-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apply to/make use of Google's OSS-Fuzz (Fuzz testing/Sanitizers) #10360
Comments
@necros2k7 We really only allow one issue/request..... (I should close it, but.......)
Elaborate on this, Do the GHA builds not suffice for you?
WIP
This is still in "ALPHA" Stage. Unsure if this is required/needed. @thalieht @FranciscoPombal thoughts? |
What`s GHA builds? |
Github Actions |
can you point to actual latest binary? |
In that list, which is sorted by time, if the middle column says "master" (or first column starts with "Merged pull request...") that is the latest change that was accepted and merged in master branch (which contains all changes since the last release). Every change comes in pairs of 2 lines. Pick the one that doesn't mention "file health", go down to "Artifacts" and dl what you want. |
Simply get the newest/latest "master" that will always appear at the top of this list from below link (this excludes the "file health"):
|
@necros2k7 This should basically cover all from #10360 (comment) except for the The @thalieht If necros2k7 creates a "new issue" for the |
Last time I posted feat.req. for OSS Fuzz on some of my favorite projects - Github tried to ban me for spam, and during week I explained what I meant with techsup., so sorry I can`t make new issue) If anyone likes pls do. |
OSS fuzz is free service as I undersand and AFL is app, so maybe it can be beneficial to merge these two into something "Fuzzing" named issue |
|
Guess we can close the other issue then. |
So I guess there is no need in OSSfuzz? Just correct AFL++ setup? |
I believe there is a need for it or to at least implement our own parts of what is on offer......
|
OSS-Fuzz: Continuous Fuzzing for Open Source Software
Apply to https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/
Fuzz testing
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.
In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.
We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.
Currently, OSS-Fuzz supports C/C++, Rust, Go and Python code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
Ref: https://github.com/google/oss-fuzz
Sanitizers
This project is the home for Sanitizers: AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer, and more The actual code resides in the LLVM repository. Here we keep extended documentation, bugfixes and some helper code.
The documentation for our tools:
AddressSanitizer (detects addressability issues) and LeakSanitizer (detects memory leaks)
ThreadSanitizer (detects data races and deadlocks) for C++ and Go
MemorySanitizer (detects use of uninitialized memory)
HWASAN, or Hardware-assisted AddressSanitizer, a newer variant of AddressSanitizer that consumes much less memory
UBSan, or UndefinedBehaviorSanitizer
Ref:https://github.com/google/sanitizers
The text was updated successfully, but these errors were encountered: