-
Notifications
You must be signed in to change notification settings - Fork 162
-
Lately we enhanced fuzzing of Apache POI as part of oss-fuzz to trigger much more of the code.
Now oss-fuzz did reported seeing an unexpected exception as follows
== Java Exception: java.lang.NoClassDefFoundError: Could not initialize class org.apache.poi.ss.format.CellFormat
at org.apache.poi.ss.usermodel.DataFormatter.getFormat(DataFormatter.java:401)
at org.apache.poi.ss.usermodel.DataFormatter.getFormat(DataFormatter.java:362)
at org.apache.poi.ss.usermodel.DataFormatter.getFormattedNumberString(DataFormatter.java:957)
at org.apache.poi.ss.usermodel.DataFormatter.formatCellValue(DataFormatter.java:1137)
at org.apache.poi.ss.usermodel.DataFormatter.formatCellValue(DataFormatter.java:1076)
at org.apache.poi.ss.usermodel.DataFormatter.formatCellValue(DataFormatter.java:1053)
at org.apache.poi.hssf.extractor.ExcelExtractor.getText(ExcelExtractor.java:324)
at org.apache.poi.POIFuzzer.checkExtractor(POIFuzzer.java:127)
at org.apache.poi.POIHSSFFuzzer.fuzzerTestOneInput(POIHSSFFuzzer.java:46)
This is strange, the class is part of Apache POI and should be available.
The "Could not initialize" usually indicates an exception while loading the class CellFormat, e.g. a inside a static initializer, but unfortunately Jazzer seems to not provide details here.
We also cannot reproduce the issue locally with the given reproducer-test-case.
Is there anything which could cause an issue like that when running fuzzing with Jazzer?
And is there a way to make Jazzer provide details of an exception while loading a class happens?
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 2 comments
-
When Jazzer fails to instrument a class, it should print the exception encountered during instrumentation as a warning. You may have to scroll up in the logs to see it.
I don't know of any other failure cases that we do not handle in this way, but that doesn't mean much (just see the comment on the code snippet I linked, we may very well be missing another way things can silently fail).
Can you share the full logs you got from OSS-Fuzz? You can also send me an email if you don't want to post them publicly.
Beta Was this translation helpful? Give feedback.
All reactions
-
Thanks for the source-link.
The problem does not reproduce outside of oss-fuzz or when running oss-fuzz locally via Docker so likely it was triggered by some hard-to-track issue when running on cloud hardware at scale.
The full output is attached, I could not see any other relevant output on a quick look:
jazzer_output.txt
Beta Was this translation helpful? Give feedback.