Author: centic Date: Sat Dec 30 19:39:24 2023 New Revision: 1915003 URL: http://svn.apache.org/viewvc?rev=1915003&view=rev Log: Bug 66425: Avoid exceptions found via poi-fuzz
Prevent ClassCastException Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63736 Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6537773940867072.xls Modified: poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionInfoBuilder.java poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java poi/trunk/test-data/spreadsheet/stress.xls Modified: poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionInfoBuilder.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionInfoBuilder.java?rev=1915003&r1=1915002&r2=1915003&view=diff ============================================================================== --- poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionInfoBuilder.java (original) +++ poi/trunk/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptionInfoBuilder.java Sat Dec 30 19:39:24 2023 @@ -36,6 +36,10 @@ public class AgileEncryptionInfoBuilder @Override public void initialize(EncryptionInfo info, LittleEndianInput dis) throws IOException { + if (!(dis instanceof InputStream)) { + throw new IllegalArgumentException("Had unexpected type of input: " + (dis == null ? "<null>" : dis.getClass())); + } + EncryptionDocument ed = parseDescriptor((InputStream)dis); info.setHeader(new AgileEncryptionHeader(ed)); info.setVerifier(new AgileEncryptionVerifier(ed)); Modified: poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java URL: http://svn.apache.org/viewvc/poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java?rev=1915003&r1=1915002&r2=1915003&view=diff ============================================================================== --- poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java (original) +++ poi/trunk/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java Sat Dec 30 19:39:24 2023 @@ -89,6 +89,7 @@ public abstract class BaseTestIteratingX // fuzzed binaries excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls", RuntimeException.class); excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls", RuntimeException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6537773940867072.xls", RuntimeException.class); return excludes; } Added: poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6537773940867072.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6537773940867072.xls?rev=1915003&view=auto ============================================================================== Binary files poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6537773940867072.xls (added) and poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6537773940867072.xls Sat Dec 30 19:39:24 2023 differ Modified: poi/trunk/test-data/spreadsheet/stress.xls URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1915003&r1=1915002&r2=1915003&view=diff ============================================================================== Binary files - no diff available. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
