/trunk/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
    
poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
    
poi/trunk/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java
    poi/trunk/test-data/spreadsheet/stress.xls

Modified: 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hssf/converter/TestExcelConverterSuite.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hssf/converter/TestExcelConverterSuite.java?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hssf/converter/TestExcelConverterSuite.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/test/java/org/apache/poi/hssf/converter/TestExcelConverterSuite.java
 Sat Oct  7 22:12:43 2023
@@ -38,15 +38,16 @@ import org.junit.jupiter.params.Paramete
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 
-public class TestExcelConverterSuite
-{
+public class TestExcelConverterSuite {
     /**
      * YK: a quick hack to exclude failing documents from the suite.
      */
-    @SuppressWarnings("ArraysAsListWithZeroOrOneArgument")
     private static final List<String> failingFiles = Arrays.asList(
-            /* not failing, but requires more memory */
-            "ex45698-22488.xls" );
+            // not failing, but requires more memory
+            "ex45698-22488.xls",
+            // broken documents
+            "clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls"
+    );
 
     public static Stream<Arguments> files() {
         List<Arguments> files = new ArrayList<>();

Modified: 
poi/trunk/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
--- poi/trunk/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java 
(original)
+++ poi/trunk/poi/src/main/java/org/apache/poi/hssf/model/InternalWorkbook.java 
Sat Oct  7 22:12:43 2023
@@ -466,7 +466,11 @@ public final class InternalWorkbook {
             "There are only " + numfonts + " font records, but you asked for 
index " + idx);
         }
 
-        return ( FontRecord ) records.get((records.getFontpos() - (numfonts - 
1)) + index);
+        Record record = records.get((records.getFontpos() - (numfonts - 1)) + 
index);
+        if (!(record instanceof FontRecord)) {
+            throw new IllegalStateException("Did not have the expected 
record-type FontRecord: " + record.getClass());
+        }
+        return ( FontRecord ) record;
     }
 
     /**

Modified: 
poi/trunk/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
--- 
poi/trunk/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java 
(original)
+++ 
poi/trunk/poi/src/main/java/org/apache/poi/hssf/usermodel/HSSFShapeFactory.java 
Sat Oct  7 22:12:43 2023
@@ -51,7 +51,11 @@ public class HSSFShapeFactory {
     public static void createShapeTree(EscherContainerRecord container, 
EscherAggregate agg, HSSFShapeContainer out, DirectoryNode root) {
         if (container.getRecordId() == EscherContainerRecord.SPGR_CONTAINER) {
             ObjRecord obj = null;
-            EscherClientDataRecord clientData = ((EscherContainerRecord) 
container.getChild(0)).getChildById(EscherClientDataRecord.RECORD_ID);
+            EscherRecord child = container.getChild(0);
+            if (!(child instanceof EscherContainerRecord)) {
+                throw new IllegalArgumentException("Had unexpected type of 
child: " + child.getClass());
+            }
+            EscherClientDataRecord clientData = ((EscherContainerRecord) 
child).getChildById(EscherClientDataRecord.RECORD_ID);
             if (null != clientData) {
                 obj = (ObjRecord) agg.getShapeToObjMapping().get(clientData);
             }

Modified: 
poi/trunk/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
--- 
poi/trunk/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
 (original)
+++ 
poi/trunk/poi/src/main/java/org/apache/poi/util/LittleEndianByteArrayInputStream.java
 Sat Oct  7 22:12:43 2023
@@ -87,7 +87,7 @@ public class LittleEndianByteArrayInputS
 
     public void setReadIndex(int pos) {
        if (pos < 0 || pos >= count) {
-            throw new IndexOutOfBoundsException();
+            throw new IndexOutOfBoundsException("Invalid position: " + pos + " 
with count " + count);
        }
        this.pos = pos;
     }

Modified: 
poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
--- 
poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java 
(original)
+++ 
poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffDrawingToXml.java 
Sat Oct  7 22:12:43 2023
@@ -55,6 +55,7 @@ class TestBiffDrawingToXml extends BaseT
         excludes.put("44958_1.xls", 
RecordInputStream.LeftoverDataException.class);
         excludes.put("protected_66115.xls", EncryptedDocumentException.class);
         
excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5285517825277952.xls",
 IllegalArgumentException.class);
+        
excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls",
 IllegalArgumentException.class);
         return excludes;
     }
 

Modified: 
poi/trunk/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
--- 
poi/trunk/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java 
(original)
+++ 
poi/trunk/poi/src/test/java/org/apache/poi/hssf/model/TestDrawingAggregate.java 
Sat Oct  7 22:12:43 2023
@@ -21,6 +21,7 @@ import static org.junit.jupiter.api.Asse
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertSame;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.ByteArrayInputStream;
@@ -163,6 +164,12 @@ class TestDrawingAggregate {
                 DrawingAggregateInfo info = DrawingAggregateInfo.get(sheet);
                 if(info != null) {
                     aggs.put(i, info);
+                    if 
(file.getName().equals("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls"))
 {
+                        assertThrows(IllegalArgumentException.class,
+                                sheet::getDrawingPatriarch);
+                        return;
+                    }
+
                     HSSFPatriarch p = sheet.getDrawingPatriarch();
 
                     // compare aggregate.serialize() with raw bytes from the 
record stream
@@ -172,7 +179,8 @@ class TestDrawingAggregate {
                     byte[] dgBytes2 = agg.serialize();
 
                     assertEquals(dgBytes1.length, dgBytes2.length, "different 
size of raw data ande aggregate.serialize()");
-                    assertArrayEquals(dgBytes1, dgBytes2, "raw drawing data (" 
+ dgBytes1.length + " bytes) and aggregate.serialize() are different.");
+                    assertArrayEquals(dgBytes1, dgBytes2,
+                            "raw drawing data (" + dgBytes1.length + " bytes) 
and aggregate.serialize() are different.");
                 }
             }
 

Added: 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls?rev=1912796&view=auto
==============================================================================
Binary files 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls
 (added) and 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-5436547081830400.xls
 Sat Oct  7 22:12:43 2023 differ

Modified: poi/trunk/test-data/spreadsheet/stress.xls
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1912796&r1=1912795&r2=1912796&view=diff
==============================================================================
Binary files - no diff available.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1912796 - in /poi/trunk: poi-scratchpad/src/test/java/org/apache/poi/hssf/converter/ poi/src/main/java/org/apache/poi/hssf/model/ poi/src/main/java/org/apache/poi/hssf/usermodel/ poi/src/main/java/org/apache/poi/util/ poi/src/test/java/org...

Reply via email to