[Development] Submitting Qt to oss-fuzz

Albert Astals Cid albert.astals.cid at kdab.com
Thu Aug 30 21:30:12 CEST 2018


El dijous, 30 d’agost de 2018, a les 8:59:40 CEST, André Pönitz va escriure:
> On Thu, Aug 30, 2018 at 08:42:11PM +0200, Albert Astals Cid via
> 
> Development wrote:
> > I made a local test run of the undefined sanitizer and it found
> > https://paste.kde.org/prkox41mx in a few seconds, so "it works"
> > 
> > If you want to test it locally you can do python infra/helper.py
> > build_fuzzers --sanitizer undefined qt python infra/helper.py
> > run_fuzzer qt qimage_fuzzer for the undefined sanitizer and
> > python infra/helper.py build_fuzzers --sanitizer address qt
> > python infra/helper.py run_fuzzer qt qimage_fuzzer
> > 
> > Unfortunately I have not been able to compile with the memory
> > sanitizer enabled yet.
> > 
> > The most important thing before submitting this upstream is
> > changing the list of trusted addresses the private bugs get sent
> > to.
> > 
> > To have something written i've used my email address but i guess
> > at least i should add eirik.aavitsland at qt.io (listed as QImage
> > maintainer) there too? Anyone else?  I am not sure how the email
> > address thing works, but i think they need to be "google account"
> > activated, whatever that means, so we can't use
> > security at qt-project.org.
> 
> That would be the natural choice.
> 
> > On  poppler i'm using my @gmail.com address and not my @kde.org address
> > since it was just easier.
> > 
> > Comments?
> 
> We are not taking about an innovative approach to coerce people
> into using Google services, right?

Maybe :D

Not really sure how it works, we can try submitting it with security at qt-
project.org and see what happens, but first i'd like confirmation from them 
that they'll look at the errors and confirmation from "the project" that it's 
a good idea to do this.

Cheers,
  Albert

> 
> Andre'


-- 
Albert Astals Cid | albert.astals.cid at kdab.com | Software Engineer
Klarälvdalens Datakonsult AB, a KDAB Group company
Tel: Sweden (HQ) +46-563-540090, USA +1-866-777-KDAB(5322)
KDAB - The Qt, C++ and OpenGL Experts




More information about the Development mailing list