This is an automated email from the ASF dual-hosted git repository. centic9 pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/poi.git
commit bec6ba6aac8d13f020d7dfbbd30c8bbc1f624ae3 Author: Dominik Stadler <[email protected]> AuthorDate: Sun Mar 8 09:44:25 2026 +0100 Rework fuzz-targets to not keep static state across fuzz-calls --- .../main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java | 11 ++--------- .../src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java | 13 +++++++++---- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java b/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java index e3006ffa71..b8c1ddacc1 100644 --- a/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java +++ b/poi-fuzz/src/main/java/org/apache/poi/fuzz/FormulaParserFuzzer.java @@ -33,14 +33,6 @@ import java.util.NoSuchElementException; * Used by Google's OSS-Fuzz for continuous security testing. */ public class FormulaParserFuzzer { - private static HSSFWorkbook workbook; - private static HSSFEvaluationWorkbook evalWorkbook; - - public static void fuzzerInitialize() { - workbook = new HSSFWorkbook(); - evalWorkbook = HSSFEvaluationWorkbook.create(workbook); - } - public static void fuzzerTestOneInput(FuzzedDataProvider data) { try { FormulaType formulaType = data.pickValue(FormulaType.values()); @@ -51,8 +43,9 @@ public class FormulaParserFuzzer { return; } + HSSFWorkbook workbook = new HSSFWorkbook(); + HSSFEvaluationWorkbook evalWorkbook = HSSFEvaluationWorkbook.create(workbook); FormulaParser.parse(formula, evalWorkbook, formulaType, sheetIndex); - } catch (FormulaParseException | IllegalArgumentException | IllegalStateException | IndexOutOfBoundsException | ArithmeticException | NegativeArraySizeException | RecordFormatException | BufferUnderflowException | diff --git a/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java b/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java index d2c60b46d0..c8572bc647 100644 --- a/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java +++ b/poi-fuzz/src/main/java/org/apache/poi/fuzz/POIRleFuzzer.java @@ -27,16 +27,21 @@ import java.io.IOException; * Used by Google's OSS-Fuzz for continuous security testing. */ public class POIRleFuzzer { - public static void fuzzerInitialize() { - } - public static void fuzzerTestOneInput(byte[] input) { try (RLEDecompressingInputStream rleStream = new RLEDecompressingInputStream(new ByteArrayInputStream(input))) { byte[] buffer = new byte[1024]; - while (rleStream.read(buffer) != -1) { + while (true) { // Trigger decompression logic + int ret = rleStream.read(buffer); + if (ret == -1) { + break; + } + + if (ret < 0) { + throw new RuntimeException("Invalid return value while reading from stream: " + ret); + } } } catch (IOException | IllegalArgumentException | IllegalStateException | IndexOutOfBoundsException e) { // Expected exceptions on malformed input --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
