Closed cmeister2 closed 1 year ago
Regression from #60
Looking at https://github.com/google/oss-fuzz/blob/master/projects/curl/project.yaml it appears curl
is built once a day. To get OSS-Fuzz to pick up changes more often it should be possible to set build_per_days
: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#build_frequency. I think it should help to catch regressions like this faster. It should also help to verify fixes faster. (Though I think ideally CIFuzz should prevent fuzz targets that break OSS-Fuzz builds from making it into repositories but it isn't there yet unfortunately).
Looking at https://github.com/google/oss-fuzz/blob/master/projects/curl/project.yaml it appears
curl
is built once a day. To get OSS-Fuzz to pick up changes more often it should be possible to setbuild_per_days
: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#build_frequency. I think it should help to catch regressions like this faster. It should also help to verify fixes faster. (Though I think ideally CIFuzz should prevent fuzz targets that break OSS-Fuzz builds from making it into repositories but it isn't there yet unfortunately).
I don't think we're in any special rush here.
Fair enough. It's just that apart from moving faster it makes it easier to track down changes breaking builds because they're reported on the same day. Anyway waiting for three days for build bug reports to pop up is perfectly fine as well.
Thanks, I was going to propose this because files are not only created in the output directory, they can be created anywhere
The CURLOPT_HSTS TLV causes randomly named files to be generated in the output folder when running the fuzzer. This causes issues with the overall oss-fuzz build. Removing this until we can decide how to fix the issue properly