-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OSS-Fuzz integration #124
Comments
Hi, Yes, I'm very interested in this. I definitely want QCBOR fuzzed on a regular basis. I've tried to keep QCBOR very neat, portable and easy to build and integrate. For this reason, the main regression test I run is not part of the automated build system. Instead it is in a separate repository: https://github.com/laurencelundblade/qdv. I run the tests in qdv manually before each merge. I'm not sure how your fuzzer would integrate. Maybe you could make a PR so I could see? Thank you very much!! LL |
Aha, I hadn't realized that you kept the regression tests in a different repository. I'm happy to put the fuzzer into the qdv repository instead; we just want to ensure that the fuzzer lives with the rest of the project's tests (instead of in the OSS-Fuzz repository where it could fall out of sync with the project). I'll try integrating the fuzzer into the qvd repository. Is https://github.com/laurencelundblade/qdv/blob/master/b.sh the top-level script you use for regression testing? |
Hello!
I'm an application security engineer at Google who contributes to Google's fuzzing efforts. I've written a simple fuzzer for QCBOR based on the
ComprehensiveInputRecurser
test in qcbor_decode_tests.c, and I'd like to know if you're interested in adding it directly to the QCBOR repository. Once it's in this repository, I can integrate it with OSS-Fuzz so that you automatically receive bugs that our fuzzers find -- all you'll need is an e-mail address associated with a Google account (here's why).Please let me know if you're interested, and if so, how'd you prefer to add the file to this repository. The fuzzer itself is less than 20 lines long, but does require special
CFLAGS
to buildThe text was updated successfully, but these errors were encountered: