On Sunday, December 4, 2016 10:28:16 PM CET Peter Hartmann wrote: > Hello, > > after Google announced their continuous fuzzing approach some days ago > (see [1]), I tried to make Qt work with it and the fuzzing testcases I > have written the last weeks ([2]). > > If people agree, we could try going forward with putting Qt onto > OSS-Fuzz as well. I am almost there with setting it up ([3]), and once > this is done I don't expect a lot of maintenance. > > The fuzzing test cases ([2]) could be hosted as a Qt playground project > instead of github if desired. > > As a side note, this platform already contains libraries that Qt uses, > e.g. OpenSSL, zlib, harfbuzz, ICU and others.
I'd like to see that happen, more testing is always a win. But we will need to learn from the coverity lessons: - make sure from the start that multiple people in the qt community know how to update the tests (and qt version), and access the results - make sure that qt security list gets notified about potential securitiy issues found therein Peppe (CC'ed) has also just recently looked into fuzzing, he probably has something to add. Cheers -- Milian Wolff | [email protected] | Software Engineer KDAB (Deutschland) GmbH&Co KG, a KDAB Group company Tel: +49-30-521325470 KDAB - The Qt Experts
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
