svn commit: r1914401 - in /poi/trunk: poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/ poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/ poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/ test-data/spreadsheet/

centic Wed, 06 Dec 2023 11:49:39 -0800

Author: centic
Date: Wed Dec  6 19:49:34 2023
New Revision: 1914401

URL: http://svn.apache.org/viewvc?rev=1914401&view=rev
Log:
Bug 66425: Avoid exceptions found via poi-fuzz


Capture and report integer overflow as normal
parsing/format exceptions

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63628

Added:
    
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
Modified:
    
poi/trunk/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
    
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
    
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
    poi/trunk/test-data/spreadsheet/stress.xls

Modified: 
poi/trunk/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java?rev=1914401&r1=1914400&r2=1914401&view=diff
==============================================================================
--- 
poi/trunk/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
 (original)
+++ 
poi/trunk/poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/XLSX2CSV.java
 Wed Dec  6 19:49:34 2023
@@ -212,7 +212,7 @@ public class XLSX2CSV {
                   styles, null, strings, sheetHandler, formatter, false);
             sheetParser.setContentHandler(handler);
             sheetParser.parse(sheetSource);
-         } catch(ParserConfigurationException e) {
+         } catch (ParserConfigurationException e) {
             throw new RuntimeException("SAX parser appears to be broken - " + 
e.getMessage());
          }
     }
@@ -234,7 +234,12 @@ public class XLSX2CSV {
                 String sheetName = iter.getSheetName();
                 this.output.println();
                 this.output.println(sheetName + " [index=" + index + "]:");
-                processSheet(styles, strings, new SheetToCSV(), stream);
+
+                try {
+                    processSheet(styles, strings, new SheetToCSV(), stream);
+                } catch (NumberFormatException e) {
+                    throw new IOException("Failed to parse sheet " + 
sheetName, e);
+                }
             }
             ++index;
         }

Modified: 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java?rev=1914401&r1=1914400&r2=1914401&view=diff
==============================================================================
--- 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
 (original)
+++ 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/XSSFEventBasedExcelExtractor.java
 Wed Dec  6 19:49:34 2023
@@ -289,7 +289,7 @@ public class XSSFEventBasedExcelExtracto
             }
 
             return text.toString();
-        } catch (IOException | OpenXML4JException | SAXException e) {
+        } catch (IOException | OpenXML4JException | SAXException | 
NumberFormatException e) {
             LOGGER.atWarn().withThrowable(e).log("Failed to load text");
             return "";
         }

Modified: 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java?rev=1914401&r1=1914400&r2=1914401&view=diff
==============================================================================
--- 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java 
(original)
+++ 
poi/trunk/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFSheet.java 
Wed Dec  6 19:49:34 2023
@@ -146,7 +146,7 @@ public class XSSFSheet extends POIXMLDoc
     protected void onDocumentRead() {
         try (InputStream stream = getPackagePart().getInputStream()) {
             read(stream);
-        } catch (IOException e){
+        } catch (IOException | ArithmeticException e){
             throw new POIXMLException(e);
         }
     }

Added: 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx?rev=1914401&view=auto
==============================================================================
Binary files 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
 (added) and 
poi/trunk/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5937385319563264.xlsx
 Wed Dec  6 19:49:34 2023 differ

Modified: poi/trunk/test-data/spreadsheet/stress.xls
URL: 
http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/stress.xls?rev=1914401&r1=1914400&r2=1914401&view=diff
==============================================================================
Binary files - no diff available.



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@poi.apache.org
For additional commands, e-mail: commits-h...@poi.apache.org

svn commit: r1914401 - in /poi/trunk: poi-examples/src/main/java/org/apache/poi/examples/xssf/eventusermodel/ poi-ooxml/src/main/java/org/apache/poi/xssf/extractor/ poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/ test-data/spreadsheet/

Reply via email to