From a27029d1af6600a73a18faf9675809006a9a515f Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Sat, 30 Dec 2023 19:39:42 +0000
Subject: [PATCH] Bug 66425: Avoid exceptions found via poi-fuzz

Prevent NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64212

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915006 13f79535-47bb-0310-9956-ffa450edef68
---
 .../apache/poi/hssf/record/FeatRecord.java    |   8 +++++---
 .../apache/poi/hssf/dev/TestBiffViewer.java   |   1 +
 .../apache/poi/hssf/dev/TestRecordLister.java |   2 ++
 ...nimized-POIHSSFFuzzer-6137883240824832.xls | Bin 0 -> 1663 bytes
 test-data/spreadsheet/stress.xls              | Bin 63488 -> 64000 bytes
 5 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6137883240824832.xls

diff --git a/poi/src/main/java/org/apache/poi/hssf/record/FeatRecord.java b/poi/src/main/java/org/apache/poi/hssf/record/FeatRecord.java
index a434658ba4..86e2fc8f57 100644
--- a/poi/src/main/java/org/apache/poi/hssf/record/FeatRecord.java
+++ b/poi/src/main/java/org/apache/poi/hssf/record/FeatRecord.java
@@ -132,13 +132,15 @@ public final class FeatRecord extends StandardRecord {
             cellRef.serialize(out);
         }
 
-        sharedFeature.serialize(out);
+        if (sharedFeature != null) {
+            sharedFeature.serialize(out);
+        }
     }
 
     protected int getDataSize() {
         return 12 + 2+1+4+2+4+2+
-            (cellRefs.length * CellRangeAddress.ENCODED_SIZE)
-            +sharedFeature.getDataSize();
+            (cellRefs.length * CellRangeAddress.ENCODED_SIZE) +
+                (sharedFeature == null ? 0 : sharedFeature.getDataSize());
     }
 
     public int getIsf_sharedFeatureType() {
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java
index 4655517e08..491d68d159 100644
--- a/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestBiffViewer.java
@@ -45,6 +45,7 @@ class TestBiffViewer extends BaseTestIteratingXLS {
         excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", IllegalStateException.class);
         excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class);
         excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5175219985448960.xls", IndexOutOfBoundsException.class);
+        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6137883240824832.xls", IndexOutOfBoundsException.class);
 
         return excludes;
     }
diff --git a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java
index c04d994a43..7f1c1f4561 100644
--- a/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java
+++ b/poi/src/test/java/org/apache/poi/hssf/dev/TestRecordLister.java
@@ -48,6 +48,8 @@ class TestRecordLister extends BaseTestIteratingXLS {
         excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5786329142919168.xls", RecordFormatException.class);
         excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5889658057523200.xls", IndexOutOfBoundsException.class);
         excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-5175219985448960.xls", RecordFormatException.class);
+        excludes.put("clusterfuzz-testcase-minimized-POIHSSFFuzzer-6137883240824832.xls", RecordFormatException.class);
+
         return excludes;
     }
 
diff --git a/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6137883240824832.xls b/test-data/spreadsheet/clusterfuzz-testcase-minimized-POIHSSFFuzzer-6137883240824832.xls
new file mode 100644
index 0000000000000000000000000000000000000000..a9920e797b5535a4ac1a2f8d102cbd9d5e631ae6
GIT binary patch
literal 1663
zcmdT^y-!n76#u>V3Oo?8Egyp}q=SMCHmOVoXoDpt>f+)8F*YeeOl(rSU}9pT8xH;p
zP5c9JabRg@7D!l#3lI|GVstSY6L|j4dGEFFKFfzAr#&CPbKgDp-gD1ATbrr9`lqY=
zP;z`lISmKLUM~vwAGCZHEny%FB*AgdLwO>rTKzii0xm~PYMAg8G+$icUx_h$HEz?7
zKIbc6{&@Z5<IclPOZJ>k0P&ESTba1aYnYxpCOii^3cise|2KW-j4(i_$yUU9vt`#?
zR@?Z{Hal27L7F-Y{o|7T$YCUlOd`6--DHWui`4x0QC}kWlP{A8$XCcL0i?)j@*sJL
zJWL)TpGHSsP&-;K2|PvxRXj(Dx<Y*}l1&Aah8<1a@vm?ost=+7un7-lO`nOH)+<a|
z-K_X9X^qe@^sa#j7^W-kI}86bKG-#o=gE`M2T@#zjhqY%Ck(|3@R8=chEWvp0yT_d
zh5LVFrXq&2qix3sD~2mg$ZFaf&ba)Ga`y=C-ew=%=5c4W5<;|Y4N2wST`s>Y7pkRl
zJ0D?(RF6C$tp`Ptp7(B&tgs~_l^psqTAu@y)}MQp)an=Y>{G7EGsQK&PzQOuZEn<`
ze*2ww`Dz^x({>u4HA-HkFIKr?$sNSA$jXl2%9q?6mLhJMz+T{JGmyh1xFolso&-_&
m19abf@9%VL*V!%>l@4caMC>tbBNF!Oj7TLLlR2rF+kXKTAh@0Y

literal 0
HcmV?d00001

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index f04e974e02b9326407cd541b39d69b3c150c2240..1e6d98a3a8e79874d08fb18fa4a02b3a7cde6376 100644
GIT binary patch
delta 2724
zcmZvcdr(wm7>B=aFSy|1VL{tuJAXK3GtR+4K^9yoC@D=T*IOW(5;aDnX{iAkNt$6L
zslAnwnb}RvZg{$xMOJpP5;H6=%BZN5H`E6HsAi1bbN06^XD4=e;d{>eKEHFmbM{nU
zwpVxC*QLcT75GUIqM|-$lYLM*gMWK^dcwcUjP?3p(k{mXuB*j#qdiXKSCrnjaB<m!
z2N$gp38Ji#R=C$VuZt0)MNf*)%a!H&w1T0rlvprkVCIN)e^yrd$c(hCks18=hKhNM
z^rh3C&csA<L0r{O2sbP5&lF;`qSqDAkinG6gNzhW#YZH6sy&glP1r<3Tx4w*c9GI&
z?GO%;a((2uQ#eJ6K6X~!yx}fef*34?h!I1%3Xv-nVX)-?VLrWa|B-&nukfWBBVMtP
zYiK2THHybWD;uxkc_nQz+-c`kh&%YdxxL&et}(e06>%j?!{vf2SsJcb%p@DGdog6l
z{^~stmia6)pGD>~WxS{6iTQd@%qRPvm`}1x-+m}Xx;-r8X5o<@Nj(>b=&~tWdK%Qo
zPD*2E^$CY{oAMAg!x-?2hbg{!m|R5uW=$@pQm#vAE!RhA57%<~qghicFcD);80Ted
zQw-lsuc)Nd7N1;76Iy)PmE70BNBZ$?P3Dio>@&8=E0)3GvN&9DY+=Wvw5N|F*5ZgW
z9aV6|SsZb2D6KyE7-_AM^XPAJ7!RsfEQiB*IK3i#Ep9lLv!j|e^>M^o90N?p<8TbH
zI0nFRi5)Abe_P}{6pMqutDL+Njs%M%0gl;iKKTSK>*MfP9Eql56&#5cM<N^t+3_Tu
zZ}X|)`;ugF3^W}zbnOwpTusGCH2D<OaDAF|uFudhu4}0OQBBs8|EOO+OAENJrEN^s
zQ4`no)Wh{TU2ETIlSIwOH2FN)k8AP;N<HqEFVbAD8)ysHjnvG%j_fBi`4Xja-9*J)
zU#1$an@K;RDX-viH1l${Q0EC%c@-=LY;cDvx01g@ldn-}ho-!a<Ec2lxno%14Y0Hj
z<5dH{i_&;ojE6G(SdK6+|4sCcz`Q)EDsO>}1RKt58(2D6(MdJ19W29=lM$6;yluQ<
z2YN?gzMh?LgJpuXGusK~2a7$W2HpY7vgBk%<z$;V@1i#w^ChQL<vp;`V71KN2Md7h
z=9~|}##nO3MCIg|IrZqx!Mx|Rs_X*05iEz94t7(B>1C%k+X5c~=30Vsqk{6xppVd-
z2Wj3JRrwg~X0Z9pJ^{N0tnQ2&_!MlcC1-3@PQID58@>6M|C61cf!zwGo>i4SV7Gyd
zKdS~l2ODR}85fl^-pu&|z2h;zm7NV>w}TyE_9fT^u)jHHFWAHo<CXDXPmIbbFmt{_
zZvp0m=Tzluusgu2n0*6wC)kd2YG5DOBumbusGOjg^DTOVn3v~O<vXy+V8fYx4>kp?
z=)4;E0c@%zXKGZ=G&5&EdZ%H&o}E8}O$Tdd_7m7$V6hj}z|UZXmYl+<oFX&l0D6ls
zUvfcJ8o_3O)iOH>Rt&bAbAADvX~~%xl{3rCIfUL>nD=z5%CBH|gXJ)50-Ft1);T|L
z7;KIuXHHa3iJ9{odP~AN7ggnVuzSKe%$mVULrgEbxIt3drH#8TXWQNUZpmd^b?cNX
p4hnW9QDK+cm9uYeQF@?F(h$c$s_yERm9(ULrET>&{h#g_`+q5UEkFPO

delta 2420
zcmZ9M3s6*L6vyw!?#i3XN+q&$$C#!X=i1<-*x-twrWA&R1|o!pOw*8+5|W@%pxH}I
z?Nnq&^e!VaxINU0Kzachk(z?w41&xc0!<?}(@fIYyMJc67ls4(_nq_mpO0NAzhW!@
z%eH5BXsLvca7o%+m$2XFyf!{QKJm4M53lV_pH^>wBp~u|hNm@1T2hk#(8f&#8y+v(
zA%#og1Z@kcbVN>(q%(R%=)xp%tDcd1bD-Xu>2O3vNkh^N{*n~Jlku_qU6!OG_C$y2
zy*b%J#L)cQ8FLzguJ@>=GVZhSXUwE$yJVMQZt<NvB!?8ESLW_}RL^TY?yoyfsv;~>
z2p$(wq~M=~o^mQnI2#q;knl)!{j}~UZ{*JZ_!ge_X;L8-pPeb5pqjI)D55s5o9G{|
z#dK4rDxRb?uA6CVrz@_6=Nfo!3hx)ipLWB-S7S>loc@NBuZc51J}aU2PM6q1Lz5f<
zCP$#**a}CW$q^`d9f@5o@f78B`Su7hIf4yG863eTM=%_R*zq*AO>%gC+rGPm8jfe+
z2sJrE;h1sGCCW)V=i4L9<lvW=?_2?gY;wqO>}JO{s-5HrH#wY!V>=v9lfwzeI6Iyt
zSGRAEsU}B+;n)F3gvk*B$A)f~c#d{<yT$X=+^vciXq4-V<myqyOO(uYClzt6q?#VL
z*hOc!zD)9YRqQ5>>mGWT>t3DC*ZPT9D6v-+MC-Y}N>#mX@fx*reVzO-xJ4BuUQopw
zw4Uoes^a=4HFMohqg>x2SD&g?V_DT$_HBM@;6DeIm-W0v6K}X##>HyTJImWk6@7|$
zhidv%@h-LXsq%X`kHNX4f2RCC*le(bentKOYz|mKzoLBzHrLDe$+O2?%O3NLJw8J3
zJj^$-^JB2v!G@WA0(J-3^oxpi04&y&6KlzF8#$k%*NyqYi;7$eb|+Xhv(Lcdz*;!x
zAXvO9C*G2y89AS$SHpbtfFd6Pn-7-C><h32u+jlVs{>nL%2{B^Ni=fm(VOV))jI~N
z{bU_53DUAbMg9_OA=rUIMf(bDktt}AC1|k`^fh`HV_sZR<Zr<40=tdbVX!4&t1l_q
z5wNAEoTZkWWFzM&dXq6<$IfrT?gr~&_8r(gV1Yx5_B~jNDJR8}v&_h8K<_fl=M5?H
z4`BC#?PAslmI`)+bDF@Gdl^4@-q_16IcY}DG4!Tk-g#M(o5Ah_OJMdRSUOn2Wkvf5
zY=tRjg(YXDk@GWpS7N@2oxgzH4>ru~SFjAQ>BEZF0+wmY$+YCGGICncy9)D#!;0Jn
zmIYSL>^RtJuolia0hVpb$+qO=7&*V8HwW|4BZ}M(_5fHav){pT!AeIItpjY0DQAr(
zXRVR*2YT0HzGLJu`6Sqb6FH-bd<raYB4<?5PJ^v8<*c*h<QqAEqBq~$t9Oi6iTc0e
zY$5!ADTzDErxqWyQ~Fp0WsQXd96MSOrf6M)qV3mF`PdavLd93N``tLG|9f?c?SJcE
B4$uGq