[Development] Qt is being tested in oss-fuzz

Robert Löhning robert.loehning at qt.io
Thu Mar 12 23:01:18 CET 2020


in [1], I promised to keep you updated about Qt in oss-fuzz and it's
high time.

I'm happy to inform you that since the beginning of this year, Google's
oss-fuzz [2] is running tests on Qt 5.15. So far, only four functions
are being tested directly, but much more code is covered through these,
as you can see in [3].

This already found a number of issues which I forward to the security
mailing list. 90 days after finding them or 30 days after verifying the
fix - whatever comes first - they are being published in [4].

One by one, I'll now add tests for more code, starting with that
mentioned on QtCS. [5]

If you have any ideas, questions or complaints, please don't hesitate to
send them to me.


[2] https://github.com/google/oss-fuzz
[4] https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj%3Dqt&can=1
[5] https://wiki.qt.io/Qt_Contributors_Summit_2019_-Fuzzing_Qt

More information about the Development mailing list