[Development] Qt is being tested in oss-fuzz
Robert Löhning
robert.loehning at qt.io
Thu Mar 12 23:01:18 CET 2020
Hi,
in [1], I promised to keep you updated about Qt in oss-fuzz and it's
high time.
I'm happy to inform you that since the beginning of this year, Google's
oss-fuzz [2] is running tests on Qt 5.15. So far, only four functions
are being tested directly, but much more code is covered through these,
as you can see in [3].
This already found a number of issues which I forward to the security
mailing list. 90 days after finding them or 30 days after verifying the
fix - whatever comes first - they are being published in [4].
One by one, I'll now add tests for more code, starting with that
mentioned on QtCS. [5]
If you have any ideas, questions or complaints, please don't hesitate to
send them to me.
Cheers,
Robert
[1]
https://lists.qt-project.org/pipermail/development/2019-January/034894.html
[2] https://github.com/google/oss-fuzz
[3]
https://storage.googleapis.com/oss-fuzz-coverage/qt/reports/20200312/linux/report.html
[4] https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj%3Dqt&can=1
[5] https://wiki.qt.io/Qt_Contributors_Summit_2019_-Fuzzing_Qt
More information about the Development
mailing list