Change History (11)
comment:1 by , 7 years ago
Cc: | added |
---|
comment:2 by , 7 years ago
comment:6 by , 7 years ago
Awesome!
I received first run report this morning. https://bugs.chromium.org/p/oss-fuzz/issues/list?q=gdal
How do we go about the issues?
I see possible ways of doing it:
- Pick and shoot as we like
- Discuss it in comments at https://bugs.chromium.org/p/oss-fuzz
- If one wants to solve GDAL issue from https://bugs.chromium.org/p/oss-fuzz, open sister Trac ticket linked to the original one, details are discussed on Trac
Once an issue is solved, are we supposed to close the bug at https://bugs.chromium.org/p/oss-fuzz ?
comment:7 by , 7 years ago
I think we can directly interact in the chromium bug database to avoid too much overhead (the downside is the lack of transparency, at least during the embargo period. But if someone wants to actively work on bugs we can always add them in the CC list !). It might be good to leave a comment in the bug entry to indicate that one has started to work on it. I think to remember to have read that the bugs are automatically closed when oss-fuzz checks out a new version of the code and sees the bug is no longer reproducible. Commit messages should include "Credit to OSS-Fuzz" as per their request, and it would be good to link to the bug URL in the commit message.
comment:8 by , 7 years ago
Indeed, it is better to go via the chromium bug database first.
- Leave a comment in (chromium database) bug entry to indicate that you work on it
- Work
- Commit a bug fix with log including "Credit to OSS-Fuzz" and bugs.chromium.org link
- Check chromium closed the bug.
comment:9 by , 7 years ago
https://github.com/google/oss-fuzz/pull/605 merged: adds expat and sqlite3 dependencies
comment:10 by , 7 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
I'm closing this ticket as it is pretty much done. I've added a fuzzers/README.TXT
comment:11 by , 7 years ago
Related projects:
- Proj.4 joined: http://lists.maptools.org/pipermail/proj/2017-May/thread.html
- Proposed for GEOS: https://trac.osgeo.org/geos/ticket/835
- Project list: https://github.com/google/oss-fuzz/tree/master/projects
I am hoping that all of the open source libraries GDAL depends on will apply to join.
I see these in the project list: curl, expat, freetype2, icu, libjpeg-turbo, libpng, postgresql, proj4, sqlite3, and zlib
Minimal infrastructure for oss-fuzz added in r38205