[Development] Qt in Google's OSS-Fuzz
Milian Wolff
milian.wolff at kdab.com
Mon Dec 5 14:11:08 CET 2016
On Sunday, December 4, 2016 10:28:16 PM CET Peter Hartmann wrote:
> Hello,
>
> after Google announced their continuous fuzzing approach some days ago
> (see [1]), I tried to make Qt work with it and the fuzzing testcases I
> have written the last weeks ([2]).
>
> If people agree, we could try going forward with putting Qt onto
> OSS-Fuzz as well. I am almost there with setting it up ([3]), and once
> this is done I don't expect a lot of maintenance.
>
> The fuzzing test cases ([2]) could be hosted as a Qt playground project
> instead of github if desired.
>
> As a side note, this platform already contains libraries that Qt uses,
> e.g. OpenSSL, zlib, harfbuzz, ICU and others.
I'd like to see that happen, more testing is always a win. But we will need to
learn from the coverity lessons:
- make sure from the start that multiple people in the qt community know how
to update the tests (and qt version), and access the results
- make sure that qt security list gets notified about potential securitiy
issues found therein
Peppe (CC'ed) has also just recently looked into fuzzing, he probably has
something to add.
Cheers
--
Milian Wolff | milian.wolff at kdab.com | Software Engineer
KDAB (Deutschland) GmbH&Co KG, a KDAB Group company
Tel: +49-30-521325470
KDAB - The Qt Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5903 bytes
Desc: not available
URL: <http://lists.qt-project.org/pipermail/development/attachments/20161205/33853998/attachment.bin>
More information about the Development
mailing list