[Development] QtCS2019 Notes from "Fuzzing Qt" BoF session
Robert Loehning
Robert.Loehning at qt.io
Thu Nov 21 13:13:55 CET 2019
Hi,
Here and below are the notes from this session:
https://wiki.qt.io/Qt_Contributors_Summit_2019_-Fuzzing_Qt
Cheers,
Robert
== Introduction ==
* Explained briefly what fuzzing is in general
* Showed how to fuzz Qt itself<br/>See readme file:
https://code.qt.io/cgit/qt/qtbase.git/tree/tests/libfuzzer/README
=== What's missing to test Qt in oss-fuzz? ===
Google offers infrastructure and workflow for fuzzing free software, see
https://github.com/google/oss-fuzz
* Qt still needs to support more sanitizers
* A docker image defines how to build Qt and the fuzz targets
A prototype exists, but needs tuning Robert is working on both.
=== Which code needs fuzz testing the most? ===
Agreed criteria: Code that operates on possibly untrusted data
Proposals from the audience:
* Classes
** [https://doc.qt.io/qt-5/qcborvalue.html QCborValue]
** [https://doc.qt.io/qt-5/qcommandlineparser.html QCommandLineParser]
** [https://doc.qt.io/qt-5/qdatastream.html QDataStream]
** [https://doc.qt.io/qt-5/qimage.html QImage] and its plugins
** [https://doc.qt.io/qt-5/qjsonvalue.html QJsonValue]
** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression]
** [https://doc.qt.io/qt-5/qsslcertificate.html QSslCertificate]
** QPdf?
** [https://doc.qt.io/qt-5/qtextcodec.html QTextCodec]
** [https://doc.qt.io/qt-5/qtextstream.html QTextStream]
** [https://doc.qt.io/qt-5/qtranslator.html QTranslator]
* Functions
** *::fromRawData
** [https://doc.qt.io/qt-5/qtextdocumentfragment.html#fromHtml
QTextDocumentFragment::fromHtml]
** [https://doc.qt.io/qt-5/qurl.html#fromUserInput QUrl::fromUserInput]
** [https://doc.qt.io/qt-5/qwebengineview.html#setContent
QWebEngineView::setContent]
* Further mentions which were considered tricky
** [https://doc.qt.io/qt-5/qabstractsocket.html QAbstractSocket]
** [https://doc.qt.io/qt-5/qstring.html#asprintf QString::asprintf]
Robert will try adding them one by one. If you'd like to contribute
some, he will happily review them.
If you have further proposals, please comment here or write to Robert
directly.
More information about the Development
mailing list