This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: oss-fuzz
- From: Mark Wielaard <mark at klomp dot org>
- To: Berkeley Churchill <berkeleychurchill at gmail dot com>, elfutils-devel at sourceware dot org
- Date: Mon, 23 Dec 2019 02:12:07 +0100
- Subject: Re: oss-fuzz
- References: <CAMT_tviDwmQC-DkDHz0OsJ=KhVGKVY3iuhERu+8s3vjhc5P5Rw@mail.gmail.com>
Hi Berkeley,
On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote:
> Any interest in integrating with oss-fuzz? It's a google project
> that supports open source projects by fuzzing. It allows Google to
> find and report bugs, especially security bugs, to the project.
> I'm willing to work on writing fuzzers and performing the integration,
> if this would be welcome by the maintainers. Thoughts?
Certainly interested. I have been running afl-fuzz on various utilities
and test cases. That has found lots of issues. But it isn't very
structured. And it often needs to go through a completely valid ELF
file before fuzzing the more interesting data structures inside it.
The only request I would have is that if the fuzzer targets are added
to elfutils itself then they should also be made to work locally. So
someone could also use them with e.g. afl-fuzz or some other fuzzing
framework, or simply as extra testcase.
Please also see:
https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD
Cheers,
Mark