<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Markeringsbobletekst Tegn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.MarkeringsbobletekstTegn
{mso-style-name:"Markeringsbobletekst Tegn";
mso-style-priority:99;
mso-style-link:Markeringsbobletekst;
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:3.0cm 2.0cm 3.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DA" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">Good stuff, Even! Glad you took the time to set it up.
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">Q1: Yes. I am happy with integrating PROJ.4 with OSS-Fuzz.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">Q2: I'd like to be on the CC list. I dont' think I have my work email attached to my google account, so please change my address to
<a href="mailto:kristianevers@gmail.com">kristianevers@gmail.com</a> instead.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">It is a quite impressive thing google have created here. It is also quite elaborate, so it will probably take a while before I fully understand how it works. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">/Kristian<o:p></o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="color:black">
<hr size="2" width="100%" align="center">
</span></div>
<div id="divRpF234053">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">Fra:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"> Even Rouault [even.rouault@spatialys.com]<br>
<b>Sendt:</b> 20. maj 2017 23:06<br>
<b>Til:</b> <a href="mailto:proj@lists.maptools.org">proj@lists.maptools.org</a><br>
<b>Emne:</b> Submitting proj.4 to Google OSS Fuzz ?</span><span style="color:black"><o:p></o:p></span></p>
</div>
<div>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">Hi,<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">OSS-Fuzz is Continuous Fuzzing for Open Source Software :<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="https://github.com/google/oss-fuzz/">https://github.com/google/oss-fuzz/</a> (it has a good intro on what it consists of)<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">Basically OSS Fuzz checkouts the source code repo every day, builds it, runs fuzzing tools<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">on test program you create, files bugs when it finds some and notify developers,<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">and close them automatically once it has verified that a fix has been pushed to the repo<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">(within one or two days)<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">I've experimented in integrating proj.4 with it (after having used it successfully<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">in GDAL since more than one week)<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">If you have Docker installed, you can test it locally with :<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">git clone --branch=add_proj
<a href="mailto:git@github.com:rouault/oss-fuzz.git">git@github.com:rouault/oss-fuzz.git</a><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">cd oss-fuzz<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">export PROJECT_NAME=proj4<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">python infra/helper.py build_image $PROJECT_NAME<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"># or --sanitizer undefined<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">python infra/helper.py build_fuzzers --sanitizer address $PROJECT_NAME<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">python infra/helper.py run_fuzzer $PROJECT_NAME standard_fuzzer<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">See <a href="https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md">
https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md</a> for more details.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">In a few seconds, it has found 2 issues for which I have a PR ready;<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="https://github.com/OSGeo/proj.4/pull/516">https://github.com/OSGeo/proj.4/pull/516</a><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">It is likely that more are pending...<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">The integration in OSS Fuzz is in 2 parts :<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">- a few new files to Google OSS Fuzz repository, mostly to mention the<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">proj.4 code source repo and bootstrap the build with fuzzers<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="https://github.com/google/oss-fuzz/compare/master...rouault:add_proj">https://github.com/google/oss-fuzz/compare/master...rouault:add_proj</a><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">- a few new files to proj.4 repository with the code to run under the fuzzer:<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="https://github.com/OSGeo/proj.4/compare/master...rouault:ossfuzz">https://github.com/OSGeo/proj.4/compare/master...rouault:ossfuzz</a><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">I've create a simple fuzzer, fuzzers/standard_fuzzer.cpp, that checks that there<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">are 3 lines in the random (*) input provided by the fuzzer code to our code ,<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">takes the first one as a potential source proj.4 string, the second one as a<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">potential target proj.4 string, the third one as a potential pair of coordinates and<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">runs pj_transform() on it.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">And that's it (we don't really care about the return of pj_transform() itself). If none of the above<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">crashes, raises undefined behaviour, leaks memory, allocates tons of memory or takes forever<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">to complete, things are good. Otherwise oss fuzz will raise a bug.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">It would be easy to add fuzzer targets similar to the above to test other parts of the API.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">QUESTION 1:<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">Are people happy if we submit
<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="https://github.com/google/oss-fuzz/compare/master...rouault:add_proj?expand=1">https://github.com/google/oss-fuzz/compare/master...rouault:add_proj?expand=1</a><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">to Google - if they accept it since they are still in beta for now -, so they run it on<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">their clusters ? (actually the projects/proj4/Dockerfile will be modified to point to<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">proj.4 master instead of my clone, once I've merged my proj.4 ossfuzz branch to master)<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">If they don't accept it yet, we can also merge my proj.4 ossfuzz branch to master and<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">people interested can follow the above procedure to run it locally on their machine.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">I've put Howard and Kristian in the CC list of bug notifications that will be privately accessible<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">in the first 90 days of their discovery.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">QUESTION 2 to Howard and Kristian :<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">Please confirm you are interested in being CC'ed of bugs, and<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">tell me if the email I put is associated with a Google email account (if not, you<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">will not be able to access the bug details / bug list) :<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="https://github.com/google/oss-fuzz/compare/master...rouault:add_proj?expand=1#diff-76deaed2c7f4f80693f34903d9f7ae34">https://github.com/google/oss-fuzz/compare/master...rouault:add_proj?expand=1#diff-76deaed2c7f4f80693f34903d9f7ae34</a><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">(actually I had an issue when I did the GDAL integration: it seems the email must be<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">a Google email, not just associated with a Google account)<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">If other proj.4 developers are interested, tell me and give me your Google email.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">Even<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">(*) not so random input since the fuzzers are quite smart to build a relevant dictionnary, but<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">it is also possible to feed it with a relevant initial dictionnary too. For example we could<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">put some grid names, proj parameter names, etc...<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">-- <o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black">Spatialys - Geospatial professional services<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="color:black"><a href="http://www.spatialys.com">http://www.spatialys.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>