On 06.12.2016 12:45, Giuseppe D'Angelo wrote:
I'm all for it, and I think we should fuzz all sorts of "parsers" inside Qt (HTTP, JSON, image formats, CSS, HTML, ...).
good idea, as I said we could host the tests as a playground project or so and let people add more test cases...
To address Milian's other comments, building Qt and checking out the right version etc. would be hosted inside Google's repos (see e.g. the build script for curl: https://github.com/google/oss-fuzz/blob/master/projects/curl/build.sh); they also provide tools and documentation on how to run this locally.
We could make the security mailing list the direct email contact in case issues are found; I just don't know how much noise this would produce. Anyhow I think we could find a solution that works for everybody...
Peter -- Peter Hartmann // Titurelstrasse 2 // 89125 Munich // Germany [email protected] www.peter.hartmann.tk _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
