You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Yakov Shafranovich (Jira)" <ji...@apache.org> on 2023/10/17 16:09:00 UTC
[jira] [Commented] (COMPRESS-632) Improve fuzzing coverage in oss-fuzz
[ https://issues.apache.org/jira/browse/COMPRESS-632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776262#comment-17776262 ]
Yakov Shafranovich commented on COMPRESS-632:
---------------------------------------------
I have code that extends the existing oss-fuzz harness to other formats. If the Apache Compress team is interested, I can provide a PR.
> Improve fuzzing coverage in oss-fuzz
> ------------------------------------
>
> Key: COMPRESS-632
> URL: https://issues.apache.org/jira/browse/COMPRESS-632
> Project: Commons Compress
> Issue Type: Improvement
> Reporter: Robin Schimpf
> Priority: Major
>
> Fuzzing the library brought great stability improvements in the last couple releases. But the current integration in oss-fuzz has only a limited scope. Fuzzing is only done on the following classes:
> * SevenZFile
> * TarFile
> * ZipFile
> Additionally those fuzzing tests only open the file and are not reading the file content.
> IMHO the tests should be expanded to cover the following:
> * Fuzz all supported formats (stream based and file based)
> * Read the whole fuzzed file
> I don't know if it makes sense to also fuzz archive creation. The only thing which might be worth there would be the ArchiveEntries since fuzzing the file content seems useless.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)