Hi Peter,
I saw your post and it helped me get started. Thanks for that!
By the way: In step 1 you use
-fsanitize-coverage=edge
whereas I followed LLVM's example [1] and used
-fsanitize-coverage=trace-pc-guard
Unfortunately the documentation seems to be a bit scarce. Could you
please tell me briefly about the advantages of either one?
I guess I should include "edge" to [2], shouldn't I? Instead of hacking
the mkspec you could then just use
<src>/configure -sanitize address -coverage edge <further params>
Cheers,
Robert
[1] https://llvm.org/docs/LibFuzzer.html
[2] https://codereview.qt-project.org/236937/
Am 04.09.2018 um 11:17 schrieb Peter Hartmann:
Hello,
sounds like a good initiative, I was asking about the same thing 2 years
ago ([1]) but then somehow didn't follow up on this.
Back then I also wrote some simple fuzzing test cases ([2]) that found
some crashes and memory corruptions ([3]), I would be happy to
contribute them if they are deemed useful.
Regards,
Peter
[1]
http://lists.qt-project.org/pipermail/development/2016-December/028016.html
[2] https://github.com/peter-ha/qt-fuzzing
[3]
https://www.peter.hartmann.tk/single-post/2016/11/29/Fuzzing-Qt-with-libFuzzer
On 31.08.2018 11:24, Robert Löhning wrote:
Hi everybody,
yes I did. So far I have been working on getting Qt into a better
shape for fuzzing at all, resulting in [1].
This prepares a Qt build for being fuzz tested with clang's libFuzzer,
the tool that Google also uses in oss-fuzz. The fuzzer I used for
testing my setup already found a crash.
What I have so far:
- fuzzing Qt with libFuzzer locally, using [1]
- AFAICS collected all the needed "OK"s to enter Qt [2]
What I don't have so far:
- create the pull request for [2], wanted to do this now-ish
- Everything that comes after registering the project like:
- setting up build/run on Google's servers
- finding out what kind of dashboard I'll get there
I would appreciate if I might use the scripts you posted, Albert, or
if we could work on this together.
Cheers,
Robert
[1] https://codereview.qt-project.org/236937/
[2] https://github.com/google/oss-fuzz/compare/master...rlohning:master
Am 30.08.2018 um 21:27 schrieb Lars Knoll:
Hi Albert,
Nice! Robert has been working on exactly the same thing lately. I
think it would be good if you guys coordinated the effort :)
It would be ideal, if we could somehow get those mails forwarded to
the security mailing list. I wonder whether we could do that with a
special mail account that forwards to the security mailing list.
Cheers,
Lars
On 30 Aug 2018, at 20:42, Albert Astals Cid via Development
<[email protected]> wrote:
oss-fuzz is an online fuzzing service run by Google.
They test daily the code base and run fuzzying over it, maintaining
a list of open and closed bugs.
As example you can see one of the poppler issues i fixed at
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9382
Everything is done automatically by a bot, except my "This is fixed
by" comment, but that's just there for historical reasons, it's not
really needed.
Found bugs are sent to a list of trusted address and kept private
for 90 days, then if not fixed then they become public.
Fixed bugs become public 30 days after being fixed.
I have made a qimage fuzzer that uses libpng test files as seed corpus.
You can find it at https://github.com/albert-astals-cid-kdab/oss-fuzz
Adding support for Qt is "relatively simple" see
https://github.com/albert-astals-cid-kdab/oss-fuzz/commit/2df60c7af6619b8a6a44b1cd679bf356e6e6ed3f
I made a local test run of the undefined sanitizer and it found
https://paste.kde.org/prkox41mx
in a few seconds, so "it works"
If you want to test it locally you can do
python infra/helper.py build_fuzzers --sanitizer undefined qt
python infra/helper.py run_fuzzer qt qimage_fuzzer
for the undefined sanitizer and
python infra/helper.py build_fuzzers --sanitizer address qt
python infra/helper.py run_fuzzer qt qimage_fuzzer
Unfortunately I have not been able to compile with the memory
sanitizer enabled yet.
The most important thing before submitting this upstream is changing
the list of trusted addresses the private bugs get sent to.
To have something written i've used my email address but i guess at
least i should add [email protected] (listed as QImage
maintainer) there too? Anyone else?
I am not sure how the email address thing works, but i think they
need to be "google account" activated, whatever that means, so we
can't use [email protected]. On poppler i'm using my
@gmail.com address and not my @kde.org address since it was just
easier.
Comments?
Cheers,
Albert
--
Albert Astals Cid | [email protected] | Software Engineer
Klarälvdalens Datakonsult AB, a KDAB Group company
Tel: Sweden (HQ) +46-563-540090, USA +1-866-777-KDAB(5322)
KDAB - The Qt, C++ and OpenGL Experts
_______________________________________________
Development mailing list
[email protected]
http://lists.qt-project.org/mailman/listinfo/development
_______________________________________________
Development mailing list
[email protected]
http://lists.qt-project.org/mailman/listinfo/development
_______________________________________________
Development mailing list
[email protected]
http://lists.qt-project.org/mailman/listinfo/development
