* fuzzing anybody
@ 2016-12-06 12:26 Ruediger Meier
2016-12-06 14:31 ` Karel Zak
0 siblings, 1 reply; 2+ messages in thread
From: Ruediger Meier @ 2016-12-06 12:26 UTC (permalink / raw)
To: util-linux
Hello,
google is offereing "Fuzz testing" for famous OSS projects
https://github.com/google/oss-fuzz
I've thought this might be a nice idea for util-linux and already
registered
https://github.com/google/oss-fuzz/pull/120
Stupidly I've missed the point that I would also need to write some code
which intelligently feeds our UL programs with the generated random
data to find bugs. I thought that this is what google would do for us
but they only give us the their infrastructure for running the actual
tests. ;)
So if anybody is interested in this fuzzing topic ... maybe someone has
a good idea, say how to feed libsmartcol or libblkid with random data.
A good and even interesting point to start is this "libFuzzer Tutorial":
https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md
Also interesting to see how other projects are doing it already in
google's oss-fuzz.
for example curl:
https://github.com/google/oss-fuzz/blob/master/projects/curl/curl_fuzzer.cc
or openssl which has a fuzz/ sub-directory in their original project.
https://github.com/openssl/openssl/tree/master/fuzz
cu,
Rudi
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: fuzzing anybody
2016-12-06 12:26 fuzzing anybody Ruediger Meier
@ 2016-12-06 14:31 ` Karel Zak
0 siblings, 0 replies; 2+ messages in thread
From: Karel Zak @ 2016-12-06 14:31 UTC (permalink / raw)
To: Ruediger Meier; +Cc: util-linux
On Tue, Dec 06, 2016 at 01:26:09PM +0100, Ruediger Meier wrote:
> google is offereing "Fuzz testing" for famous OSS projects
> https://github.com/google/oss-fuzz
>
> I've thought this might be a nice idea for util-linux and already
> registered
> https://github.com/google/oss-fuzz/pull/120
>
> Stupidly I've missed the point that I would also need to write some code
> which intelligently feeds our UL programs with the generated random
> data to find bugs. I thought that this is what google would do for us
> but they only give us the their infrastructure for running the actual
> tests. ;)
>
> So if anybody is interested in this fuzzing topic ... maybe someone has
> a good idea, say how to feed libsmartcol or libblkid with random data.
Good idea for libblkid (I have already seen report about minix if I
good remember). Not sure about libsmartcol where it's application who
fill data to the table.
> A good and even interesting point to start is this "libFuzzer Tutorial":
> https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md
>
> Also interesting to see how other projects are doing it already in
> google's oss-fuzz.
>
> for example curl:
> https://github.com/google/oss-fuzz/blob/master/projects/curl/curl_fuzzer.cc
>
> or openssl which has a fuzz/ sub-directory in their original project.
> https://github.com/openssl/openssl/tree/master/fuzz
Go ahead, tests/fuzz/ is no problem :-)
Karel
--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-12-06 14:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-06 12:26 fuzzing anybody Ruediger Meier
2016-12-06 14:31 ` Karel Zak
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox