You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Robin Schimpf (Jira)" <ji...@apache.org> on 2022/11/27 10:52:00 UTC

[jira] [Created] (COMPRESS-632) Improve fuzzing coverage in oss-fuzz

Robin Schimpf created COMPRESS-632:
--------------------------------------

             Summary: Improve fuzzing coverage in oss-fuzz
                 Key: COMPRESS-632
                 URL: https://issues.apache.org/jira/browse/COMPRESS-632
             Project: Commons Compress
          Issue Type: Improvement
            Reporter: Robin Schimpf


Fuzzing the library brought great stability improvements in the last couple releases. But the current integration in oss-fuzz has only a limited scope. Fuzzing is only done on the following classes:
 * SevenZFile
 * TarFile
 * ZipFile

Additionally those fuzzing tests only open the file and are not reading the file content.

IMHO the tests should be expanded to cover the following:
 * Fuzz all supported formats (stream based and file based)
 * Read the whole fuzzed file

I don't know if it makes sense to also fuzz archive creation. The only thing which might be worth there would be the ArchiveEntries since fuzzing the file content seems useless.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)