There is a lot of code in the BAG library, and therefore a significant risk of memory holes or other security issues. This might also reflect issues in underlying libraries including HDF5. One way to find such issues is to use fuzzing techniques. The BAG library has been accepted for testing via Google OSS-Fuzz.
Actions
Brief on the current setup for OSS-Fuzz testing, and opportunities.
Collect concerns or other suggestions for better automated testing.
Background
There is a lot of code in the BAG library, and therefore a significant risk of memory holes or other security issues. This might also reflect issues in underlying libraries including HDF5. One way to find such issues is to use fuzzing techniques. The BAG library has been accepted for testing via Google OSS-Fuzz.
Actions