[gdal-dev] Gdal and Google's OSS Fuzzing project
Mateusz Loskot
mateusz at loskot.net
Tue May 9 13:21:45 PDT 2017
On 8 May 2017 at 20:58, Kurt Schwehr <schwehr at gmail.com> wrote:
> Yup... https://lists.osgeo.org/pipermail/gdal-dev/2017-April/046495.html
>
> I'd be happy if anyone else wanted to take lead on it.
I'd really like to, but due to newborn & family duties I'm not going
to promise anything.
> I've added a number of fuzz targets to
> https://github.com/schwehr/gdal-autotest2/tree/master/cpp and modified GDAL
> to make fuzzing more productive... e.g.
>
> https://trac.osgeo.org/gdal/changeset/37592/ adds
> FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to a driver
> https://trac.osgeo.org/gdal/changeset/37909 example fix
The autotest2 efforts are awesome, but huge'ish and without RFC(s)
and lots of work, they won't make it into GDAL any time soon, I suspect.
So, wonder if we could integrate with oss-fuzz at smaller scale:
- create /fuzzer direcotry (next to /gdal and /autotest)
- port fuzz targets only from Kurt's
https://github.com/schwehr/gdal-autotest2/blob/master/cpp/
- add minimal integration with GDAL build config for Unix
and basically follow
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md
Best regards,
--
Mateusz Loskot, http://mateusz.loskot.net
More information about the gdal-dev
mailing list