This is an automated email from the ASF dual-hosted git repository.

centic9 pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/poi.git

commit bec6ba6aac8d13f020d7dfbbd30c8bbc1f624ae3
Author: Dominik Stadler <[email protected]>
AuthorDate: Sun Mar 8 09:44:25 2026 +0100

    Rework fuzz-targets to not keep static state across fuzz-calls
---
 .../main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java  | 11 ++---------
 .../src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java     | 13 +++++++++----
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git 
a/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java 
b/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java
index e3006ffa71..b8c1ddacc1 100644
--- a/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java
+++ b/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java
@@ -33,14 +33,6 @@ import java.util.NoSuchElementException;
  * Used by Google's OSS-Fuzz for continuous security testing.
  */
 public class FormulaParserFuzzer {
-    private static HSSFWorkbook workbook;
-    private static HSSFEvaluationWorkbook evalWorkbook;
-
-    public static void fuzzerInitialize() {
-        workbook = new HSSFWorkbook();
-        evalWorkbook = HSSFEvaluationWorkbook.create(workbook);
-    }
-
     public static void fuzzerTestOneInput(FuzzedDataProvider data) {
         try {
             FormulaType formulaType = data.pickValue(FormulaType.values());
@@ -51,8 +43,9 @@ public class FormulaParserFuzzer {
                 return;
             }
 
+            HSSFWorkbook workbook = new HSSFWorkbook();
+            HSSFEvaluationWorkbook evalWorkbook = 
HSSFEvaluationWorkbook.create(workbook);
             FormulaParser.parse(formula, evalWorkbook, formulaType, 
sheetIndex);
-
         } catch (FormulaParseException | IllegalArgumentException | 
IllegalStateException |
                  IndexOutOfBoundsException | ArithmeticException | 
NegativeArraySizeException |
                  RecordFormatException | BufferUnderflowException |
diff --git a/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java 
b/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java
index d2c60b46d0..c8572bc647 100644
--- a/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java
+++ b/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java
@@ -27,16 +27,21 @@ import java.io.IOException;
  * Used by Google's OSS-Fuzz for continuous security testing.
  */
 public class POIRleFuzzer {
-    public static void fuzzerInitialize() {
-    }
-
     public static void fuzzerTestOneInput(byte[] input) {
         try (RLEDecompressingInputStream rleStream =
                      new RLEDecompressingInputStream(new 
ByteArrayInputStream(input))) {
 
             byte[] buffer = new byte[1024];
-            while (rleStream.read(buffer) != -1) {
+            while (true) {
                 // Trigger decompression logic
+                int ret = rleStream.read(buffer);
+                if (ret == -1) {
+                    break;
+                }
+
+                if (ret < 0) {
+                    throw new RuntimeException("Invalid return value while 
reading from stream: " + ret);
+                }
             }
         } catch (IOException | IllegalArgumentException | 
IllegalStateException | IndexOutOfBoundsException e) {
             // Expected exceptions on malformed input


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to