From 8e40aabb187903a8d8cf60d6bbff23d3023751a6 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Mon, 7 Aug 2023 16:18:46 +0000
Subject: [PATCH] Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61259

Also fix handling of NullPointerException

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911517 13f79535-47bb-0310-9956-ffa450edef68
---
 .../org/apache/poi/stress/TestAllFiles.java   |  21 +++++++++++++-----
 .../poi/hslf/usermodel/HSLFSlideShowImpl.java |   7 +++++-
 ...nimized-POIHSLFFuzzer-6416153805979648.ppt | Bin 0 -> 15360 bytes
 test-data/spreadsheet/stress.xls              | Bin 60416 -> 60928 bytes
 4 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt

diff --git a/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java b/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java
index ed96cde4e8..5171158965 100644
--- a/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java
+++ b/poi-integration/src/test/java/org/apache/poi/stress/TestAllFiles.java
@@ -253,13 +253,22 @@ public class TestAllFiles {
             Exception e = assertThrows((Class<? extends Exception>)exClass, exec, errPrefix + " expected " + exClass);
             String actMsg = pathReplace(e.getMessage());
 
-            // verify that message is either null for both or set for both
-            assertTrue(actMsg != null || StringUtils.isBlank(exMessage),
-                    errPrefix + " for " + exClass + " expected message '" + exMessage + "' but had '" + actMsg + "'");
+            // perform special handling of NullPointerException as
+            // JDK started to add more information in some newer JDK, so
+            // it sometimes has a message and sometimes not!
+            if (NullPointerException.class.isAssignableFrom(exClass)) {
+                if (actMsg != null) {
+                    assertTrue(actMsg.contains(exMessage), errPrefix + "Message: "+actMsg+" - didn't contain: "+exMessage);
+                }
+            } else {
+                // verify that message is either null for both or set for both
+                assertTrue(actMsg != null || StringUtils.isBlank(exMessage),
+                        errPrefix + " for " + exClass + " expected message '" + exMessage + "' but had '" + actMsg + "'");
 
-            if (actMsg != null) {
-                assertTrue(actMsg.contains(exMessage),
-                        errPrefix + "Message: " + actMsg + " - didn't contain: " + exMessage);
+                if (actMsg != null) {
+                    assertTrue(actMsg.contains(exMessage),
+                            errPrefix + "Message: " + actMsg + " - didn't contain: " + exMessage);
+                }
             }
         } else {
             assertDoesNotThrow(exec, errPrefix);
diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
index 54edf47faa..70fb287026 100644
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFSlideShowImpl.java
@@ -72,6 +72,7 @@ import org.apache.poi.poifs.crypt.EncryptionInfo;
 import org.apache.poi.poifs.filesystem.DirectoryNode;
 import org.apache.poi.poifs.filesystem.DocumentEntry;
 import org.apache.poi.poifs.filesystem.DocumentInputStream;
+import org.apache.poi.poifs.filesystem.Entry;
 import org.apache.poi.poifs.filesystem.EntryUtils;
 import org.apache.poi.poifs.filesystem.POIFSFileSystem;
 import org.apache.poi.sl.usermodel.PictureData;
@@ -229,7 +230,11 @@ public final class HSLFSlideShowImpl extends POIDocument implements Closeable {
         }
 
         // Get the main document stream
-        DocumentEntry docProps = (DocumentEntry)dir.getEntry(POWERPOINT_DOCUMENT);
+        final Entry entry = dir.getEntry(POWERPOINT_DOCUMENT);
+        if (!(entry instanceof DocumentEntry)) {
+            throw new IllegalArgumentException("Had unexpected type of entry for name: " + POWERPOINT_DOCUMENT + ": " + entry.getClass());
+        }
+        DocumentEntry docProps = (DocumentEntry) entry;
 
         // Grab the document stream
         int len = docProps.getSize();
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt
new file mode 100644
index 0000000000000000000000000000000000000000..a47bcf56be6cb28f04516024f166306a55173942
GIT binary patch
literal 15360
zcmeHOdvKK16+hqiZITTnd<)^FQuts{u_6Yc4z@m)N-fq0853J;osy7jk{yyPv%45^
z#<G-Zt<;L;Rjeb>(oVG6QagQF3-o~xCf2kg9qpi|)y`OJ>!KEw*Y@|jcW-vHo5chI
z<PUDRd+&Fj=bU@)Ip>~x>3V)-_m-cY`FF_)my07uQl(OyRc;~As6s%*MTXx;QmK?K
z6hZcMC`5tjg(^;6`C&{w8jI&3`Vfl{x#lH^e#BD5VTi*K%Mi;EM<9+t<hqYUItsBO
z{mrtm$d5xDk9Y>+nTTg0PC#V+=`eICaDznf7Z*=HBW*~dvJ9)#|1cIDW3Ztt2;94(
z;kyf-A9>fC@`(KUyf?B(3VgA9`^#V0WkGak218PX+1n+Ad6^3<7(AJWe7!7{R@4xx
z!eN?NwvB4?FX1TMGE>9$jpym_BB@sMv`U@A{c6nDh}ol<yACslk#Ea%&C5*_+v2`4
zG{|dEpkN6*Ar$4|Ixu)<V}3JtfAQyj^^ph&uDs#w1@SETmop9D32feOED$5}ln31Z
z>E=fMTdut0jK+drD9^Z*3zhO0mne}3T-j4{EmDzRy7TZm7t{=cnk~rhU0)&9+si7M
zGO%C#;R<1#x?zHK2<2l?&y;~<Y00$Jr94VV5WigKAE<fp;h%vY$}5qFUBb$|Ev0B4
zl<&J-J@Dw^E09j{L>iC^`m2<A2`c2+E0ua%m5`EOLBt0U0uemRV@~CRw(i05TBnw*
zr^*w)gpXNQhWl2lRFZeIK#G%<`1OINq$e?BLk_56)!!V5II@m$r3_d7R*=K|E7{zC
z*IfL{4(y?T?6gqi-=#`YmLGl9UhoHH;yz5pG5l-+^!)E*Yfh4+OBpQku481r`qV!O
zCa!dqj6<hMGTNuxj`6YW6Kl5Zm)#G1>amiwPc!Azt{iZh*h!8!iU=r^!_I8{&O~g;
zN|BYV`zKhVH|XW%H^ZR=snnw&v<0Fpk%JD=XIO%a`R1rW=$}ba;k#7T>Nz-mb_`<d
zEsM)4$w~rNQcbgetO|g9cf}l(xpGehmjsBpB-KLoR|O$d1K3%!s)FTEcs|0k<mWoN
zAmIvCu1N?ItEEyL)HCBIwH37K)ZvnRHO=9ehktcmJQRz2@o>B)6cF8xEFse2QX=KF
zi!EKGnwFdLNSn8$t|{cryf9}i^&n~_%~&e?rdk$PK5(`|ksIO?PRlOg2FVI#m9>&A
z@lc`}UnG%8sQTY@zb3P0Z4}wKQ8sph=X2VvU%y_pJNRm~q&7B6=PWdB%x`DL+t`_s
zPQ+QWI^`!#sh;s(*}qSXW5y#K_dbP9*oa9xvd4Q#wQFy0S7|EszRc?ElvGs}=FhYP
z0veZ_Z$gTShDFjEd722SekbckOBP_04#zO>N!j<az!)cJ-@muA_r9NgaPaoM_cgum
zYp5~`?E6WQQX<b*My%ShY8AL|2SX-YulD{amI+3#Q}9qQ5jo0f9kj5~`3{%%xDhJx
z=8%?1o)Iq>8QG+JceqsNrnwS8@%Bjh)p4)6F6PBTw}zs1E#9J*Nd4lN7iolyyDeUR
zeWWd<KAJ<VXm@MKYm7u&>*DcnTT_k5BQB2xb2U8bc)__Gr4(660Y^z~kV*@<Y+bkm
z$c;>E!4&ePY5fOPm!xca3|hN(%pHy^Ba;;7qva37jm)!T0&JM_Bp^ZPO&bp-SGI)f
z7klxD7itK{z3b{?@lZ5Pq*#1eOGxB<F6lfOk>L?#dGL#9kg0shvB-{+VG0(93j*WB
z==9}iS0o9Uwqt@d5S)?@ajI|)PLjrnv)XB#9#Q~oQaqrc>2PmAS>HHetvrQNth_o@
zA8BjwTCkukR5?+Tzbdjc8gEWlTorCKc~W5_MxM+W)!EQe8_ZUDN9BpQrcO0-8Xi*T
z7x*&N@fDy>$5R8N&X-+Kr}&;gE_JvQN-VwNmm_ahoYRVIc3J;%#4So$^GgSvv(<_B
z1EthiPUwGy)IeWU0Qzaq4ix%rC0!$OpbzS^O{uM+$0vg3*L>(<u!9R!0Ha&!yoUck
zLHLUcz~8WEpzwQv+A%rs0~ikPKL+^iUhu!z3;y{S)6icXz{)avYXzAM_A*3<e~tC6
zO{-+B^~!IXVKt9JAK03(gnSM?8&^0Ms1(StXN;YaYxfLXQT%%b<;`B4d3UxwbJ&Bi
zNt=2ePPL6V4=u%sh$nA;$8bVw!buYbrgH#*Te8m>!wKxHN>|E!x1-z@I~he<DSjna
zXj}YEF0<|%x4lQs8JU18wGS!h^cnV{9vX`L(7hS;TpRjw1hP`pNvIY!V*<sSG0RSf
zxNc4XVtJ5WG{b8_=>*(Bn@6A?E<m0XL00jgeS@%dYcU*8j@%^yjA>TMMmrD8`7Ta1
zoH-#=FS%V-ASd!w^}AC2eog(}seZpM7(jNwBUOymgItHSXT|S%=9Rx%<aMrRsa%1q
zEtX>wAtnFQau?9{C3m~ZRt-q*iriQFYQTfe(7MFXnBbJiDy2&(WBa=|GrUazGqT0V
zN@Au^Rdj5?m!YFCjZr=5I2Gl~#b@~}O{wMRVu4a4p%-}~BwfhiMk8*sy6nIRZ&)rC
zoUKS<(OYX36`<byI|oL+ZNs)%m2TJQ+<C!jQfzDLDXo>3Y=nnLB2ct-XlboK0WPx=
z#cArS!Ae|&a--A7-?IwqK^z96*%xBpRFy0rn@b}ybZMGKRmd0SFdj5D<=9H+w85K^
z{eAOS7up-FO0uxJ807}5t;;7I6IR?e`B*`?KqnmUzRBo>zVYg%C5RWIvA}w33F?Qn
zN>`jJEkVy{@Q$~pxbk0TDi+U{w;g)W8I+GgXA|7cB~qp|!dm315x$AkOKSw~DXI=v
zoa9th?@LZY8SG<a1?yolzjoR}rF(#@Lb)A9YWTrMxo69wr7bO?_>4$nV=NT+NkZ1X
zJi($&wv+^hl*y94B9|9I){Nfk&*f&$>!$5gE{I4*C*{seEHE=Xw8N9MGM6KA=DjcE
z&aABKwAH`5wAS$|y32EC2B^><+KS4andO{$K2n1-MCVa>Wr$c5ukJofYvGfiP>;0$
zWJ*L^3r`?V-gq2oFq=1^hshhCQ}zAi4fHX*aZ?tZj84B2D@0y}F2WzrW#kI}T8`3J
z>9r}Of6x_2KuQB&^6{+k9n9Mo2PE!amBV{VQ<+%`Xd5650ib2hwVX0X+mOd<nnSUW
zR~N;J7^mX42;6l%x2C;rlrp2x%Ir&;MjW*d4g%!IDs6C%J>fQ~kv1aHam2=g>yu$M
zEW6hsLcR@aZo4uJ|EGP%K=Y;XIG;111F<GYShByJcL@8SrcTx!!jo_&@eYA01Md*%
z{9)uB!rrvAi7CUWyF*B&$SsCgp5<v~0pWsn5c?JZ`Pu?^2%Aw213UR0q`X52;@1b-
zlk3i42_gsNHwUAozy+f4VxEy}#MJnNGTINNI3uw?`?8;D&$b+s<M5OO!(TaQC^gOf
zFYo@z;=KRmoh~U&`-3dQQ)u@6FMUmD^Y-bxU*iEDI_VL(!i&@mDi$d#kT1IL-1N?e
z3z`Ezy5BF0&;8j;l_(2>N%$6k^|grPon}Px&fSRQnFkTcH`@@&{}K3+;>(tVW}Mwd
zktlB=l8-(>Bp>-O82P9SDaU&qgHaZP)q9+d*%v1$R`ncfex#|rE*g&=t&FhEO84RU
z`?_#_G!lz6#=QlNjp6!`R~2awMXMs=wzvdQ-*xtGHdFcT2RhDCvJ&5cH(plv*W4?#
zj6aJw9UojxmigryfhGV&Poy~a0-GY`RnpXPU{r874kwB#S7tAhEo$dYRQv4^YA_UP
z3GoH!Pih{p*-O{xa!dK6raI>4{WjSwjGC)-AJs+u=stGOnEXB$=VzjL(B7ZE3R#WW
z5Q1>YM#FV2>Z9);J)Wb+n_-PtsSP<oC`*Z(eKvk(4!c;+R}#Uvjk8yf=Xs7`t6xWb
z+4%M0n}0kVvy^kq0Aw20fTEJflZt}4>zq=(41U>GG)f0@3=tVWXN=+^4J&ODh*8T)
zkMrRPz?t5|i-uhTT|~*3gR{BD1C4xuk9ZS5t_gF5555bP>Jlqms<A(LSWE`&GlzX%
zKB4xb!NS}M%v_WYKj9_(8VCON4Kw#gU*Tx-$KLbYo(E@~6<D*uFXvDH@W+%tFJO78
zceu)wHyn30BIQU2BIkb+kvi;;h}2`9h};z~AW|;vMWjx99g(Z`79wTZdx#wS5F+&%
z<q~xn<r3u;-#cJ?OB5+t(8wwFS<rSttUekFwRzRe5nM}Bez9#$BwF9RC~_OJ3Rb>5
zA<Tq>DaXl9@u|K|`r`QE3O0TdMuyyUA^;%X#98lNQe$4Iv2JNg+?yAQg`3)xVm1q!
zy%p7-Fcp2=1W6f2=g7o}GhY>Hi^sehW1$8GC}^RoNCZ8VR}*So(oz=>^{OWUt6Rbi
zA+Ls)-?1L7_q!gdXge(2dH-vl27UbUo_bGUWINYxKHlLp;iV8?>BL2edz79I$4h}L
z;f0RkPrtMB<VMhzud(_Y&IAW*y`z8o(~lQ_bNbV;pKS&@e?N!qce7JDKjqtT&OZd+
z7GTeR)MYNN_KtG7v<?cOTpf_ip`HR!dR^^Nlq<_YX#*-=27Nh}aU|xsf;bQ)dFJ4R
z?;&)#^q+ORtnRYIkM{3!=_6c=K<yN`7V{i@w>-N}UH2S|Yf*CoRqwI57H99yojKpN
z_~#LQyB70jrf$sRCu%c*ms~kqy)#?EMkk4%FjHXRLcVtE>!sV5)McgNCpw0x(=7$1
z2rnPcp<N;Q4xt-xdLtS%WatoLtHBQ3hJDhLmcvlnpL_r_FB}ck$HS4fT~>0zhUs+G
z-UyLnT($JP7+38c<msw?4ry(+s}|=Ox@tqJzMrmI^x;vAe0LL4<I=WK?qUAHbk#nW
zH9qeuIDW3Pe(OJv*HznuS&UTIGP}dQ1SNgBYRypv&y%Kmbxn2QHm{|weleaLWxYN!
zUfc`Sz}l(>g%R>LE08M8Ttno}$hYiLZdUFC`i<uS=3<#9mwikmJc(H84NHcj2iHUW
zQ<L>(qV-@rxJm4=6Y0VI9jr?83jAmu+{F3o<g^D@pXey`xS5&q491j($V{Z!cguIp
zMFCXiiF_442(Lq{0AvHANeT4qIqM|%b?5_!QmM_bY6s(0c=qeiTfka*0k6U{uR}%O
zR;3$J+VIg2oqfmiV*ENKT?XZKXuz<<fM1N8hm?koh#X~t4!vJM4)As8H5kLV5C-9O
zDCKkZ<52o)G@u6D0*^yADyC8Te>qUbnUKNPyo~Q{5VLDJ-ZiB|LM!R~yY{MVB@Mwl
z;JbG8F-n?e?H(nK^1hU4Vn?o7ntA7x|IXFCO(GWMl5du>oSH6sX1<QrGdsQR+LL)R
zXB)&vdyP7xkC{o|JROUf3+vcZf7ed$KMlByK^&0cDU`<nIdTqZ*;~K<V=~^7!iz;*
LjecdTp&9-UbGm8B

literal 0
HcmV?d00001

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 3018e322b36706679e4f0e9f7e4e0dcb6f1123bb..3215a910a349916eca0db9d36fabccd5f14350d9 100644
GIT binary patch
delta 1000
zcmZvaPe>GT6vw~6-^{MN?#wE-krk3bUTR#D+;t5VTk5iuXa^y$At_01X(6HO5=A5#
zJM;5YM2putloL@Tfr!ya$G`%W4iO%zOP45ed%xLrY%zuzzVH3s`@BED$$n6>E6Nj<
z2S)&G6bgkaw$5KMeYj*w*M`}1$Wn)V>FjYMB`&GA_|G-_m-<EtX4?%T<$Pp{cskxP
z8{Eek7xkgKZQqEv8w$E!sVWo>F7jHWGJqVTLel)CMZ|hYry!{+wM}Jss>@SpS7o&Q
z6rI;(Im!tej3JIW?g8boJXk^5K}M?;ZMtkHPc3wmw=k-27QW}HIae*|lJ`|_EK)@@
zOp$h5_~gObuFF&tl{hhawm&^Gc=5vUO;lrfUgQ(Kz8eZ~+WwuWt7o(J?lb*6#Pjn<
zBk|^@cvI|1;&80Br8VB1h^Escc4la%YR@#G7Ow-1CJ=iFtUd-_z5v?iMZxK|C&xl8
zU@%TI8O(k#K2XJ`ZU5A__^|-5Mvjsz&>)wJPF4l!BhEIT^&g+GKQG)@cm1J3rr^UV
zOi~czezN>XiaT!~O~^A@B8eU<QM4FY{p2fJoUHazUJeRbMZZeQ@S-F=MFdIDNxB;)
z8{HzCG+`2fQjSSKNpb?Q65908CM5c{7xr)CriYgEZlNs~t(9^tiT22rN48w@X44j}
zWN@o%%R`GYv~bbQCA26*3lA+^^f`)pO&b;Nwv$9$rX97>$YY|@*}Jn3edwlFJ{`OU
x&-~ZG#DEhG%lo12(an(ZiN!As!f_7N^ezBb-vQs>1MyWLvt}2ZA9XY9>R;1}+Xest

delta 566
zcmZp;!`yI#c>@a*XE6f<!@vLk|Cem$W!lX+`3$qk!~~W}EIF(V%QqgepIpe&&h+Ze
z=3gwwm^m4~796oZd6SWOGGm?jCQf-KM#jks+_D&?$mBk5POvD5#m>ycz&LpUj|dkB
z!vsd4Z6NLg9+Al}xOst!KrAjE7)uAv@`JMqz^pnRMWE^hJRs|UdiZo085ztN_AtQ>
z1WAJ=?l7Q8)bU76w&4XiX93U&cBoFM;DuQ{3(ndDW}V^%nfHcQ7h>vUJwBky%{F{K
zS`rLJKsy<@7+fooQwvHm^Ye;Z83Y(k?w`ECB8;_wnSmj2^KT1T1;&)kl98#xo6qDd
z;+L8L)KT8Vz;GYPcs`GTp??hnL-q~^2J`)sdCvrFzEQ)?$PvK=3>k(9rp>QwGx!-N
zY!2ytYqojfkscP_eL&lK8CV&78Jrl{CYzjGZGD|Vg`tIwfkB5ciouG(gTaL%3IhfJ
zMeLY_7`Cug0d02xVg`mL2B*mjUx-egdYYfRA1uPi(9h66`N9j0$=6S-2zeZ2V8}Sd
d!0_M_1B1qG28Mz=n|aTCmYr<C!nf!Z3jlZxnNk1%