Closed arthurscchan closed 4 days ago
Hey @chrisduerr -- apologies for the impression, that was certainly not the intention.
We'd be happy to extend on the fuzzing to get a complete set up. Would you be interested in this?
With respect to the existing fuzzing being done, then is this publicly available? I saw a few PRs/Issues referencing AFL, but nothing in the code?
With respect to the existing fuzzing being done, then is this publicly available?
No. Fuzzing VTE is so trivial, it's not necessary to have a specific setup clogging up the repository. That way people can use whatever tool they're most familiar with. Considering that the parser just takes a single byte as input, it could not be any simpler really.
This PR creates a cargo fuzz directory along with a fuzzing harness. The aim is to include the utf8parse module for fuzzing under OSS-Fuzz.
Fuzzing is essentially a stress testing technique used to uncover bugs in software, and OSS-Fuzz is a free service run by Google that provides continuous fuzzing for important open-source projects. Integrating utf8parse would be beneficial in identifying potential memory corruption issues.
The only requirement for integration at this stage is an email linked to a Google account, which will be used to receive notifications when bugs are detected.
An initial integration has been submitted via https://github.com/google/oss-fuzz/pull/12627, which relies on the fuzzer being hosted upstream. This is the primary objective of this PR.