svn commit: r1899073 - in /poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel: HSLFShape.java HSLFShapeFactory.java HSLFSlideShowEncrypted.java

Sat, 19 Mar 2022 23:52:55 -0700 

Author: centic
Date: Sun Mar 20 06:52:51 2022
New Revision: 1899073

URL: http://svn.apache.org/viewvc?rev=1899073&view=rev
Log:
Fix issues found when fuzzing Apache POI via Jazzer

Throw RecordFormatException instead of NPE or assertion for
cases that can be triggered by a malformed document

Modified:
    
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
    
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
    
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java

Modified: 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java?rev=1899073&r1=1899072&r2=1899073&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
 Sun Mar 20 06:52:51 2022
@@ -50,6 +50,7 @@ import org.apache.poi.sl.usermodel.Prese
 import org.apache.poi.sl.usermodel.Shape;
 import org.apache.poi.sl.usermodel.ShapeContainer;
 import org.apache.poi.sl.usermodel.ShapeType;
+import org.apache.poi.util.RecordFormatException;
 import org.apache.poi.util.Removal;
 import org.apache.poi.util.StringUtil;
 import org.apache.poi.util.Units;
@@ -167,6 +168,9 @@ public abstract class HSLFShape implemen
                 LOG.atWarn().log("EscherSpRecord.FLAG_CHILD is set but 
EscherChildAnchorRecord was not found");
             }
             EscherClientAnchorRecord clientRec = 
getEscherChild(EscherClientAnchorRecord.RECORD_ID);
+            if (clientRec == null) {
+                throw new RecordFormatException("Could not read record 
'CLIENT_ANCHOR' with record-id: " + EscherClientAnchorRecord.RECORD_ID);
+            }
             x1 = clientRec.getCol1();
             y1 = clientRec.getFlag();
             x2 = clientRec.getDx1();

Modified: 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java?rev=1899073&r1=1899072&r2=1899073&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShapeFactory.java
 Sun Mar 20 06:52:51 2022
@@ -42,6 +42,7 @@ import org.apache.poi.hslf.record.Record
 import org.apache.poi.hslf.record.RecordTypes;
 import org.apache.poi.sl.usermodel.ShapeContainer;
 import org.apache.poi.sl.usermodel.ShapeType;
+import org.apache.poi.util.RecordFormatException;
 
 /**
  * Create a <code>Shape</code> object depending on its type
@@ -90,9 +91,12 @@ public final class HSLFShapeFactory {
      }
 
     public static HSLFShape createSimpleShape(EscherContainerRecord 
spContainer, ShapeContainer<HSLFShape,HSLFTextParagraph> parent){
-        HSLFShape shape = null;
         EscherSpRecord spRecord = 
spContainer.getChildById(EscherSpRecord.RECORD_ID);
+        if (spRecord == null) {
+            throw new RecordFormatException("Could not read EscherSpRecord as 
child of " + spContainer.getRecordName());
+        }
 
+        final HSLFShape shape;
         ShapeType type = ShapeType.forId(spRecord.getShapeType(), false);
         switch (type){
             case TEXT_BOX:
@@ -167,5 +171,4 @@ public final class HSLFShapeFactory {
         }
         return null;
     }
-
 }

Modified: 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java?rev=1899073&r1=1899072&r2=1899073&view=diff
==============================================================================
--- 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
 (original)
+++ 
poi/trunk/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowEncrypted.java
 Sun Mar 20 06:52:51 2022
@@ -47,6 +47,7 @@ import org.apache.poi.util.Internal;
 import org.apache.poi.util.LittleEndian;
 import org.apache.poi.util.LittleEndianByteArrayInputStream;
 import org.apache.poi.util.LittleEndianByteArrayOutputStream;
+import org.apache.poi.util.RecordFormatException;
 
 /**
  * This class provides helper functions for encrypted PowerPoint documents.
@@ -100,7 +101,9 @@ public class HSLFSlideShowEncrypted impl
         }
 
         org.apache.poi.hslf.record.Record r = 
recordMap.get(userEditAtomWithEncryption.getPersistPointersOffset());
-        assert(r instanceof PersistPtrHolder);
+        if (!(r instanceof PersistPtrHolder)) {
+            throw new RecordFormatException("Encountered an unexpected 
record-type: " + r);
+        }
         PersistPtrHolder ptr = (PersistPtrHolder)r;
 
         Integer encOffset = 
ptr.getSlideLocationsLookup().get(userEditAtomWithEncryption.getEncryptSessionPersistIdRef());



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to