pashko/apache-poi
1
0
Fork 0
mirror of https://github.com/apache/poi.git synced 2026-02-27 20:40:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,723 Commits 30 Branches 105 Tags
Commit Graph

123 Commits

Author SHA1 Message Date
Dominik Stadler
5338b17a8f Avoid NPE with malformed Visio diagram 
Fixes https://issues.oss-fuzz.com/issues/477312394
 2026-02-14 21:26:00 +01:00
Dominik Stadler
c92c533d7a Prevent large allocations when writing PPDrawing items 
Add an allocation check which can be disabled if necessary.

Fixes https://issues.oss-fuzz.com/issues/477289649 and https://issues.oss-fuzz.com/issues/479564936
 2026-02-14 21:26:00 +01:00
Dominik Stadler
ab196a7441 Use log instead of assert when parsing emf-files 
Assert effectively hides problem in provided input files.
 2026-01-24 14:47:30 +01:00
Dominik Stadler
da3d64d9e3 Add an NPE check when retrieving fonts for bullet-items 2026-01-24 14:47:30 +01:00
Dominik Stadler
d1f3f9489f Add check for too large allocation in SharedFormulaGroup 
A malformed spreadsheet could trigger a very large allocation.

Can be overruled by users via IOUtils.setByteArrayMaxOverride().

Fixes https://issues.oss-fuzz.com/issues/476431391
 2026-01-18 18:28:36 +01:00
Dominik Stadler
d1f0a88ea1 Avoid NPE in XSLFDiagram 
Throw IllegalStateException instead

Fixes https://issues.oss-fuzz.com/issues/476184825
 2026-01-18 18:28:36 +01:00
Dominik Stadler
66109187d1 Only allocate the required size for EscherComplexProperty 
Otherwise a malformed document can cause OOM by reserving
large chunks of memory, but only using little of it.

This fixes https://issues.oss-fuzz.com/issues/476184826
 2026-01-18 18:28:36 +01:00
Dominik Stadler
d72e3a608c Add a file-handler for .emf files 
These can be embedded in slideshows and POI supports
some handling of them.

Also Tika uses this code to extract some textual information
from such images.
 2026-01-16 18:49:27 +01:00
Dominik Stadler
1910fff53e Add a file-handler for .wmf files 
These can be embedded in slideshows and POI supports
some handling of them.

Also Tika uses this code to extract some textual information
from such images.
 2026-01-16 18:49:27 +01:00
Dominik Stadler
2acb5cf66a Avoid several NPEs 
When retrieving picture data
When retrieving text in slides
When handling XSLFTableStyles
In EmbeddedExtractor if ShapeName is not set
In HSSF with invalid EscherSpRecord
In HSSF with invalid RecordStreams
When drawing arcs for shapes in slides
In HSSFPicture.getPictureIndex
Adjust "opens" for tests in poi-ooxml

Either handle it gracefully or throw
IllegalStateException instead for broken files
 2026-01-16 18:49:27 +01:00
Dominik Stadler
a5f5f4294e Avoid NPE when reading a broken xlsb file 
Throw a more useful exception instead
 2026-01-12 06:48:23 +01:00
Dominik Stadler
f8a8189230 Use the proper add-method to perform the check for max number of children 
If adding is done without check it can trigger OOM when fuzzing.

This should fix https://issues.oss-fuzz.com/issues/391709145
 2026-01-10 13:14:34 +01:00
Dominik Stadler
017ff5f8f8 Implement lazy allocation of data for complex escher properties 
This may reduce memory usage if the content is never used
or not populated for some reason.

This should fix https://issues.oss-fuzz.com/issues/42528528
 2026-01-10 13:14:34 +01:00
Dominik Stadler
c94e795f35 Avoid NPE with broken files when writing endnotes for Word documents 
https://issues.oss-fuzz.com/issues/391728757
 2026-01-09 08:45:03 +01:00
Dominik Stadler
e9b33c0b08 Avoid NPE with broken files when writing endnotes for Word documents 
Fixes https://issues.oss-fuzz.com/issues/392690733
 2026-01-09 08:45:03 +01:00
Dominik Stadler
befc941dcf Avoid NPE with broken files when handling paint-style for fill 2026-01-09 08:45:03 +01:00
Dominik Stadler
ac989335d7 Avoid NPE with broken files when handling text-shapes 2026-01-09 08:45:03 +01:00
Dominik Stadler
0ec4434f59 Avoid NPE with broken file 2026-01-09 08:45:03 +01:00
Dominik Stadler
ddf71d0984 Avoid two NPEs which were currently "expected" in tests 
When things go wrong, we always want to give an
explanation via an exception instead of an NPE.
 2026-01-06 22:47:00 +01:00
Dominik Stadler
ea74954fcf Trigger reading metadata-text as part of integration testing 
One test-case fails differently now
 2025-10-06 07:40:53 +02:00
Dominik Stadler
42193c57e4 Try to verify handling of deeply nested xlsx 2025-10-06 07:40:53 +02:00
Dominik Stadler
80fd35198d Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent too deep nesting by throwing an exception
instead of just not parsing more nesting-levels as
this still caused OOMs.

Allow to adjust the limit via static setter as elsewhere
to give users a chance to parse very complicated files
if really necessary.

https://issues.oss-fuzz.com/issues/42528505

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923277 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-20 18:40:32 +00:00
Dominik Stadler
dd647b5d2d Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent NullPointerException

Fixes https://issues.oss-fuzz.com/issues/389724915

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923276 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-20 18:40:27 +00:00
Dominik Stadler
6befe2ad52 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://issues.oss-fuzz.com/issues/42537720

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923061 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-11 09:24:20 +00:00
Dominik Stadler
76617e9793 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://issues.oss-fuzz.com/issues/42537550

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923060 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-11 09:24:14 +00:00
Dominik Stadler
57afb34a18 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://issues.oss-fuzz.com/issues/379574870

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923059 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-11 09:24:08 +00:00
Dominik Stadler
edcbd87360 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://issues.oss-fuzz.com/issues/42538163

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923058 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-11 09:24:03 +00:00
Dominik Stadler
c1f52674fd Bug 69315: HSMF: At least continue processing properties after multivalued properties 
Currently processing stops at multivalued properties.

This at least continues processing, so other properties are processed properly.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1923051 13f79535-47bb-0310-9956-ffa450edef68
 2025-01-11 09:23:29 +00:00
Dominik Stadler
0559accac4 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a possible NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70467

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919562 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-28 11:02:18 +00:00
Dominik Stadler
0dea4a301c Bug 66425: Avoid exceptions found via poi-fuzz 
Processing formats uses regular expressions. Very complex formats
can recurse very deeply and thus can cause StackOVerflows depending
on the used stack-size.

In order to handle this a bit more gracefully, we now catch this
and report a better exception with details about the parsed 
format and potential mitigation.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66137

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919342 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-18 07:09:32 +00:00
Dominik Stadler
09fbfd5be4 Bug 66425: Avoid exceptions found via poi-fuzz 
Avoid a possible OutOfMemoryException with many child-records

This avoids having too many children in EscherRecords, the limit of
100_000 is arbitrarily chosen and can be adjusted if needed  

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62924 and maybe others

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919272 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-16 05:26:42 +00:00
Dominik Stadler
2582e5e0c1 Bug 66425: Avoid exceptions found via poi-fuzz 
Avoid a possible StackOverflowException

This adds support of counting of the "nesting level" into the base 
EscherRecord and thus makes this existing limitation much more effective
as it kicks in for more types of nested records. 

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66374

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919256 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-15 13:02:43 +00:00
Dominik Stadler
e2044c958b Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent too much memory usage

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67413

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919237 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-15 05:41:04 +00:00
Dominik Stadler
a042165133 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68104

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919215 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-14 11:26:56 +00:00
Dominik Stadler
fc17f113d8 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a ClassCastException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66089

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919214 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-14 11:26:50 +00:00
Dominik Stadler
7601beb592 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70273

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919213 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-14 11:26:43 +00:00
Dominik Stadler
148ac23c0d List expected failures in stress.xls instead of fully excluding them 
We list expected failures in stress.xls to verify that
the error message is correct and no unexpected exception
is introduced

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1919212 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-14 11:26:38 +00:00
Dominik Stadler
397cee3a12 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69450

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1918985 13f79535-47bb-0310-9956-ffa450edef68
 2024-07-07 06:40:31 +00:00
Dominik Stadler
3f243f65ab Change one exception to warning-log to avoid regressions in mass-tests 
This avoids "breaking" a few documents which could be opened before.

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1918118 13f79535-47bb-0310-9956-ffa450edef68
 2024-06-02 11:31:31 +00:00
Dominik Stadler
3800aa5418 Bug 66425: Avoid exceptions found via poi-fuzz 
Avoid a possible NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67922

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1917269 13f79535-47bb-0310-9956-ffa450edef68
 2024-04-22 13:32:30 +00:00
Dominik Stadler
5813a6d2d3 One integration-test file now fails in "additional" as well 
Not sure which change introduced this as it worked initially...

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1917223 13f79535-47bb-0310-9956-ffa450edef68
 2024-04-20 16:12:36 +00:00
Dominik Stadler
8c101982e0 Integration tests: Add writing out the document 
This will cover some more functionality

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1917174 13f79535-47bb-0310-9956-ffa450edef68
 2024-04-20 07:53:35 +00:00
Dominik Stadler
9453fa908a Bug 66425: Avoid exceptions found via poi-fuzz 
Use correct default date-format, add some tests

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66381

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1917070 13f79535-47bb-0310-9956-ffa450edef68
 2024-04-17 18:15:46 +00:00
Dominik Stadler
c4e8388742 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66386

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1917069 13f79535-47bb-0310-9956-ffa450edef68
 2024-04-17 18:15:38 +00:00
Dominik Stadler
51637fcc43 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent a few NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66400

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1917068 13f79535-47bb-0310-9956-ffa450edef68
 2024-04-17 18:15:33 +00:00
Dominik Stadler
a27029d1af Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64212

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915006 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 19:39:42 +00:00
Dominik Stadler
94ace1c4b0 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent NullPointerException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64943

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915004 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 19:39:31 +00:00
Dominik Stadler
4d175324f2 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent ClassCastException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63736

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1915003 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 19:39:24 +00:00
Dominik Stadler
8507fdf371 Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent ClassCastException

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63504

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914991 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 11:11:42 +00:00
Dominik Stadler
8e3b60f63d Bug 66425: Avoid exceptions found via poi-fuzz 
Prevent StackOverflow via endless nesting

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65303

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1914989 13f79535-47bb-0310-9956-ffa450edef68
 2023-12-30 11:11:32 +00:00