Hi, Here and below are the notes from this session:
https://wiki.qt.io/Qt_Contributors_Summit_2019_-Fuzzing_Qt Cheers, Robert == Introduction == * Explained briefly what fuzzing is in general * Showed how to fuzz Qt itself<br/>See readme file: https://code.qt.io/cgit/qt/qtbase.git/tree/tests/libfuzzer/README === What's missing to test Qt in oss-fuzz? === Google offers infrastructure and workflow for fuzzing free software, see https://github.com/google/oss-fuzz * Qt still needs to support more sanitizers * A docker image defines how to build Qt and the fuzz targets A prototype exists, but needs tuning Robert is working on both. === Which code needs fuzz testing the most? === Agreed criteria: Code that operates on possibly untrusted data Proposals from the audience: * Classes ** [https://doc.qt.io/qt-5/qcborvalue.html QCborValue] ** [https://doc.qt.io/qt-5/qcommandlineparser.html QCommandLineParser] ** [https://doc.qt.io/qt-5/qdatastream.html QDataStream] ** [https://doc.qt.io/qt-5/qimage.html QImage] and its plugins ** [https://doc.qt.io/qt-5/qjsonvalue.html QJsonValue] ** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression] ** [https://doc.qt.io/qt-5/qsslcertificate.html QSslCertificate] ** QPdf? ** [https://doc.qt.io/qt-5/qtextcodec.html QTextCodec] ** [https://doc.qt.io/qt-5/qtextstream.html QTextStream] ** [https://doc.qt.io/qt-5/qtranslator.html QTranslator] * Functions ** *::fromRawData ** [https://doc.qt.io/qt-5/qtextdocumentfragment.html#fromHtml QTextDocumentFragment::fromHtml] ** [https://doc.qt.io/qt-5/qurl.html#fromUserInput QUrl::fromUserInput] ** [https://doc.qt.io/qt-5/qwebengineview.html#setContent QWebEngineView::setContent] * Further mentions which were considered tricky ** [https://doc.qt.io/qt-5/qabstractsocket.html QAbstractSocket] ** [https://doc.qt.io/qt-5/qstring.html#asprintf QString::asprintf] Robert will try adding them one by one. If you'd like to contribute some, he will happily review them. If you have further proposals, please comment here or write to Robert directly. _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development