Re: [libvirt] Should Libvirt apply for OSS-Fuzz?
On Fri, Dec 02, 2016 at 10:14:22AM +0100, Martin Kletzander wrote:
On Fri, Dec 02, 2016 at 08:44:48AM +0100, Michal Privoznik wrote:
> Google announced OSS-Fuzz project [1]. It's aim is to test projects with
> significant user base and/or critical projects to the global
> infrastructure. I like to think that libvirt falls in both categories :-)
> You can find a list of already accepted projects here [2]. Once accepted
> to the project we would have to provide some scripts that build libvirt
> and run some tests.
>
I was thinking about that too. And danpb would like that as well, I
guess, since he came up with the fuzzing idea for GSoC.
> One of the disadvantages is that we have to provide a docker(!) image
> where the scripts would run from.
>
But it's not like the whole libvirt has to be installed and running
there, right? It's unit-test fuzzing, it will just link against
libvirt.la and run random APIs (mostly public ones, I guess).
You have to write test harnesses for the fuzzer, so it'll fuzz whatever
APIs you call from your test harnesses.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|