https://bz.apache.org/bugzilla/show_bug.cgi?id=66425
--- Comment #3 from schaich <[email protected]> --- (In reply to Dominik Stadler from comment #1) > Thanks for the note, great news! > > > We already use fuzzing via Jazzer heavily to uncover unexpected failures, it > will be very interesting how much more a large-scale run on oss-fuzz will > provide. > > FYI, there is a separate standalone project for fuzzing Apache POI at > https://github.com/centic9/poi-fuzz which shows which exceptions we > currently expect and which code-areas we visit for fuzzing. > > Maybe you want to simply re-use many more of the fuzz-targets from there to > greatly increase coverage of the fuzzing. But note that those fuzz targets > expect a version of Apache POI from latest sources, not a released version. Hi thanks for your feedback. I wasn't aware there's already a fuzz project for poi, I'll try to get those fuzzers onboarded. We're using the git default branch of the library rather then any releases, unless the development branch tends to be broken. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
