[postgis-devel] PostGIS (actually liblwgeom) integration with oss-fuzz
Even Rouault
even.rouault at spatialys.com
Thu Jul 13 02:18:51 PDT 2017
On mercredi 12 juillet 2017 18:38:24 CEST Regina Obe wrote:
> Yah I think your email has to be a gmail. I can see them, but my account is
> under gmail.
>
> And yes I think we can setup locally if we want. I think Even had
> experimented with that. We'd probably want to setup locally anyway so we
> can test out changes before we add to our fuzz list. I haven't done the leg
> work to figure out how to set up locally though and not sure when I'll have
> time to do that. Strk -- if you want to take a stab at it, I'd be so happy
> :)
There are 2 different things :
- reproduce locally a bug found by oss-fuzz. You can just build the dummy fuzzer in PostGIS
by doing
cd fuzzers
make dummyfuzzers
and it generates /tmp/wkb_import_fuzzer and /tmp/wkt_import_fuzzer
Then download the reproducer test cases from the oss-fuzz ticket and do
/tmp/wkb_import_fuzzer the_file (or /tmp/wkt_import_fuzzer the_file depending on which
fuzzer found the issue)
Possibly under Valgrind, or with a PostGIS build configured with
CFLAGS="-fsanitize=undefined,address", so as to catch the issues that don't systemetically
translate to crashes.
- fuzz the code yourself. Then you need to use the oss-fuzz Python scripts that rely on Docker
underneath. See instructions in fuzzers/README.TXT
Even
>
>
> Thanks,
> Regina
>
>
>
> -----Original Message-----
> From: postgis-devel [mailto:postgis-devel-bounces at lists.osgeo.org] On Behalf
> Of Sandro Santilli Sent: Wednesday, July 12, 2017 4:23 PM
> To: PostGIS Development Discussion <postgis-devel at lists.osgeo.org>
> Subject: Re: [postgis-devel] PostGIS (actually liblwgeom) integration with
> oss-fuzz
>
> RE: fuzzers and Google buying us all
>
> I received a few (~5) email notification about bugs found by the fuzzer. But
> when I clicked on the links I got a permission denied. Supposedly, I'd have
> to create an account on Google, and be given permission to read that
> report. Is this correct ?
>
> Can we get those fuzz tests be run by our own bots ?
> Like drone ? Drone is already docker based, if that was the problem...
>
> --strk;
> _______________________________________________
> postgis-devel mailing list
> postgis-devel at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/postgis-devel
>
> _______________________________________________
> postgis-devel mailing list
> postgis-devel at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/postgis-devel
--
Spatialys - Geospatial professional services
http://www.spatialys.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20170713/2ef53639/attachment.html>
More information about the postgis-devel
mailing list