You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Robin Schimpf (Jira)" <ji...@apache.org> on 2022/11/27 10:52:00 UTC
[jira] [Created] (COMPRESS-632) Improve fuzzing coverage in oss-fuzz
Robin Schimpf created COMPRESS-632:
--------------------------------------
Summary: Improve fuzzing coverage in oss-fuzz
Key: COMPRESS-632
URL: https://issues.apache.org/jira/browse/COMPRESS-632
Project: Commons Compress
Issue Type: Improvement
Reporter: Robin Schimpf
Fuzzing the library brought great stability improvements in the last couple releases. But the current integration in oss-fuzz has only a limited scope. Fuzzing is only done on the following classes:
* SevenZFile
* TarFile
* ZipFile
Additionally those fuzzing tests only open the file and are not reading the file content.
IMHO the tests should be expanded to cover the following:
* Fuzz all supported formats (stream based and file based)
* Read the whole fuzzed file
I don't know if it makes sense to also fuzz archive creation. The only thing which might be worth there would be the ArchiveEntries since fuzzing the file content seems useless.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)