On Mittwoch, 17. Mai 2017 19:10:40 CEST Bruno Haible wrote: > Hi Tim, > > > What about fuzzing ? > > I just work on OSS-Fuzz[1] integration for Wget2. Is There interest in a > > 'starter' for gnulib with a example fuzz code ? > > Gnulib by itself does not provide functionality that consumes input.
You can fuzz each function provided by gnulib. You start with test data that covers as much of the codes paths as possible. The fuzzer also detects new code paths, outputs data to cover these (to use it in unit tests) and also is able to minimize this test data. It likely doesn't make sense to fuzz *all* functions. Maybe one should start with the most complex functions. > But Gnulib provides common coding patterns for packages that use the GNU > Build System, and some such packages (gettext, grep, guile, gzip, sed, tar, > texinfo maybe?) could probably make use of an OSS-FUZZ integration. If you > have a Makefile.am pattern for this, it would be interesting for Gnulib. Perhaps that is possible. Let me first finish my fuzzer work for Wget2 (not even pushed yet) and then we'll examine it. > Bruno > > [1] > https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.ht > ml With Best Regards, Tim
signature.asc
Description: This is a digitally signed message part.
