[libvirt] Should Libvirt apply for OSS-Fuzz?
Martin Kletzander
mkletzan at redhat.com
Fri Dec 2 10:08:14 UTC 2016
On Fri, Dec 02, 2016 at 09:16:26AM +0000, Daniel P. Berrange wrote:
>On Fri, Dec 02, 2016 at 10:14:22AM +0100, Martin Kletzander wrote:
>> On Fri, Dec 02, 2016 at 08:44:48AM +0100, Michal Privoznik wrote:
>> > Google announced OSS-Fuzz project [1]. It's aim is to test projects with
>> > significant user base and/or critical projects to the global
>> > infrastructure. I like to think that libvirt falls in both categories :-)
>> > You can find a list of already accepted projects here [2]. Once accepted
>> > to the project we would have to provide some scripts that build libvirt
>> > and run some tests.
>> >
>>
>> I was thinking about that too. And danpb would like that as well, I
>> guess, since he came up with the fuzzing idea for GSoC.
>>
>> > One of the disadvantages is that we have to provide a docker(!) image
>> > where the scripts would run from.
>> >
>>
>> But it's not like the whole libvirt has to be installed and running
>> there, right? It's unit-test fuzzing, it will just link against
>> libvirt.la and run random APIs (mostly public ones, I guess).
>
>You have to write test harnesses for the fuzzer, so it'll fuzz whatever
>APIs you call from your test harnesses.
>
Yeah, we choose what to do. I was elaborating on what we are going to
choose. So I take it as you like the idea?
>
>
>Regards,
>Daniel
>--
>|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
>|: http://libvirt.org -o- http://virt-manager.org :|
>|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161202/0dccff76/attachment-0001.sig>
More information about the libvir-list
mailing list