This is an automated email from the ASF dual-hosted git repository. centic pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/poi.git
commit d1f0a88ea12ab28604bf0f8fe47d940051757daf Author: Dominik Stadler <[email protected]> AuthorDate: Sun Jan 18 17:23:42 2026 +0100 Avoid NPE in XSLFDiagram Throw IllegalStateException instead Fixes https://issues.oss-fuzz.com/issues/476184825 --- .../org/apache/poi/xslf/usermodel/XSLFDiagram.java | 4 ++++ ...se-minimized-POIXSLFFuzzer-6071540680032256.pptx | Bin 0 -> 25802 bytes test-data/spreadsheet/stress.xls | Bin 76800 -> 77312 bytes 3 files changed, 4 insertions(+) diff --git a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java index 6c89bc8b7f..895745711c 100644 --- a/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java +++ b/poi-ooxml/src/main/java/org/apache/poi/xslf/usermodel/XSLFDiagram.java @@ -181,6 +181,10 @@ public class XSLFDiagram extends XSLFGraphicFrame { textShapeCT.setNvSpPr((CTShapeNonVisual) nonVisualCt.copy()); textShapeCT.getNvSpPr().getCNvSpPr().setTxBox(true); + if (msShapeCt.getSpPr() == null || msShapeCt.getSpPr().getXfrm() == null || msShapeCt.getTxXfrm() == null) { + throw new IllegalStateException("Invalid content in diagram, cannot extract text"); + } + textShapeProps.setXfrm(msShapeCt.getTxXfrm()); int shapeRotation = msShapeCt.getSpPr().getXfrm().getRot(); int textRotation = msShapeCt.getTxXfrm().getRot(); diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-6071540680032256.pptx b/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-6071540680032256.pptx new file mode 100644 index 0000000000..1d8d49a2b9 Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIXSLFFuzzer-6071540680032256.pptx differ diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls index e34a6c478c..7eca50c81b 100644 Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
