[Development] Qt in Google's OSS-Fuzz
Peter Hartmann
peter-qt at hartmann.tk
Tue Dec 6 13:14:45 CET 2016
On 06.12.2016 12:45, Giuseppe D'Angelo wrote:
> I'm all for it, and I think we should fuzz all sorts of "parsers" inside
> Qt (HTTP, JSON, image formats, CSS, HTML, ...).
good idea, as I said we could host the tests as a playground project or
so and let people add more test cases...
To address Milian's other comments, building Qt and checking out the
right version etc. would be hosted inside Google's repos (see e.g. the
build script for curl:
https://github.com/google/oss-fuzz/blob/master/projects/curl/build.sh);
they also provide tools and documentation on how to run this locally.
We could make the security mailing list the direct email contact in case
issues are found; I just don't know how much noise this would produce.
Anyhow I think we could find a solution that works for everybody...
Peter
--
Peter Hartmann // Titurelstrasse 2 // 89125 Munich // Germany
peter at hartmann.tk
www.peter.hartmann.tk
More information about the Development
mailing list