bagder
commented
1 year ago Regression from #60
Closed cmeister2 closed 1 year ago
bagder
commented
1 year ago Regression from #60
evverx
commented
1 year ago Looking at https://github.com/google/oss-fuzz/blob/master/projects/curl/project.yaml it appears curl is built once a day. To get OSS-Fuzz to pick up changes more often it should be possible to set build_per_days: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#build_frequency. I think it should help to catch regressions like this faster. It should also help to verify fixes faster. (Though I think ideally CIFuzz should prevent fuzz targets that break OSS-Fuzz builds from making it into repositories but it isn't there yet unfortunately).
cmeister2
commented
1 year ago Looking at https://github.com/google/oss-fuzz/blob/master/projects/curl/project.yaml it appears
curlis built once a day. To get OSS-Fuzz to pick up changes more often it should be possible to setbuild_per_days: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#build_frequency. I think it should help to catch regressions like this faster. It should also help to verify fixes faster. (Though I think ideally CIFuzz should prevent fuzz targets that break OSS-Fuzz builds from making it into repositories but it isn't there yet unfortunately).
I don't think we're in any special rush here.
evverx
commented
1 year ago Fair enough. It's just that apart from moving faster it makes it easier to track down changes breaking builds because they're reported on the same day. Anyway waiting for three days for build bug reports to pop up is perfectly fine as well.
catenacyber
commented
1 year ago Thanks, I was going to propose this because files are not only created in the output directory, they can be created anywhere
The CURLOPT_HSTS TLV causes randomly named files to be generated in the output folder when running the fuzzer. This causes issues with the overall oss-fuzz build. Removing this until we can decide how to fix the issue properly