You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm an application security engineer at Google who contributes to Google's fuzzing efforts. I've written a simple fuzzer for QCBOR based on the ComprehensiveInputRecurser test in qcbor_decode_tests.c, and I'd like to know if you're interested in adding it directly to the QCBOR repository. Once it's in this repository, I can integrate it with OSS-Fuzz so that you automatically receive bugs that our fuzzers find -- all you'll need is an e-mail address associated with a Google account (here's why).
Please let me know if you're interested, and if so, how'd you prefer to add the file to this repository. The fuzzer itself is less than 20 lines long, but does require special CFLAGS to build
The text was updated successfully, but these errors were encountered:
Yes, I'm very interested in this. I definitely want QCBOR fuzzed on a regular basis.
I've tried to keep QCBOR very neat, portable and easy to build and integrate. For this reason, the main regression test I run is not part of the automated build system. Instead it is in a separate repository: https://github.com/laurencelundblade/qdv. I run the tests in qdv manually before each merge.
I'm not sure how your fuzzer would integrate. Maybe you could make a PR so I could see?
Aha, I hadn't realized that you kept the regression tests in a different repository. I'm happy to put the fuzzer into the qdv repository instead; we just want to ensure that the fuzzer lives with the rest of the project's tests (instead of in the OSS-Fuzz repository where it could fall out of sync with the project).
Hello!
I'm an application security engineer at Google who contributes to Google's fuzzing efforts. I've written a simple fuzzer for QCBOR based on the
ComprehensiveInputRecurser
test in qcbor_decode_tests.c, and I'd like to know if you're interested in adding it directly to the QCBOR repository. Once it's in this repository, I can integrate it with OSS-Fuzz so that you automatically receive bugs that our fuzzers find -- all you'll need is an e-mail address associated with a Google account (here's why).Please let me know if you're interested, and if so, how'd you prefer to add the file to this repository. The fuzzer itself is less than 20 lines long, but does require special
CFLAGS
to buildThe text was updated successfully, but these errors were encountered: