https://bz.apache.org/bugzilla/show_bug.cgi?id=69956
Dominik Stadler <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INFORMATIONPROVIDED Status|NEW |RESOLVED --- Comment #1 from Dominik Stadler <[email protected]> --- Thanks for reporting this! I general, we accept IllegalArgumentException and IllegalStateException as "valid" responses when trying to process corrupted documents because there are a large number of such cases since a long time and we do not plan to do large breaking changes to thrown exceptions across the code-base. We try to avoid things like NullPointerException or fatal Errors like Stackoverflow, OutOfMemory, ... For details, see the fuzz-targets used in oss-fuzz at https://github.com/google/oss-fuzz/tree/master/projects/apache-poi which contain a list of "expected" types of exceptions. Also there is a standalone project at https://github.com/centic9/poi-fuzz which performs fuzzing with Jazzer and uses a similar set of expected exceptions. Would be interesting if your approach is different, feel free to start a discussion on the mailing-list if you are interested in more details or have ideas how to improve the fuzzing done via oss-fuzz. Overall I am closing this as INFORMATIONPROVIDED as we do not plan to change the reported type of exception. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
