vishalcoc44 opened a new pull request, #1020: URL: https://github.com/apache/poi/pull/1020
Hi @centic9, I added a fuzz target for RLEDecompressingInputStream to support security testing via Google’s OSS-Fuzz platform. What this adds: POIRleFuzzer.java — a Jazzer-based fuzz target that feeds random byte arrays into the RLE decompression logic. Fuzz Introspector showed that RLEDecompressingInputStream had 0% static reachability and was not exercised by existing fuzzers. Running the new target locally surfaced a bug: IllegalStateException: Not enough bytes triggered by malformed RLE chunks. Bug report: https://bz.apache.org/bugzilla/show_bug.cgi?id=69956 The OSS-Fuzz maintainers asked that this target be upstreamed into the repository. Related OSS-Fuzz PR: https://github.com/google/oss-fuzz/pull/14971 Thanks for taking a look. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
