Re: Integrating GCC with oss-fuzz

[Jonathan Wakely <jwakely.gcc@gmail.com>]

On Mon, 16 Mar 2020 at 21:15, David Korczynski wrote:
>
> Hi!
>
> My name is David Korczynski and I have been doing some work on
> integrating fuzzing by way of OSS-Fuzz into the gcc project. This came
> out of fuzzing libiberty within the binutils project where we found
> several bugs within libiberty. However, the binutils owners are not
> working on libiberty so we dont get much results from reporting to them.

N.B. fuzzing the demangler is not really considered useful by some of
us. Actually helping to fix bugs would be more helpful than just
reporting yet another issue in the demangler code. There are more
useful things that could be fuzzed, but so far everybody fuzzing seems
to go for the easy target that gets them lots of "successes".

We talked about using oss-fuzz for the std::regex code. There are
probably other places in the C++ standard library that would benefit.

> I was wondering if we could set up a similar project, namely by
> integrating gcc to the OSS-Fuzz project and the errors found will then
> automatically be sent to gcc-bugs@gcc.gnu.org?

Sending email to that list doesn't achieve anything. Bugs need to be
reported to Bugzilla.

> We can either add the
> fuzzers upstream to gcc or do as binutils and adding them to OSS-Fuzz. I
> have already done the work so we should be good to go with continuous
> fuzzing if you are interested!
>
> You can see the current binutils project here:
> https://github.com/google/oss-fuzz/tree/master/projects/binutils

I'm glad to see there's more being fuzzed than just the demangler.

> Here the binutils owners outline their interest in the project:
> https://github.com/google/oss-fuzz/pull/2617