From 80264d564868ccb11b7264be7befa546f6d55780 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Thu, 10 Aug 2023 06:14:44 +0000
Subject: [PATCH] Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61330

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911586 13f79535-47bb-0310-9956-ffa450edef68
---
 .../poi/hsmf/datatypes/AttachmentChunks.java  |  56 ++++++++++--------
 ...nimized-POIHSMFFuzzer-4735011465854976.msg | Bin 0 -> 21946 bytes
 test-data/spreadsheet/stress.xls              | Bin 64000 -> 64512 bytes
 3 files changed, 31 insertions(+), 25 deletions(-)
 create mode 100644 test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java b/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java
index 83e5159813..a171fede40 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hsmf/datatypes/AttachmentChunks.java
@@ -181,32 +181,38 @@ public class AttachmentChunks implements ChunkGroup {
         // - ATTACH_LONG_PATHNAME
         // - ATTACH_SIZE
         final int chunkId = chunk.getChunkId();
-        if (chunkId == ATTACH_DATA.id) {
-            if (chunk instanceof ByteChunk) {
-                attachData = (ByteChunk) chunk;
-            } else if (chunk instanceof DirectoryChunk) {
-                attachmentDirectory = (DirectoryChunk) chunk;
-            } else {
-                LOG.atError().log("Unexpected data chunk of type {}", chunk.getEntryName());
-            }
-        } else if (chunkId == ATTACH_EXTENSION.id) {
-            attachExtension = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_FILENAME.id) {
-            attachFileName = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_LONG_FILENAME.id) {
-            attachLongFileName = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_MIME_TAG.id) {
-            attachMimeTag = (StringChunk) chunk;
-        } else if (chunkId == ATTACH_RENDERING.id) {
-            attachRenderingWMF = (ByteChunk) chunk;
-        } else if (chunkId == ATTACH_CONTENT_ID.id) {
-            attachContentId = (StringChunk) chunk;
-        } else {
-            LOG.atWarn().log("Currently unsupported attachment chunk property will be ignored. {}", chunk.getEntryName());
-        }
 
-        // And add to the main list
-        allChunks.add(chunk);
+        try {
+            if (chunkId == ATTACH_DATA.id) {
+                if (chunk instanceof ByteChunk) {
+                    attachData = (ByteChunk) chunk;
+                } else if (chunk instanceof DirectoryChunk) {
+                    attachmentDirectory = (DirectoryChunk) chunk;
+                } else {
+                    LOG.atError().log("Unexpected data chunk of type {}", chunk.getEntryName());
+                }
+            } else if (chunkId == ATTACH_EXTENSION.id) {
+                attachExtension = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_FILENAME.id) {
+                attachFileName = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_LONG_FILENAME.id) {
+                attachLongFileName = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_MIME_TAG.id) {
+                attachMimeTag = (StringChunk) chunk;
+            } else if (chunkId == ATTACH_RENDERING.id) {
+                attachRenderingWMF = (ByteChunk) chunk;
+            } else if (chunkId == ATTACH_CONTENT_ID.id) {
+                attachContentId = (StringChunk) chunk;
+            } else {
+                LOG.atWarn().log("Currently unsupported attachment chunk property will be ignored. {}", chunk.getEntryName());
+            }
+
+            // And add to the main list
+            allChunks.add(chunk);
+        } catch (ClassCastException e) {
+            throw new IllegalArgumentException("ChunkId and type of chunk did not match, had id " +
+                    chunkId + " and type of chunk: " + chunk.getClass(), e);
+        }
     }
 
     /**
diff --git a/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg b/test-data/hsmf/clusterfuzz-testcase-minimized-POIHSMFFuzzer-4735011465854976.msg
new file mode 100644
index 0000000000000000000000000000000000000000..8c037248528f308442523bd5924b454c59d2c1a4
GIT binary patch
literal 21946
zcmeHP3sjWnnSTEnhP%Vyt<gppP?3PZ43`0hi-Tl9k-PV31q6hV%S>QEk!XgbMw_N9
z+O3;ylc3QgC)-U$lWg0qCqeCYlQyR&S(7yFX@aiFCe7JMqG{r3<LvYPGrtZ3Ge5dn
zPqy=Np85Xo`hM^G-QMr}zn@o6M-Cr6I{PeLNBN|rE6xxK^avO5tdRT~qHwqWiqq-j
zU?qS@KYfifP)%0+*-1-gYKPlFJ=~PCX(p+zwt0k)T((CRpI&|HWnl`^nX+ApYp8~7
z;A+KhBV0RK;C3RkTl9CrZ$-`YluWvD%GZ%Xh(Wld@^O-k2}(xDtK3;Z%)g!Ls14jK
z)F7L$D>qR*34+AiECpWY+7eBo+>-pB(agV-x@aSQ?bPI!vj(!7fpkEJup-Yaqn;BW
zKlA?vLfIV^Ie~}AajH8m0PdHZ(M>A&dCUg^!9WNQ3WNdEfOtR+a9d*vph#dU5Cu#J
zW&kq*uFq}2EMPY9P2hH54#4w8G+ZsfZ5Ip71?B<sfjD3Ra0kF?6W}HS3xOnn+b;#+
z{-6iyfHWW-$N&sLCXfYiH!}h`KrWC6<O7QU6Hovw1`2^Y0d7Oqb}_I7SPGN?%Yag#
z3@8UGfJ&eWs0Nk;D}a^2DquCR23QN+1*`+s1K$ER05w1@!18T`TMsn2{qCmtKXLxI
z$A8!q1*9Mv5`RZ`T<!cC|M<uJ=TeR9_g0U8sgp_bfPeh|ZH<5L{Vz?{`onX+65zh%
z*|#Tpmh452_s&064*#ob|BdqRz}jDr)!#P3>R*G^iPvGzKS?$t)_*NLyk7DeGamU`
z|Ld^w+p&t(Q}d*2kn6TTc&#4KKH~aFc8BD8){*spBm8;YWdi@J`sX!!Jd*fIu4kHw
z+n?>80#WC_>>pln*hZ1t{%k|A?ZV`Ze;TX^x%L<HW^$G4{g>?+wsDxe^Ir`9dO)()
zTzNcy+5Tf2jcsbV{MnXbTa3vY|8$YJZ~n0;M-*PB{A|~?Gjou4{<6lu!23|PN#)AV
zHmn@^4U@3HCnG<P6CSTj-sCsHnw8W4*fwWdTdw@v_qY!-dE@Wu{qpu7laXJt@qP2>
zzURCD@mS_Ph+O%3pTT<+ritY*1m|p7{3Y4t^5^m5yZ<wPdGjCd!PtJ2%RdHbefNLn
zf9F>szg9MX-UIvWf8xHA+f%Om(Maoi{IUE+a`=n;Z?>D|^5?y>@9}4L>)*Hh%vT~5
zEsK1wKW3~tS+eBka{=Dta~<R`=f1buop9pu$NYKx`IP_a`HNisTvuQGdDfBseAyp-
z#=&hWmp`ZXHUGHye>L+D_kA@_7@&#t@3Q>m*&lqi!{<73<!4*jm;L4HdGgkO<|`43
z_DO+Ak>E}>k^C<Hvi3jXT*_r~9egrJ0-h`Q42sD+fBENslaZgB-q-x+lAqh(=lCO@
zPx(+ouKc`LWP63lyZnW+_)D_O<<I*CU;J6_G;#g&E&pWsU%&so$@6bf?@}E^rTX}J
z0P(xsr%+rMZ{WQJ@2%LzWILPp8Ek7`fBwsBz<B4sQrSF5@UwLOD}_t$Tz9<W_jGxz
zdiwd<^Zb{0N0T}Ky}m4O{;&G{w+?mR2uSC@jd<P!Gy%<k1>m)+1!x7@0Ja^ifDO1C
z=m0taJJ1Dm16zQtKo77D=mqWpwgWo=NoKqFwuRsS*ud)p)T0s4n^C?6d^lDMJ7i*7
zfK(RbvZ8i%s0F{LNkwa<WA9=h6J+7jl}3c})7TRNiGLDmE|t`P^m6HD^XtVL>*TT<
zlTNY`Ty7fXK}iZZ`rvm7qqV2?(4H1=TZ-KJ<300u^bz%zEu1P89Z|jX;L<ZipN*Hs
zTUaO-gH{ak(z}YfE`71{j1r^0qu$n}PtCY5Raw|<Z)?>nbxuJkd>-mh99EtWnx=4Q
zluoJ)SQWf7=vZWix=JZ1=-c(pp+lXG_S8W7L*S{%jI@BFY5%U9x=2Cqq-)wD3xh9&
ze4aDwUbU_}BQiC-ww@}(LWG92IK#}^uqV>B8b!kTV)ZehU#-d3=BkfrAK0pXl^jNE
zUTm;!Ub``1q`8rXI+LDkn=-7d?X(JxB-MeRv}sAuP8n{Dc_TLZiFdYWQ(_j))v5*?
zVxOOD>QfKeZN`+8EpdaI<Sl8*s==m|6{hNxYI9+d`dIoGy4d{4!l-|kUKx5QzGl`P
z)~2*5U36t*T|-TLnfjB27n2r6oiV6Ka_0s)gnn&%U63QM_+rRNK!2TGbyRggp$i!)
zvClP?%`<3M&+pT2)2m0~V<~Dlpg+W+JrU$+uynQE5ucwtph_rA*9o2Wp4P@)@#TiS
zp@(u~l9ECXJ*-Vh2qeQf?VW-~ALg*wEedUbHX-G;tn;?yvY5(p)gTSkwl37RT5=N7
zhPyB1#D^Xh_9}I~G_*h$=CB!c^=-5J^Pb9Ik@QsHu)-8`G+Afr*Q<0N<zH4zO``s7
zu{yQZ<d|i8H))fuU#aOa#{M9vEp~SQ_RvFh#+>05?JYS&ouPy6Ik8KQ_t*mZ%_sAI
zc-uu|Xlif%W&MGzF%H%Jdabd*c)Y7UpwE0_NuRl>JAkZ4ZHS{N!aQ6QI5JDK<zk4V
zc#+W-YzwPgvS;Z)PRY}yN;3^9HQAl|%nNxxim5CZHk?Z`3>OWRA9yREKc-UWXpPxt
zn^#*A>MXoVb3X6k;!DbrlFG8mij&Wq<4mE0P1%Eiwe`l-pxc+{y;*QEBReBGtx=`V
zGV~{BFaB=+%FGd6a#n^)|E)b6rkmp~<epr6AwOpAK4Y!H9G5lpaehXPVPmvD#qe%M
zL}N{FRF7d_%EIUbt7T8r?u^EnwYh=A4Lv!plC5b?UQu<<Yv$p+&{XY}?zZojKi51G
zb%<h=y0)o*)$8UslsfDDnYB^t<{W&h#d`OVsQ<{eX>)T==xhHHRvVznt2MM=#ynip
z@#05YYNFN|63^P~|CW>4_2R|u(`rq6R<ubmb=k;b;p4pNm4ydlwRu6)djAl1&Z*Q#
z>Fybb`sKP2!_gxBvXP#KeR&HCp5CBYyk%9zf}i%j+gGo*cV(6(p0$=Aa5i62n;NQi
zJME?iQ%e=?mp`%wZI8;Z*QF??K9uskG^cfD=;IIlF0{|OAoS?opLKuvqA=7@^_{4m
zML(#BdP<jg_DV|biNAAxKYIV^9}cv9u_NY%l-85Y&PQq<yD;!sX7hcC>JyL6NjuQE
z{m`JdnPU7np7~wtL_22iDVRMN^6BR0PvNHL&s)uZa;wEyy)MTa=@sIe=&^BfLY9}U
zs5F)@EvzUlSgub_O-s)(n2M^+=H#MkIoZAHUseG~)R!22_=Q87S&z2UABBh&Y@R#3
zt&9A&U6T4{^(VZ1YV|Lg_I2ef-~9TLfyaJa_218Y-Zmn)=4^BEZIv6hpKiAP*EAu&
z&Ymf~>)A8q#Lu^~{cg7Z-fa6V#n>x@bz6>kkjuJJ5|EKQzT`^fm?%ic;nF)q0|k%r
zE9vtHj%RAe4H6|?68#+3j$MS3rlj+84-R}R=&8{Zpk_bcl~LkG&qVug9W2kHuju@H
zCwRM$pC;rloxJe;?Cbn(9?FXYcn=K6Cw&_!cn`}ok^HWAfAZcxFkgvWrF#Fp57BGg
zNxbvt^B>>uKjxz>-XCxs+{Jozc<(1A@XlXqg(4~W7+1P~HW~T*P>QefCzt-^oqxrn
zJbtGsSAGZ5%4>gF?|&zK{&KHu{=UzDQIwzj8t`ktuK~XX{2K6Uz^?(n2K*ZEYrwAo
zzXtpo_<CvJ0mU?2<P_);TrZFgh^`$KeZ6Gy*Y@kH0TWT}Cr$;K#49f@IReEa-VR*A
zs1q+@@FD7LR9JEw)hrPL>fp952@mK5?7&#rjZ|Rz)OipeBZjM_*hm~6^Ti3i0>Bq7
zY$&?}ZUcRY>k@T%p~hD__=7@=>7w&lxYzQk@!F>jS4UcrlT&K1tKaSPjX&d}Rr;HO
zB!ntkT@NaR)N!yvywH<MEv8G(6S#69-boXAh2zq37wW^;F}O}#JAT2zN82njlZjT=
zK2D#E(oY0FkK|8x+mWXk*G{C*c^h#J#g#jR@)HCbF16tBv6NP!1VJeE(C`c&C1_EP
zF7W6E_`_7OGzU5O1I`V#0!<Ybdz2PFN*{ccVl`^FQ9LNs;Iq|fhZ|@*ux_5PexAS=
zF|Jr2rx>A}*2CwbaOB|jwm=K4gC0@adhz4ZIcWRoR8gX!DqsUp2fsC*SV9&Nv<yI3
z(D1W#ILQ~N`0`XVz!#T_fu%qRPzF2<;MCVe4mb?j+!2_dxv98FFJ<0n+>O+ezb@X7
z(_e8AxS!#OUmbHeUk+trUAUe(C2NeYn6cL40M;CTZpEq6kj@i=s4Yae2$xe7;?*Y}
zlwd&bxg+>W)G*$1ey=!;_Eu@gToOs4t&#Lt?>A|;dJg?!TNDih$I_nlu@tv8p8gn~
zK$kWqP)TnhJrS{xwpTBt`rd`~LU0l-sMS$iU^;!aHj|oHWs!QLk^1K3)4&=N?W!y!
z;|eoPZ(d5)mZkJ&>N5Hua~Yj0T}HplFQfeEaym4>oPIUCg5JulqP=ZZG&E}!nRl$F
z4|c4l?@p<q|GKk|?pJN3%B+plUA>83ncGB5RyEOSTN9b`H`CCD&2(`}3neaYp+76`
zruOo!^yKtj`c7LfX)7GGrFkcHta*TT&)Y@TtX=e|br&6pe~`|ueTb$k-a~1&y;PaG
zkIvrp_w;t@etJ6PVS2;<kMv~MkLdBlN9nob1GI4FL8`4fNW~F{NY(T-{YLZ8)EM*(
z={ldGcdC9uzh8TV9ASgBdizoOZPPKzTJt>pD&t>h-;AHq+KQi(ZvDT~@#f=H6nKhu
zXP%;y`j_ZE&9Cw4^((Yw*>5Sc@-(fqoTizJUq}63rw8NTpyu*7>9rYeQ_HfqslWO6
zRGa+{X)N#3Z&shh^!uM=%zBS%lHaGFt$m-8*1b=*=^xOq>p!IOO@E?|B_ETr@l(3b
z@>kklaD|>VI>~7w$JOCYuiRc8E{Lz(++D)$D8vy94-a6I`(=gGiFp%UZ6&6-7Ql)-
zcJ1g;*S|p>8^Src<4H7YOdi)gXFlyuN7vS4YUg`tu4n!VD4YKDPiKmF0-h}+uMX+c
zfmHmtp6_<&cFDjuIVYOf#;ZN^b-gj-U+MXJxqZvP1F(2zKlHCq1S(YlDups&*EZ53
z*dgi1>294Bm~{DnGIS!k9PSpl{H;1q$9(@W1LY`4r4kfEP@qC3%^Fg}A%$z=T#iY*
z4bwg^vzRL4MDAgM0ScxGxffs=wty4o$wr>OKt&iPDS_#Tf(HL`&s!F0J{@qkZ7~)n
zUM$;?$NtRmpY#7U2%t}bcL&qRFBKntd03Q;+tJmQu6Mnzo3$q7adpH1QffG17;r6A
z%!-itN*d9i1tdR${3KfgPXrDHJx9+`UtcP}{`MeVd>J=Giffs5_eXL&NqzcSgy&OP
zCHq1~oDpdGMMUQ@JYXc;I}v!AWa6c7G&!A9-2ve+99?&D*>sD?=;!|<k}VoNt|Vi}
z_vo_xKEDQTnFg+4dBKc6hCfet!#f8)y<E|(`SIRhN?h>l+dTblMFfBR$npIE=Vbet
z7wSQP7o6h&TaYgSY-gSUc(oV?cz|94aQ~TtQ3wyC>2Uc1V>;Y$xF)z$;FiMWO9N}*
zvNc)@R|B^hE?cHHxXho2F@FrkaUa%OTN}0UI-NP2?`MeNTqh<@Bj=gxP;TvLt7}be
zuwpyN`NS{_3a{%F@8(Nov4@}e<CZc@eTTKvy2-As*tE$~->6+}?Px%_36RLd59fnh
z8c)6~cs{fKAdaX<UWnLla=UQ+<kx_F4V-fvk)PO~^44nLT;Ef-wgP_cehvJMXu$Kr
zyU;(mi{RI;eNQgmHPtF<MmXC;yv{R)QH0vluMjRruzv@DkHQ4}J5bTjVNCe9gQMc3
zNzic|Z%^1>h$e;TXIskUSBm~*w_hQIiGKcP0Iu?PvVj&#dqg*k_KPl?I^$EY)>V}u
NS9H<%ss8_l{tpX^&Taqz

literal 0
HcmV?d00001

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index b8bae8e3d9f5ea94773b646a26ca5e4e0c61a95d..6b2bb8488f6a126d1aede847a5dfe317815933f0 100644
GIT binary patch
delta 529
zcmZqp!rbtKc>@a*XEg%@!@vLk|JQ8hWxCGDST*?}v-BjE95#X3e76HmPcC9<V><h0
z^DmZT%$yD97v2gueUp)S^1(*)O`IM25{+d*-3(j|t`*6t1tppJdBv>^0t{=;PhMaV
z#`=+&fgxk_Zwpxk#;cnpBa_A1-GBncxoMLP@>Mi~ecjwjtEy6qbWO~SO$`hUP0UO!
zOie7!&Gd4M)72RmoHI)EvOQBK_h%_=t|{2WFSiP4)t@#7hLouc3^|J#7(_NQFnrj<
zz%b_&1B2T6$^AD1HqU9O7GPYpSz_W(XGsnw0frSoE$j@cj38G!F!D2i#8z%*x_XtV
z{x8tkAZaItG@vwu#|Y%{0L36YCXgJE$H>G6RLKnFLBv^rEFHKiRt8^&bf5_kRcugI
zD^W~d$pA8$1FB~w1JL9M2B0s%npVP%Ude!L^hyR~qgOJ3jK0nw!QjNgz_5iOfFTME
z+A#?+Y+>u0{O!5{_fnwQK+_qPGAx}O^i^YW<P8-e?TZWy-nSSS4nJaG;C{`(5d3Cy
Q|BXV~$puYo7ky&^0B?DWGynhq

delta 267
zcmZqp!QAkLc>@a*XB7hj!@vLk|5tD3WxCGD31Wir#6aOmEIDis8sBr@JT<w9rH!fT
z_2yqJ$Cx=8cHRRD-DG5*Y}jPJiL*mrg0Bo{2m=>`YejNuK}lwQUU4gf07K-t$qOvP
zSf4X9Fr;n%Z6T|`n6z0kGFg1{`+`mUaw~v3I@=f+K2Bj^__>IIVc`Y_hT1(044S7H
z7_Oh)yuabJ0ON|y-4lO0Z(eit7?b>U1`&odpiw;x0Sr+{(2hxnVGCRDWY3!heDfKY
zfTl7s%m+dyrpYV5sZL&VQ$^^;c?O0bHy9WS9x^cOcnMVTdh-5;fXzm?6lE9vU;zNh
C0cCRl