[QGIS-Developer] Discussion on GDAL about oss-fuzz to find programming errors

Even Rouault even.rouault at spatialys.com
Wed May 10 07:32:32 PDT 2017

On mercredi 10 mai 2017 15:19:31 CEST Luigi Pirelli wrote:
> Hi
> in GDAL list [1], devs started to parse GDAL code by a google service
> to find automatically program errors.
> I didn't dig into the tool and I don't know if QGIS match requirement
> to be parsed.

oss-fuzz doesn't parse source code, but runs test programs that wrap the library 
functions to test and feed them with fuzzed inputs. So this is useful to stress test code 
that can accept arbitrary data. In QGIS that could be WKB parsers, data providers, etc...
Note that a rather annoying constraint is that all the code must be statically linked (see 


Spatialys - Geospatial professional services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20170510/1c4ee2ba/attachment-0001.html>

More information about the QGIS-Developer mailing list