* Integrating GCC with oss-fuzz
@ 2020-03-16 21:12 David Korczynski
2020-03-17 10:25 ` Jonathan Wakely
0 siblings, 1 reply; 2+ messages in thread
From: David Korczynski @ 2020-03-16 21:12 UTC (permalink / raw)
To: gcc
Hi!
My name is David Korczynski and I have been doing some work on
integrating fuzzing by way of OSS-Fuzz into the gcc project. This came
out of fuzzing libiberty within the binutils project where we found
several bugs within libiberty. However, the binutils owners are not
working on libiberty so we dont get much results from reporting to them.
I was wondering if we could set up a similar project, namely by
integrating gcc to the OSS-Fuzz project and the errors found will then
automatically be sent to gcc-bugs@gcc.gnu.org? We can either add the
fuzzers upstream to gcc or do as binutils and adding them to OSS-Fuzz. I
have already done the work so we should be good to go with continuous
fuzzing if you are interested!
You can see the current binutils project here:
https://github.com/google/oss-fuzz/tree/master/projects/binutils
Here the binutils owners outline their interest in the project:
https://github.com/google/oss-fuzz/pull/2617
Kind regards,
David
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Integrating GCC with oss-fuzz
2020-03-16 21:12 Integrating GCC with oss-fuzz David Korczynski
@ 2020-03-17 10:25 ` Jonathan Wakely
0 siblings, 0 replies; 2+ messages in thread
From: Jonathan Wakely @ 2020-03-17 10:25 UTC (permalink / raw)
To: David Korczynski; +Cc: gcc
On Mon, 16 Mar 2020 at 21:15, David Korczynski wrote:
>
> Hi!
>
> My name is David Korczynski and I have been doing some work on
> integrating fuzzing by way of OSS-Fuzz into the gcc project. This came
> out of fuzzing libiberty within the binutils project where we found
> several bugs within libiberty. However, the binutils owners are not
> working on libiberty so we dont get much results from reporting to them.
N.B. fuzzing the demangler is not really considered useful by some of
us. Actually helping to fix bugs would be more helpful than just
reporting yet another issue in the demangler code. There are more
useful things that could be fuzzed, but so far everybody fuzzing seems
to go for the easy target that gets them lots of "successes".
We talked about using oss-fuzz for the std::regex code. There are
probably other places in the C++ standard library that would benefit.
> I was wondering if we could set up a similar project, namely by
> integrating gcc to the OSS-Fuzz project and the errors found will then
> automatically be sent to gcc-bugs@gcc.gnu.org?
Sending email to that list doesn't achieve anything. Bugs need to be
reported to Bugzilla.
> We can either add the
> fuzzers upstream to gcc or do as binutils and adding them to OSS-Fuzz. I
> have already done the work so we should be good to go with continuous
> fuzzing if you are interested!
>
> You can see the current binutils project here:
> https://github.com/google/oss-fuzz/tree/master/projects/binutils
I'm glad to see there's more being fuzzed than just the demangler.
> Here the binutils owners outline their interest in the project:
> https://github.com/google/oss-fuzz/pull/2617
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-17 10:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-16 21:12 Integrating GCC with oss-fuzz David Korczynski
2020-03-17 10:25 ` Jonathan Wakely
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).