Great, thanks for the feedback! One of my first tasks will be to support llvm/clang builds. I've seen some prior discussion on what's needed for that, but if you have any extra tips I'll take them. I'll be sure to create a build target for the fuzzers so they can be run standalone.
Berkeley On Mon, Dec 23, 2019 at 3:12 AM Mark Wielaard <m...@klomp.org> wrote: > Hi Berkeley, > > On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote: > > Any interest in integrating with oss-fuzz? It's a google project > > that supports open source projects by fuzzing. It allows Google to > > find and report bugs, especially security bugs, to the project. > > I'm willing to work on writing fuzzers and performing the integration, > > if this would be welcome by the maintainers. Thoughts? > > Certainly interested. I have been running afl-fuzz on various utilities > and test cases. That has found lots of issues. But it isn't very > structured. And it often needs to go through a completely valid ELF > file before fuzzing the more interesting data structures inside it. > > The only request I would have is that if the fuzzer targets are added > to elfutils itself then they should also be made to work locally. So > someone could also use them with e.g. afl-fuzz or some other fuzzing > framework, or simply as extra testcase. > > Please also see: > https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD > > Cheers, > > Mark >
