What do you think about setting up OSS-Fuzz for this project?
Given that aircompressor uses sun.misc.Unsafe quite a lot, it is probably important that all of this usage is safe since otherwise the JVM could crash, or worse. OSS-Fuzz might be able to help find issues with that.
For Zstd it might be necessary to add a hook to disable checksum verification, otherwise fuzzing might not be that effective there, see jazzer documentation for some information. I don't have any experience with that yet.
What do you think about setting up OSS-Fuzz for this project?
Given that aircompressor uses
sun.misc.Unsafe
quite a lot, it is probably important that all of this usage is safe since otherwise the JVM could crash, or worse. OSS-Fuzz might be able to help find issues with that.I assume aircompressor fulfills the requirements to be included into OSS-Fuzz, but that can also be clarified with the maintainers beforehand.
For Zstd it might be necessary to add a hook to disable checksum verification, otherwise fuzzing might not be that effective there, see jazzer documentation for some information. I don't have any experience with that yet.
Fuzzing with OSS-Fuzz / jazzer might not support detecting out-of-bounds
Unsafe
reads and writes yet though, see https://github.com/CodeIntelligenceTesting/jazzer/discussions/891.