[
https://issues.apache.org/jira/browse/COMPRESS-632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17788446#comment-17788446
]
Yakov Shafranovich commented on COMPRESS-632:
---------------------------------------------
I submitted a PR to oss-fuzz to expand coverage to most archivers and
compressors (except for the ones using third party libraries). There are a few
more I am working on so there is going to be a second oss-fuzz PR later on. See:
https://github.com/google/oss-fuzz/pull/11252
> Improve fuzzing coverage in oss-fuzz
> ------------------------------------
>
> Key: COMPRESS-632
> URL: https://issues.apache.org/jira/browse/COMPRESS-632
> Project: Commons Compress
> Issue Type: Improvement
> Reporter: Robin Schimpf
> Priority: Major
>
> Fuzzing the library brought great stability improvements in the last couple
> releases. But the current integration in oss-fuzz has only a limited scope.
> Fuzzing is only done on the following classes:
> * SevenZFile
> * TarFile
> * ZipFile
> Additionally those fuzzing tests only open the file and are not reading the
> file content.
> IMHO the tests should be expanded to cover the following:
> * Fuzz all supported formats (stream based and file based)
> * Read the whole fuzzed file
> I don't know if it makes sense to also fuzz archive creation. The only thing
> which might be worth there would be the ArchiveEntries since fuzzing the file
> content seems useless.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
