[jira] [Commented] (XMLBEANS-641) Fuzzing XMLBeans triggers an assert() for an input-file via Apache POI

Tue, 03 Oct 2023 04:42:49 -0700 


    [ 
https://issues.apache.org/jira/browse/XMLBEANS-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771435#comment-17771435
 ] 

Dominik Stadler commented on XMLBEANS-641:
------------------------------------------

Currently fuzzing via oss-fuzz only found this one, but it may pop up more when 
fuzzing is continuing.

It should be possible to reproduce with Apache POI via the attached document 
and the following:

 
{code:java}
try (XWPFDocument doc = new XWPFDocument(new ByteArrayInputStream(input))) {
    doc.write(NullOutputStream.INSTANCE);
} {code}
Can that be used to produce a reproducer-test for XMLBeans?

 

> Fuzzing XMLBeans triggers an assert() for an input-file via Apache POI
> ----------------------------------------------------------------------
>
>                 Key: XMLBEANS-641
>                 URL: https://issues.apache.org/jira/browse/XMLBEANS-641
>             Project: XMLBeans
>          Issue Type: Bug
>            Reporter: Dominik Stadler
>            Priority: Major
>         Attachments: 
> clusterfuzz-testcase-minimized-POIXWPFFuzzer-6733884933668864.docx
>
>
> Fuzzing Apache POI via oss-fuzz shows the following assert() being triggered 
> via an input-file.
>  
> Would be good to convert to IllegalArgumentException or IllegalStateException 
> so that fuzzy testing can continue to flag other places where assert() is 
> used incorrectly.
>  
> {code:java}
>  at org.apache.xmlbeans.impl.store.Saver$TextSaver.emitName(Saver.java:1099)
>  at org.apache.xmlbeans.impl.store.Saver$TextSaver.emitElement(Saver.java:894)
>  at org.apache.xmlbeans.impl.store.Saver.processElement(Saver.java:461)
>  at org.apache.xmlbeans.impl.store.Saver.process(Saver.java:291)
>  at org.apache.xmlbeans.impl.store.Saver$TextSaver.write(Saver.java:1696)
>  at 
> org.apache.xmlbeans.impl.store.Saver$InputStreamSaver.ensure(Saver.java:2348)
>  at 
> org.apache.xmlbeans.impl.store.Saver$InputStreamSaver.access$200(Saver.java:2234)
>  at 
> org.apache.xmlbeans.impl.store.Saver$InputStreamSaver$OutputStreamImpl.read(Saver.java:2393)
>  at 
> org.apache.xmlbeans.impl.store.Saver$InputStreamSaver.lambda$read$0(Saver.java:2332)
>  at org.apache.xmlbeans.impl.store.Saver.syncWrap(Saver.java:2184)
>  at org.apache.xmlbeans.impl.store.Saver.access$000(Saver.java:33)
>  at 
> org.apache.xmlbeans.impl.store.Saver$InputStreamSaver.read(Saver.java:2332)
>  at java.base/java.io.InputStream.read(InputStream.java:218)
>  at org.apache.xmlbeans.impl.store.Cursor._save(Cursor.java:570)
>  at org.apache.xmlbeans.impl.store.Cursor.lambda$save$17(Cursor.java:2006)
>  at org.apache.xmlbeans.impl.store.Cursor.syncWrapHelper(Cursor.java:2551)
>  at org.apache.xmlbeans.impl.store.Cursor.syncWrapIOEx(Cursor.java:2504)
>  at org.apache.xmlbeans.impl.store.Cursor.save(Cursor.java:2006)
>  at org.apache.xmlbeans.impl.values.XmlObjectBase.save(XmlObjectBase.java:190)
>  at org.apache.poi.xwpf.usermodel.XWPFTheme.commit(XWPFTheme.java:178)
>  at 
> org.apache.poi.ooxml.POIXMLDocumentPart.onSave(POIXMLDocumentPart.java:467)
>  at 
> org.apache.poi.ooxml.POIXMLDocumentPart.onSave(POIXMLDocumentPart.java:472)
>  at org.apache.poi.ooxml.POIXMLDocument.write(POIXMLDocument.java:221){code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org
For additional commands, e-mail: dev-h...@poi.apache.org

Reply via email to