[Development] Submitting Qt to oss-fuzz
Albert Astals Cid
albert.astals.cid at kdab.com
Thu Aug 30 21:30:12 CEST 2018
El dijous, 30 d’agost de 2018, a les 8:59:40 CEST, André Pönitz va escriure:
> On Thu, Aug 30, 2018 at 08:42:11PM +0200, Albert Astals Cid via
>
> Development wrote:
> > I made a local test run of the undefined sanitizer and it found
> > https://paste.kde.org/prkox41mx in a few seconds, so "it works"
> >
> > If you want to test it locally you can do python infra/helper.py
> > build_fuzzers --sanitizer undefined qt python infra/helper.py
> > run_fuzzer qt qimage_fuzzer for the undefined sanitizer and
> > python infra/helper.py build_fuzzers --sanitizer address qt
> > python infra/helper.py run_fuzzer qt qimage_fuzzer
> >
> > Unfortunately I have not been able to compile with the memory
> > sanitizer enabled yet.
> >
> > The most important thing before submitting this upstream is
> > changing the list of trusted addresses the private bugs get sent
> > to.
> >
> > To have something written i've used my email address but i guess
> > at least i should add eirik.aavitsland at qt.io (listed as QImage
> > maintainer) there too? Anyone else? I am not sure how the email
> > address thing works, but i think they need to be "google account"
> > activated, whatever that means, so we can't use
> > security at qt-project.org.
>
> That would be the natural choice.
>
> > On poppler i'm using my @gmail.com address and not my @kde.org address
> > since it was just easier.
> >
> > Comments?
>
> We are not taking about an innovative approach to coerce people
> into using Google services, right?
Maybe :D
Not really sure how it works, we can try submitting it with security at qt-
project.org and see what happens, but first i'd like confirmation from them
that they'll look at the errors and confirmation from "the project" that it's
a good idea to do this.
Cheers,
Albert
>
> Andre'
--
Albert Astals Cid | albert.astals.cid at kdab.com | Software Engineer
Klarälvdalens Datakonsult AB, a KDAB Group company
Tel: Sweden (HQ) +46-563-540090, USA +1-866-777-KDAB(5322)
KDAB - The Qt, C++ and OpenGL Experts
More information about the Development
mailing list