Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-12-02 Thread Robert Loehning
Am 22.11.2019 um 19:11 schrieb Edward Welbourne: > Il 21/11/19 13:13, Robert Loehning ha scritto: >>> ** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression] > > Giuseppe D'Angelo (22 November 2019 18:17) replied: >> This should mostly be fuzzing libpcre itself... > > ... which

Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-27 Thread André Somers
On 22/11/2019 18:17, Giuseppe D'Angelo via Development wrote: Il 21/11/19 13:13, Robert Loehning ha scritto: ** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression] This should mostly be fuzzing libpcre itself... Note that users should NEVER use / accept untrusted regular

Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-22 Thread Oswald Buddenhagen
On Fri, Nov 22, 2019 at 04:19:21PM +, Kai Koehne wrote: Anyhow, QCommandLineParser processes command line arguments from the outside. These command line arguments might come from other tools, output ... so it should be really robust in handling these. "from the outside" is not the

Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-22 Thread Edward Welbourne
Il 21/11/19 13:13, Robert Loehning ha scritto: >> ** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression] Giuseppe D'Angelo (22 November 2019 18:17) replied: > This should mostly be fuzzing libpcre itself... ... which Google is probably already doing. > Note that users should

Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-22 Thread Giuseppe D'Angelo via Development
Il 21/11/19 13:13, Robert Loehning ha scritto: ** [https://doc.qt.io/qt-5/qregularexpression.html QRegularExpression] This should mostly be fuzzing libpcre itself... Note that users should NEVER use / accept untrusted regular expressions. While we shouldn't crash or exhaust memory, PCREs

Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-22 Thread Kai Köhne
> -Original Message- > From: Development On Behalf Of > Oswald Buddenhagen > Sent: Thursday, November 21, 2019 2:41 PM > To: development@qt-project.org > Subject: Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session > > On Thu, Nov 21, 2019 at

Re: [Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-21 Thread Oswald Buddenhagen
On Thu, Nov 21, 2019 at 12:13:55PM +, Robert Loehning wrote: === Which code needs fuzz testing the most? === Agreed criteria: Code that operates on possibly untrusted data Proposals from the audience: * Classes ** [https://doc.qt.io/qt-5/qcommandlineparser.html QCommandLineParser] **

[Development] QtCS2019 Notes from "Fuzzing Qt" BoF session

2019-11-21 Thread Robert Loehning
Hi, Here and below are the notes from this session: https://wiki.qt.io/Qt_Contributors_Summit_2019_-Fuzzing_Qt Cheers, Robert == Introduction == * Explained briefly what fuzzing is in general * Showed how to fuzz Qt itselfSee readme file: