Bug 106554

Summary: poppler: oss-fuzz integration
Product: poppler Reporter: pdknsk <pdknsk>
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: cpp

Description pdknsk 2018-05-17 16:24:58 UTC
Created attachment 139615 [details]
cpp

I'm interested if you're interested in having poppler integrated into oss-fuzz. In case you're not familiar with it, it's a Google-sponsored project for continuous fuzzing of OSS.

https://github.com/google/oss-fuzz

You may have noticed that I reported a few bugs recently, which were found in preparation for possible oss-fuzz integration.

You don't really have to do anything, other than give an email address (or multiple) with are then CC'd to bug reports found by the fuzzing system. (Only project owners can be CC'd.)

oss-fuzz reports the bugs on its own bug tracker, rather than the project's bug tracker. When a bug is fixed, oss-fuzz detects this automatically and closes the bug report.

https://bugs.chromium.org/p/oss-fuzz/issues/list

Possible optional future steps would be to host the fuzz target directly in the poppler repo (so that you can modify it yourself directly, rather than submitting PRs through GitHub). Or the addition of more fuzz targets. I only went with the cpp API so far, as it seems the easiest to integrate.

A fuzz target is just a single source file. As an example, I'm attaching the fuzz target for the cpp API I've been using.
Comment 1 Albert Astals Cid 2018-05-17 22:35:41 UTC
Sure, why not
Comment 2 GitLab Migration User 2018-08-21 10:38:58 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/poppler/poppler/issues/306.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.