Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible to trigger one here with a specially crafted input-file Also add SXSSFWorkbook.write() to integrationtests Fixes https://oss-fuzz.com/testcase-detail/5185049589579776 git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912162 13f79535-47bb-0310-9956-ffa450edef68
apache · Sep 7, 2023 · e686e84 · e686e84
1 parent 5c2a894
commit e686e84
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 1 deletion.
diff --git a/poi-integration/src/test/java/org/apache/poi/stress/XSSFFileHandler.java b/poi-integration/src/test/java/org/apache/poi/stress/XSSFFileHandler.java
@@ -28,6 +28,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 import java.io.PrintStream;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -54,6 +55,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more
 import org.apache.poi.util.IOUtils;
 import org.apache.poi.xssf.eventusermodel.XSSFReader;
 import org.apache.poi.xssf.extractor.XSSFExportToXml;
+import org.apache.poi.xssf.streaming.SXSSFWorkbook;
 import org.apache.poi.xssf.usermodel.XSSFMap;
 import org.apache.poi.xssf.usermodel.XSSFSheet;
 import org.apache.poi.xssf.usermodel.XSSFWorkbook;
@@ -115,6 +117,13 @@ public void handleFile(InputStream stream, String path) throws Exception {
         // and finally ensure that exporting to XML works
         exportToXML(wb);
 
+        // also try to read and write the sheet via SXSSF
+        try (SXSSFWorkbook swb = new SXSSFWorkbook(wb)) {
+            try (OutputStream out = NullOutputStream.INSTANCE) {
+                swb.write(out);
+            }
+        }
+
         // this allows to trigger a heap-dump at this point to see which memory is still allocated
         //HeapDump.dumpHeap("/tmp/poi.hprof", false);
 

diff --git a/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFTable.java b/poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFTable.java
@@ -803,7 +803,12 @@ public int getColumnCount() {
      *  manually add cells with values of "Column1", "Column2" etc first.
      */
     public void updateHeaders() {
-        XSSFSheet sheet = (XSSFSheet)getParent();
+        final POIXMLDocumentPart parent = getParent();
+        if (!(parent instanceof XSSFSheet)) {
+            throw new IllegalArgumentException("Had unexpected type of parent: " + (parent == null ? "<null>" : parent.getClass()));
+        }
+
+        XSSFSheet sheet = (XSSFSheet) parent;
         CellReference ref = getStartCellReference();
         if (ref == null) return;
 

diff --git a/poi-ooxml/src/test/java/org/apache/poi/xssf/streaming/TestSXSSFWorkbook.java b/poi-ooxml/src/test/java/org/apache/poi/xssf/streaming/TestSXSSFWorkbook.java
@@ -33,6 +33,7 @@
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.time.LocalDate;
 import java.util.Arrays;
 
@@ -725,4 +726,13 @@ private void testUseSharedStringsTableWithRichText(boolean compressTempFiles) th
         }
     }
 
+    @Test
+    void writeBrokenFile() throws IOException {
+        try (final Workbook wb = _testDataProvider.openSampleWorkbook("clusterfuzz-testcase-minimized-POIXSSFFuzzer-5185049589579776.xlsx")) {
+            try (OutputStream out = NullOutputStream.INSTANCE) {
+                assertThrows(IllegalArgumentException.class,
+                        () -> wb.write(out));
+            }
+        }
+    }
 }
diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5185049589579776.xlsx b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIXSSFFuzzer-5185049589579776.xlsx
diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls