@centic9

@centic9

FYI, I am working on Apache POI in my free time without payment and thus will usually not respond immediately on PR-updates. Please do not ping me repeatedly on PRs.

In general we should try to NOT add more and more fuzz-targets as oss-fuzz has quite some overhead per fuzz-target, e.g. fuzz-introspection runs for a very long time and each new target increases runtime considerably, leading to timeouts and failed runs.

We will need to actually look at ways to combine some fuzzers or somehow else speed up fuzz-introspection runs at oss-fuzz considerably.

Maybe we can get first rid of the POI(H|X)...Fuzzer classes as POIFileHandlerFuzzer already covers all formats in one go? Downside is that more specific fuzzing is still more effective... ?!?

FYI, I am working on Apache POI in my free time without payment and thus will usually not respond immediately on PR-updates. Please do not ping me repeatedly on PRs.

In general we should try to NOT add more and more fuzz-targets as oss-fuzz has quite some overhead per fuzz-target, e.g. fuzz-introspection runs for a very long time and each new target increases runtime considerably, leading to timeouts and failed runs.

We will need to actually look at ways to combine some fuzzers or somehow else speed up fuzz-introspection runs at oss-fuzz considerably.

Maybe we can get first rid of the POI(H|X)...Fuzzer classes as POIFileHandlerFuzzer already covers all formats in one go? Downside is that more specific fuzzing is still more effective... ?!?

Reduced overhead by removing 15 format-specific fuzzers that are already covered by POIFileHandlerFuzzer. Keep only essential fuzzers:

• POIFileHandlerFuzzer (handles all formats)
• POIFuzzer
• WorkbookEvaluatorFuzzer
• FormulaParserFuzzer
• POIRleFuzzer
• EncryptDecryptFuzzer
• FuzzerRunner (new base class)