[gdal-dev] Gdal and Google's OSS Fuzzing project

Mateusz Loskot mateusz at loskot.net
Tue May 9 13:21:45 PDT 2017


On 8 May 2017 at 20:58, Kurt Schwehr <schwehr at gmail.com> wrote:
> Yup... https://lists.osgeo.org/pipermail/gdal-dev/2017-April/046495.html
>
> I'd be happy if anyone else wanted to take lead on it.

I'd really like to, but due to newborn & family duties I'm not going
to promise anything.

> I've added a number of fuzz targets to
> https://github.com/schwehr/gdal-autotest2/tree/master/cpp and modified GDAL
> to make fuzzing more productive... e.g.
>
> https://trac.osgeo.org/gdal/changeset/37592/ adds
> FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to a driver
> https://trac.osgeo.org/gdal/changeset/37909 example fix

The autotest2 efforts are awesome, but huge'ish and without RFC(s)
and lots of work, they won't make it into GDAL any time soon, I suspect.

So, wonder if we could integrate with oss-fuzz at smaller scale:
- create /fuzzer direcotry (next to /gdal  and /autotest)
- port fuzz targets only from Kurt's
https://github.com/schwehr/gdal-autotest2/blob/master/cpp/
- add minimal integration with GDAL build config for Unix

and basically follow
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md

Best regards,
-- 
Mateusz Loskot, http://mateusz.loskot.net


More information about the gdal-dev mailing list