* fuzzing anybody @ 2016-12-06 12:26 Ruediger Meier 2016-12-06 14:31 ` Karel Zak 0 siblings, 1 reply; 2+ messages in thread From: Ruediger Meier @ 2016-12-06 12:26 UTC (permalink / raw) To: util-linux Hello, google is offereing "Fuzz testing" for famous OSS projects https://github.com/google/oss-fuzz I've thought this might be a nice idea for util-linux and already registered https://github.com/google/oss-fuzz/pull/120 Stupidly I've missed the point that I would also need to write some code which intelligently feeds our UL programs with the generated random data to find bugs. I thought that this is what google would do for us but they only give us the their infrastructure for running the actual tests. ;) So if anybody is interested in this fuzzing topic ... maybe someone has a good idea, say how to feed libsmartcol or libblkid with random data. A good and even interesting point to start is this "libFuzzer Tutorial": https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md Also interesting to see how other projects are doing it already in google's oss-fuzz. for example curl: https://github.com/google/oss-fuzz/blob/master/projects/curl/curl_fuzzer.cc or openssl which has a fuzz/ sub-directory in their original project. https://github.com/openssl/openssl/tree/master/fuzz cu, Rudi ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: fuzzing anybody 2016-12-06 12:26 fuzzing anybody Ruediger Meier @ 2016-12-06 14:31 ` Karel Zak 0 siblings, 0 replies; 2+ messages in thread From: Karel Zak @ 2016-12-06 14:31 UTC (permalink / raw) To: Ruediger Meier; +Cc: util-linux On Tue, Dec 06, 2016 at 01:26:09PM +0100, Ruediger Meier wrote: > google is offereing "Fuzz testing" for famous OSS projects > https://github.com/google/oss-fuzz > > I've thought this might be a nice idea for util-linux and already > registered > https://github.com/google/oss-fuzz/pull/120 > > Stupidly I've missed the point that I would also need to write some code > which intelligently feeds our UL programs with the generated random > data to find bugs. I thought that this is what google would do for us > but they only give us the their infrastructure for running the actual > tests. ;) > > So if anybody is interested in this fuzzing topic ... maybe someone has > a good idea, say how to feed libsmartcol or libblkid with random data. Good idea for libblkid (I have already seen report about minix if I good remember). Not sure about libsmartcol where it's application who fill data to the table. > A good and even interesting point to start is this "libFuzzer Tutorial": > https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md > > Also interesting to see how other projects are doing it already in > google's oss-fuzz. > > for example curl: > https://github.com/google/oss-fuzz/blob/master/projects/curl/curl_fuzzer.cc > > or openssl which has a fuzz/ sub-directory in their original project. > https://github.com/openssl/openssl/tree/master/fuzz Go ahead, tests/fuzz/ is no problem :-) Karel -- Karel Zak <kzak@redhat.com> http://karelzak.blogspot.com ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-12-06 14:31 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-12-06 12:26 fuzzing anybody Ruediger Meier 2016-12-06 14:31 ` Karel Zak
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox