https://bz.apache.org/bugzilla/show_bug.cgi?id=65746
--- Comment #6 from [email protected] --- (In reply to PJ Fanning from comment #3) > marking all these as need info - can you explain in plain English what you > are testing? are you testing that POI can't handle garbage input? and what > do you expect POI to do when it gets garbage input? I am testing the robustness of POI using fuzzing with massive auto-generated inputs. Developers who are integrating POI into their program, may not be aware of the uncaught exceptions. As a result, the stability of the program is compromised. If this POI API only expects certain file format, it is better to implement some validation checks instead of accepting all file types to avoid the uncaught exceptions. Note: in the original description, I missed out some content for the impact of the vulnerability and I had added it in the comment section. Sorry for the inconvenience caused! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
