OSS-Fuzz integration

[fuzzy-boiii23a]

Hi all,

Just enquiring to see if there is interest with regards to integrating this project into OSS-Fuzz? this would allow continuous testing of this project in order to identify memory corruption vulnerabilities using google's infrastructure with no monetary cost to this project. Google's OSS-Fuzz has identified 10,000 vulnerabilities and 36,000 bugs in 1000 open source projects as per https://google.github.io/oss-fuzz/#trophies. The process can be seen at https://google.github.io/oss-fuzz/architecture/ and I'm willing to integrate this project into OSS-Fuzz and write harnesses to test key functionalities of this project.

If this is something that everyone would like to see could you please let me know and provide me with an email or two in order to receive new issues found via fuzzing? I'm also happy to support with writing patches for any issues found.

[github-actions[bot]]

Thanks for adding your first issue to Stellarium. If you have questions, please do not hesitate to contact us.

[gzotti]

Never seen this, but it looks interesting to have yet another test kit. @alex-w ?

[alex-w]

@gzotti it’s not an easy - see docs

[fuzzy-boiii23a]

@alex-w i have experience with this sort of thing so i'm more than happy complete all the effort required to get this successfully integrated and once integrated there should be no further work required from yourselves aside from receiving bug reports from the fuzzing itself which i am happy to help with regarding patching any issues found so if you're okay with it i can get started and cc either yourself or @gzotti on any issues found once integrated?

[gzotti]

If this does not require write access for you here and no further work from our side (apart from rapidly fixing newly reported bugs, or receiving your PRs with fixes), it's fine for me.

[fuzzy-boiii23a]

I won't require write access to the repo, thanks and I hope you have a great day :)