Open ennamarie19 opened 3 weeks ago
Belval
commented
3 weeks ago Hi and thank you for your interest in making pdf2image more secure. I'd be happy to merge contributions seeking to make the package more robust, that being said, due to recent events I will be refusing any binaries and any code that I cannot fully understand/audit myself.
Can you share an example of fuzz harness and build scripts?
ennamarie19
commented
3 weeks ago Totally understand! Sure thing!
Here is a fuzz harness that I wrote hosted in the upstream repository - https://github.com/collective/icalendar/tree/master/src/icalendar/fuzzing
Here is the link to what is hosted on OSS-Fuzz for this project - https://github.com/google/oss-fuzz/tree/master/projects/icalendar
Please let me know how you wish to proceed! Thank you again!
ennamarie19
commented
2 weeks ago Hi @Belval were you able to access what I shared? Thoughts?
My name is McKenna Dallmeyer and I would like to submit pdf2image to OSS-Fuzz.
If you are not familiar with the project, OSS-Fuzz is Google's platform for continuous fuzzing of Open Source Software.
In order to get the most out of this program, it would be greatly beneficial to be able to merge-in my fuzz harness and build scripts into the upstream repository and contribute bug fixes if they come up. Is this something that you would support me putting the effort into?
Thank you!