[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fuzzing
From: |
Tim Rühsen |
Subject: |
Re: fuzzing |
Date: |
Wed, 17 May 2017 21:47:28 +0200 |
User-agent: |
KMail/5.2.3 (Linux/4.9.0-3-amd64; KDE/5.28.0; x86_64; ; ) |
On Mittwoch, 17. Mai 2017 19:10:40 CEST Bruno Haible wrote:
> Hi Tim,
>
> > What about fuzzing ?
> > I just work on OSS-Fuzz[1] integration for Wget2. Is There interest in a
> > 'starter' for gnulib with a example fuzz code ?
>
> Gnulib by itself does not provide functionality that consumes input.
You can fuzz each function provided by gnulib. You start with test data that
covers as much of the codes paths as possible. The fuzzer also detects new
code paths, outputs data to cover these (to use it in unit tests) and also is
able to minimize this test data.
It likely doesn't make sense to fuzz *all* functions. Maybe one should start
with the most complex functions.
> But Gnulib provides common coding patterns for packages that use the GNU
> Build System, and some such packages (gettext, grep, guile, gzip, sed, tar,
> texinfo maybe?) could probably make use of an OSS-FUZZ integration. If you
> have a Makefile.am pattern for this, it would be interesting for Gnulib.
Perhaps that is possible. Let me first finish my fuzzer work for Wget2 (not
even
pushed yet) and then we'll examine it.
> Bruno
>
> [1]
> https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.ht
> ml
With Best Regards, Tim
signature.asc
Description: This is a digitally signed message part.