[libvirt] Should Libvirt apply for OSS-Fuzz?

Martin Kletzander mkletzan at redhat.com
Fri Dec 2 09:14:22 UTC 2016

On Fri, Dec 02, 2016 at 08:44:48AM +0100, Michal Privoznik wrote:
>Google announced OSS-Fuzz project [1]. It's aim is to test projects with
>significant user base and/or critical projects to the global
>infrastructure. I like to think that libvirt falls in both categories :-)
>You can find a list of already accepted projects here [2]. Once accepted
>to the project we would have to provide some scripts that build libvirt
>and run some tests.

I was thinking about that too.  And danpb would like that as well, I
guess, since he came up with the fuzzing idea for GSoC.

>One of the disadvantages is that we have to provide a docker(!) image
>where the scripts would run from.

But it's not like the whole libvirt has to be installed and running
there, right?  It's unit-test fuzzing, it will just link against
libvirt.la and run random APIs (mostly public ones, I guess).

>What are your thoughts on this? Should we apply?

I was already reading up on it when you sent the mail, so I'd say yes.

>2: https://github.com/google/oss-fuzz
>libvir-list mailing list
>libvir-list at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161202/0266f1e8/attachment-0001.sig>

More information about the libvir-list mailing list