Closed ennamarie19 closed 1 year ago
jmcnamara
commented
1 year ago Thanks.
Could you move it under the dev directory in the XlsxWriter source directory, i.e., dev/fuzzing.
If possible could you squash the commits into one. If not I can do it merge.
Also,could you explain how this will work in practice. Will I be able to find/verify issues locally or does it rely on OSS-Fuzz?
ennamarie19
commented
1 year ago @jmcnamara I will move it over right now.
I will also look into squashing my commits.
As for finding the issues, a nightly build of a Dockerized instance of the project is run on Google's ClusterFuzz server and will report any bugs to you via the email listed in the project.yaml in the OSSFuzz repo. PRs can then be made to resolve the errors and, once merged, the bugs would be marked as fixed after a few days of the bug not re-appearing during fuzz-testing
ennamarie19
commented
1 year ago @jmcnamara Ready for review!
jmcnamara
commented
1 year ago PRs can then be made to resolve the errors and, once merged, the bugs would be marked as fixed after a few days of the bug not re-appearing during fuzz-testing
Sounds good.
I will also look into squashing my commits.
I don't think that worked. I see 6 commits and there is duplicate code in the dev and xlsxwriter directories. Could you check again.
sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
Hello, This is a follow-on from my Issue regarding OSS-Fuzz integration. This PR introduces the source for the fuzzer. I would greatly appreciate it being merged in!
I will continue monitoring OSS-Fuzz for bugs and fix any I can in future PRs. John McNamara also has access to the OSS-Fuzz dashboard to review any security-relevant crashes that may come up.
Please let me know if anything else is needed.
Thank you!