[Development] Submitting Qt to oss-fuzz
André Pönitz
apoenitz at t-online.de
Thu Aug 30 08:59:40 CEST 2018
On Thu, Aug 30, 2018 at 08:42:11PM +0200, Albert Astals Cid via
Development wrote:
> I made a local test run of the undefined sanitizer and it found
> https://paste.kde.org/prkox41mx in a few seconds, so "it works"
>
> If you want to test it locally you can do python infra/helper.py
> build_fuzzers --sanitizer undefined qt python infra/helper.py
> run_fuzzer qt qimage_fuzzer for the undefined sanitizer and
> python infra/helper.py build_fuzzers --sanitizer address qt
> python infra/helper.py run_fuzzer qt qimage_fuzzer
>
> Unfortunately I have not been able to compile with the memory
> sanitizer enabled yet.
>
> The most important thing before submitting this upstream is
> changing the list of trusted addresses the private bugs get sent
> to.
>
> To have something written i've used my email address but i guess
> at least i should add eirik.aavitsland at qt.io (listed as QImage
> maintainer) there too? Anyone else? I am not sure how the email
> address thing works, but i think they need to be "google account"
> activated, whatever that means, so we can't use
> security at qt-project.org.
That would be the natural choice.
> On poppler i'm using my @gmail.com address and not my @kde.org address since it was
> just easier.
>
> Comments?
We are not taking about an innovative approach to coerce people
into using Google services, right?
Andre'
More information about the Development
mailing list