> I'm interested. What is your plan, where help is needed? I don't actually have a plan :)
I've been using an internal to Google interface to drive fuzzing so far and have yet to look at what it takes to drive OSS-Fuzz. So someone looking at what we need to do to trigger the fuzzing would be great. The actual writing of fuzzers is pretty easy... e.g. https://gist.github.com/schwehr/d4d48b60ed99986ce18703262fe98758 We just need to get a local version of WrapUnique and autotest2::VsiMemTempWrappe, or something equivalent, or be explicit about the cleanup. Agreed that more fuzzing engines would be nice, but I think we are still at the point where we can find bugs faster than we can fix them. I've got a stack of HFA issues and I hit my first GeoJSON bug with the first couple minutes of fuzzing starting with an empty corpus on a single core. A comparison data point... kakadu was 43 issues found in approx a week of fuzzing with 1k cores. On Sat, Apr 22, 2017 at 7:58 AM, Even Rouault <even.roua...@spatialys.com> wrote: > On vendredi 21 avril 2017 09:23:50 CEST Mateusz Loskot wrote: > > > On 21 April 2017 at 02:06, Kurt Schwehr <schw...@gmail.com> wrote: > > > > The Google security team is interested in having GDAL join the > OSS-Fuzz - > > > > Continuous Fuzzing for Open Source Software project: > > > > > > > > https://github.com/google/oss-fuzz > > > > > > > > If folks are interested, I've got a few fuzzers that we can start with > > > > that > > > > we can copy from gdal-autotest2. > > > > > > I think it's an interesting project GDAL should be part of. > > > > +1 > > > > > > > > I'm interested. What is your plan, where help is needed? > > > > > > p.s. I see OSS-Fuzz is going to add new fuzing engines in future. > > > Perhaps Dr Memory/Dr Fuzz, already used by Chromium AFAIK, > > > will be considered too. AFAIU it comes with built-in fuzzer > > > and supports Windows. > > > > > > Best regards, > > > > > > -- > > Spatialys - Geospatial professional services > > http://www.spatialys.com >
_______________________________________________ gdal-dev mailing list gdal-dev@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/gdal-dev
