[Development] Qt in Google's OSS-Fuzz
milian.wolff at kdab.com
Mon Dec 5 14:11:08 CET 2016
On Sunday, December 4, 2016 10:28:16 PM CET Peter Hartmann wrote:
> after Google announced their continuous fuzzing approach some days ago
> (see ), I tried to make Qt work with it and the fuzzing testcases I
> have written the last weeks ().
> If people agree, we could try going forward with putting Qt onto
> OSS-Fuzz as well. I am almost there with setting it up (), and once
> this is done I don't expect a lot of maintenance.
> The fuzzing test cases () could be hosted as a Qt playground project
> instead of github if desired.
> As a side note, this platform already contains libraries that Qt uses,
> e.g. OpenSSL, zlib, harfbuzz, ICU and others.
I'd like to see that happen, more testing is always a win. But we will need to
learn from the coverity lessons:
- make sure from the start that multiple people in the qt community know how
to update the tests (and qt version), and access the results
- make sure that qt security list gets notified about potential securitiy
issues found therein
Peppe (CC'ed) has also just recently looked into fuzzing, he probably has
something to add.
Milian Wolff | milian.wolff at kdab.com | Software Engineer
KDAB (Deutschland) GmbH&Co KG, a KDAB Group company
KDAB - The Qt Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5903 bytes
Desc: not available
More information about the Development