Vincent Ulitzsch created XERCESC-2199:
-----------------------------------------
Summary: Add fuzzer source code
Key: XERCESC-2199
URL: https://issues.apache.org/jira/browse/XERCESC-2199
Project: Xerces-C++
Issue Type: Test
Components: Samples/Tests
Reporter: Vincent Ulitzsch
Attachments: add_fuzzers.patch
As discussed on the mailing list and [in this
PR|[https://github.com/apache/xerces-c/pull/2]|https://github.com/apache/xerces-c/pull/2],
this patch adds the fuzzing harnesses written by
[@bshastry|https://github.com/bshastry] and me to the xerces upstream. An
[initial integration into oss-fuzz
|https://github.com/google/oss-fuzz/pull/3083] already uncovered some bugs.
Integrating the fuzzing harnesses into upstream provides a cleaner way to test
the xerces code.
The purpose of this PR and the integration of xerces into oss-fuzz is to allow
parts of xerces' code to be continuously fuzzed, which would probably result in
the detection of security bugs early on in the development process. It also
adds the possibility for developers the build the fuzzers themselves, providing
the opportunity to immediately fuzz their code prior to commiting if they are
interested.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
