Dear Lasse, On 11/2/18 9:20 PM, Lasse Collin wrote: > On 2018-10-31 Bhargava Shastry wrote: >> On 10/30/18 6:26 PM, Lasse Collin wrote: >>> On 2018-10-30 Bhargava Shastry wrote: >>>> - oss-fuzz requires a Google linked email address of the >>>> maintainer. Could you please provide me one? >>> >>> No, I'm sorry. This is the email address to use to contact me, and I >>> don't plan to link this address to a Google account. >> >> No need to apologize :) >> >> I didn't mean to be presumptuous. > > I didn't mean to imply anything like that. Sorry if there was a > misunderstanding. I understand OSS-Fuzz is a Google project so it makes > sense to use Google accounts for logins. (So far I only have a Google > account to access Play Store on Android; I don't use it otherwise.)
No worries, all is good :) >> The thing is that oss-fuzz creates >> bug reports on Google infrastructure and hence the requirement. >> >> I will ask oss-fuzz folks if there is an alternative to Google-linked >> account for viewing bug reports. > > Thanks. I saw your discussion here: > > https://github.com/google/oss-fuzz/issues/1915 > > Just seeing bug reports (or getting some kind of notice that something > has been found) goes a long way. :-) Okay :) >> After running version 2 overnight (with the corpus generated from >> version 1), I see that v2 covers 1007 CFG edges (1% better coverage). >> >> I agree that version 1 is better :) > > Hmm OK, thanks. I was thinking if v2 with bigger buffers is worth > considering still but I don't want to think more, so let's go with v1. Thank you. Moving forward, we could create more fuzz targets for different buffer sizes, or have a single target but make the buffer size conditional on, say, the first byte of fuzzed input. We could pick up on this thread once the initial integration with oss-fuzz has been accepted. > I committed these four files: > > tests/ossfuzz/Makefile > tests/ossfuzz/config/fuzz.dict > tests/ossfuzz/config/fuzz.options > tests/ossfuzz/fuzz.c > > I hope they are OK. > > Is this all that I have to do for now? Other people will take care of > the rest (Dockerfile and such that were in pdknsk's commit), right? Right, I have sent a PR to this effect. https://github.com/google/oss-fuzz/pull/1919 Once this is merged, xz will be continuously fuzzed. Thank you once again for your feedback and help on this front :) I wish more software creators/maintainers show similar interest in fuzzing! Regards, Bhargava -- Bhargava Shastry <bshas...@sect.tu-berlin.de> Security in Telecommunications TU Berlin / Telekom Innovation Laboratories Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany phone: +49 30 8353 58235 Keybase: https://keybase.io/bshastry