As a general solution for handling excluding classes from JaCoCo
coverage counting was not merged (See #10860#issuecomment-1870891873 ),
this PR tries to implement a different approach which separates the
class-files into two jar-files and this way at least allows to exclude
code of third-party libraries when reporting coverage of fuzzing.
Also add two expected exceptions and adjust one limit to match the
amount of memory which oss-fuzz uses here.
After removing some other "roadblocks" by providing some additional
.so-files, fuzzing now hits some code which is missing installed fonts.
Apache POI already provides a system property to handle this gracefully
where possible.
So let's add this property.
We can also remove one leftover exception handling which should not
appear now.
These changes add some additional .so files to the container so that
loading some classes from java.awt works.
See #10933 and #7380 for related discussions.
Also decrease "Xmx" as it seems we get native OOM in Jazzer-runs
otherwise.
Now that fuzzing and introspector is working again, we can improve the
fuzzing itself by adding seed corpus archives for all the fuzzers.
Also let's reduce output during fuzzing and add/adjust fuzzers some
more.
This PR applies a few changes to the project apache-poi to improve the
setup and make build-logs a bit easier to analyze:
* One more expected exception that showed up locally
* Instruct fuzzer to only look at coverage of classes of the project
itself
* Reduce log-spam by disabling progress-output from downloading
dependencies
* Adjust mainClass in pom.xml, although this likely has no impact
This also adds myself to CCS (both @apache.org and @gmx.at addresses to
allow linking to Github account and access to bug-reports), I am Apache
POI committer and PMC chair and would like to be informed about new
findings.
Please let me know if adding myself is ok this way or if it needs some
other process/steps.
Dominik Stadler