You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Yakov Shafranovich (Jira)" <ji...@apache.org> on 2023/10/17 16:09:00 UTC

[jira] [Commented] (COMPRESS-632) Improve fuzzing coverage in oss-fuzz

    [ https://issues.apache.org/jira/browse/COMPRESS-632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776262#comment-17776262 ] 

Yakov Shafranovich commented on COMPRESS-632:
---------------------------------------------

I have code that extends the existing oss-fuzz harness to other formats. If the Apache Compress team is interested, I can provide a PR.

> Improve fuzzing coverage in oss-fuzz
> ------------------------------------
>
>                 Key: COMPRESS-632
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-632
>             Project: Commons Compress
>          Issue Type: Improvement
>            Reporter: Robin Schimpf
>            Priority: Major
>
> Fuzzing the library brought great stability improvements in the last couple releases. But the current integration in oss-fuzz has only a limited scope. Fuzzing is only done on the following classes:
>  * SevenZFile
>  * TarFile
>  * ZipFile
> Additionally those fuzzing tests only open the file and are not reading the file content.
> IMHO the tests should be expanded to cover the following:
>  * Fuzz all supported formats (stream based and file based)
>  * Read the whole fuzzed file
> I don't know if it makes sense to also fuzz archive creation. The only thing which might be worth there would be the ArchiveEntries since fuzzing the file content seems useless.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)