[Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

Kai Köhne Kai.Koehne at qt.io
Fri Nov 22 17:19:21 CET 2019


> -----Original Message-----
> From: Development <development-bounces at qt-project.org> On Behalf Of
> Oswald Buddenhagen
> Sent: Thursday, November 21, 2019 2:41 PM
> To: development at qt-project.org
> Subject: Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session
> 
> On Thu, Nov 21, 2019 at 12:13:55PM +0000, Robert Loehning wrote:
> >=== Which code needs fuzz testing the most? === Agreed criteria: Code
> >that operates on possibly untrusted data
> >
> >Proposals from the audience:
> >* Classes
> >** [https://doc.qt.io/qt-5/qcommandlineparser.html QCommandLineParser]
> >** [https://doc.qt.io/qt-5/qtranslator.html QTranslator]
> >
> how do these make any sense here?

We were just brainstorming there.

Anyhow, QCommandLineParser processes command line arguments from the outside. These command line arguments might come from other tools, output ... so it should be really robust in handling these.

QTranslator: The API is unfortunate in that the default directory were translations are looked up is QDir::currentPath()...

Regards

Kai



More information about the Development mailing list