diff --git a/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java b/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java index d840078c73e..16786e6dae2 100644 --- a/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java +++ b/poi/src/main/java/org/apache/poi/hssf/record/SSTDeserializer.java @@ -48,7 +48,9 @@ public void manufactureStrings(int stringCount, RecordInputStream in) { UnicodeString str; if (in.available() == 0 && (!in.hasNextRecord() || in.getNextSid() != ContinueRecord.sid)) { LOG.atError().log("Ran out of data before creating all the strings! String at index {}", box(i)); - str = new UnicodeString(""); + + // not much sense in trying to continue reading in this case, file seems to be broken + return; } else { str = new UnicodeString(in); } diff --git a/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java b/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java index a4e76fab89e..92021f2f261 100644 --- a/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java +++ b/poi/src/main/java/org/apache/poi/poifs/filesystem/DocumentInputStream.java @@ -169,7 +169,8 @@ public int read(byte[] b, int off, int len) throws IOException { throw new IllegalArgumentException("buffer must not be null"); } if (off < 0 || len < 0 || b.length < off + len) { - throw new IndexOutOfBoundsException("can't read past buffer boundaries"); + throw new IndexOutOfBoundsException("can't read past buffer boundaries with off: " + off + + ", len: " + len + ", b.length: " + b.length); } if (len == 0) { return 0; diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java b/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java index 26627b5a9b1..6e18940a721 100644 --- a/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java +++ b/poi/src/test/java/org/apache/poi/hssf/dev/BaseTestIteratingXLS.java @@ -88,6 +88,7 @@ protected Map> getExcludes() { excludes.put("64130.xls", OldExcelFormatException.class); // fuzzed binaries excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6322470200934400.xls", RuntimeException.class); + excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls", RuntimeException.class); return excludes; } diff --git a/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java b/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java index c627bbfc558..3dcdf87a272 100644 --- a/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java +++ b/poi/src/test/java/org/apache/poi/hssf/record/TestSSTDeserializer.java @@ -18,6 +18,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more package org.apache.poi.hssf.record; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.IOException; import java.io.InputStream; @@ -137,6 +138,7 @@ void test65543() throws IOException { deserializer.manufactureStrings(2, in); assertEquals("At a dinner party or", strings.get(0) + ""); - assertEquals("", strings.get(1) + ""); + assertThrows(IndexOutOfBoundsException.class, + () -> strings.get(1)); } } diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls new file mode 100644 index 00000000000..524001f77e3 Binary files /dev/null and b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-4819588401201152.xls differ diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls index 2352603880a..d06a4e4d5b7 100644 Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ